How to save VPN passwords with NetworkManger for nmcli?

password vpn network-manager 12.04

There are many posts about putting VPN passwords into /etc/NetworkManager/system-connections/<connection>. I can't get any of them working on Ubuntu 12.04. The fields in the questions and answers seem subtly different from mine. The one that came closest seemed to be: How to save VPN passwords with NetworkManger.

I'd prefer to have nmcli ask for passwords on the console instead of in a GUI widget on the desktop, but that seems impossible.

So two questions:

  1. Are the /etc/NetworkManager/system-connections/<connection> files and their fields officially documented anywhere? There seem to be many 404s for NetworkManager documentation links.
  2. What is wrong with my connection file?

Here is my conneciton file. I've tried many variations of settings in this file, but this is as close to good as I could come up with (anonymized of course):

[connection]
# Not sure if this helps or breaks anything. Fails regardless.
permissions=user:peter:;
id=My VPNC
uuid=a2cd97d5-7df1-4391-91d8-7e72931ec2de
type=vpn
autoconnect=false
timestamp=1396942441

[vpn]
service-type=org.freedesktop.NetworkManager.vpnc
NAT Traversal Mode=natt
ipSec-secret-type=save
IPSec secret-flags=0
xauth-password-type=save
Vendor=cisco
Xauth username=user
IPSec gateway=1.2.3.4
XAuth password-flags=0
IPSec ID=Ipsec
Perfect Forward Secrecy=server
IKE DH Group=dh2

[vpn-secrets]
XAuth password=password
IPSec secret=grouppassword

[ipv4]
method=auto

Permissons: 

> ls -l /etc/NetworkManager/system-connections/My\ VPNC 
-rw------- 1 root root 527 Apr  8 10:11 /etc/NetworkManager/system-connections/My VPNC

Running it gives:

> sudo nmcli con up id  'My VPNC'
Active connection state: unknown
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/44
state: VPN connecting (need authentication) (2)
Error: Connection activation failed: no valid VPN secrets.

Edit: Here is another similar post (about Openconnect VPN though): How can I get NetworkManager to autoconnect to a Openconnect VPN via nmcli without prompting for a user and password


Solution 1:

When you set up your VPN connection through the GUI the password is saved in the key-ring. If you save your password in the connection file, like this:

sudoedit /etc/NetworkManager/system-connections/MyConnectionExampleName

in this file:

    # 1 here means key-ring I  think, but with 0, the password below is  used
    [vpn]
    password-flags=0
    cert-pass-flags=0

    [vpn-secrets]
    password=my_secret_password
    cert-pass=my_secret_certificate_password

Solution 2:

In terms of resolving the simple password secret error in 16.04, you only need the two lines:

[vpn-secrets]
password=my_secret_password

I'd only touch/add other lines if necessary

Solution 3:

I had the same problem, /var/log/messages was registering a message where NetworkManager complained about invalid properties. After I removed the flag and type properties and left only [vpn-secrets] records, connection could be established.

ipSec-secret-type=save
IPSec secret-flags=0
xauth-password-type=save
XAuth password-flags=0

Package I have installed:

NetworkManager-0.8.1-66.el6.x86_64

Result:

[connection]
id=My VPNC
uuid=a2cd97d5-7df1-4391-91d8-7e72931ec2de
type=vpn
autoconnect=false
timestamp=1396942441

[vpn]
service-type=org.freedesktop.NetworkManager.vpnc
NAT Traversal Mode=natt
Vendor=cisco
Xauth username=user
IPSec gateway=1.2.3.4
IPSec ID=Ipsec
Perfect Forward Secrecy=server
IKE DH Group=dh2

[vpn-secrets]
XAuth password=password
IPSec secret=grouppassword

[ipv4]
method=auto

Solution 4:

I would not change GUI generated config-files. Next time you make a click in the GUI your manual entries are gone. Also a system update may brake it.

You could try the following:

  • Allow to run sudo nmcli without password:

    Create a file /etc/sudores.d/mynmcli (filename doesn't matter)

    Host_Alias HOST = YOURHOSTNAME
Cmnd_Alias NMCLI    = /usr/bin/nmcli
YOURHOSTNAME HOST=(root) NOPASSWD:NMCLI

  • Create a password file with:

    vpn.secrets.Xauth password:PASSWORD
vpn.secrets.IPSec secret:SHAREDSECRET

    Now you can run the following line in a script which is handled by corn:

    sudo nmcli con up id YOURVPN passwd-file /path/to/your/file

    (To find YOURVPN type "nmcli con")

Works for me on Ubuntu 16.10.

Solution 5:

Do what Wolf said. Save the file.

Then type

sudo service network-manager restart

and hit Enter.

Now your changes are in effect.

Related

Postgresql server not started in ubuntu 14.04
Disk slowly filling up but no visible file size changes
How do you protect Ubuntu login?
Unable to access internet on Vmware
Can I switch between two users in a single click?
Where is the login shell defined?
System Monitor : How to display net speed on panel
Ubuntu for bank dev employees [closed]
How To Hide Mounted Drives From Ubuntu 18.04 Desktop?
How drop an audio stream using avconv?
How to change the framerate of a video without reencoding
Status of Ubuntu for Lenovo Thinkpad Yoga