OpenConnect and OpenVPN no response

[Sawrz]

Hi,
First, thank you for that great tool. I appreciate your effort!

My issue here is two-fold:
The OpenVPN connection uses a certificate and stores already the username. So, it should ask for the password, which it does with nmtui. However, after hitting enter in dmenu, nothing happens. So far, I understood within the code, it should ask for a prompt, right?

OpenConnect is a bit different, and it may never work with my configuration. It's the VPN to my university network, so besides needing a certificate, it asks for username and password—no option to store the credentials in the config, as far as I know. Maybe you have an idea here, which would be great. However, the same goes here as well: Hitting enter closes the menu, and nothing happens.

The prompt works for WiFi passphrases. The VPNs work either with
nmcli connection up openvpnconnection
and
nmcli connection up ciscoopenconnectconnection --ask

nmtui freezes with the ciscoopenconnectconnection.

Thanks,
Sandro

[firecat53]

#48 has been open for quite awhile...I'll have to check if the dbus options exist now for creating the VPN connections because they did not used to exist.

[firecat53]

Hmmm, looks like this might be possible now:

https://lazka.github.io/pgi-docs/index.html#NM-1.0/classes/SettingVpn.html%23NM.SettingVpn

PR's welcome, but I'll poke at it when I have a chance! VPN's definitely up the complexity because there's multiple types (openvpn, wireguard, openconnect, etc.).

In the meantime, you can manually create an openvpn profile, or use an existing one created with nm-connection-editor. Example for openvpn with Private Internet Access:

[connection]
id=US Seattle
uuid=xxxx-xxx-xxx-xxx
type=vpn
autoconnect=false
permissions=
timestamp=1531939268

[vpn]
auth=SHA256
ca=/etc/openvpn/ca.rsa.4096.crt
cipher=AES-256-CBC
comp-lzo=adaptive
connection-type=password
crl-verify-file=/etc/openvpn/crl.rsa.4096.pem
dev=tun
dev-type=tun
password-flags=0
remote=us-seattle.privateinternetaccess.com:1197
remote-cert-tls=server
reneg-seconds=0
username=xxxxxxx
service-type=org.freedesktop.NetworkManager.openvpn

[vpn-secrets]
password=xxxxxxx

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy

[firecat53]

I looked at this some more today. IMO, adding the ability to add a VPN connection via dmenu is not going to be particularly user friendly and is going to add significant length and complexity to the code.

It may be possible to detect if a VPN connection just needs a password to connect and prompt for a password from a process_vpn method similar to the process_ap method. However, I don't have any VPN connections (I just use wireguard) that I could test this with. I'm also not immediately seeing a VPN flag for secrets similar to get_wpa_flags for wireless.

Any takers?