Bug 1628946

Summary: nmcli can't establish VPN connection using passwd-file
Product: Red Hat Enterprise Linux 7 Reporter: Thomas Haller <thaller>
Component: NetworkManagerAssignee: Thomas Haller <thaller>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.6CC: alexl, atragler, bgalvani, dcbw, extras-qa, fgiudici, john.j5live, lkundrak, lmiksik, lrintel, mclasen, rhughes, rkhan, rstrode, sandmann, sukulkar, thaller, vashirov, vbenes
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: NetworkManager-1.12.0-6.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1628833 Environment:
Last Closed: 2018-10-30 11:15:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1628833    
Bug Blocks:    

Description Thomas Haller 2018-09-14 13:21:22 UTC 
+++ This bug was initially created as a clone of Bug #1628833 +++

Description of problem:
After upgrade to F29 I can no longer establish VPN connection using passwd-file, because the format has changed from 'vpn.secrets.password:' to 'vpn.secret.password:'.

Version-Release number of selected component (if applicable):
NetworkManager-1.12.2-2.fc29.x86_64
NetworkManager-openvpn-1.8.4-2.fc29.x86_64

How reproducible:
always

Steps to Reproduce:
1. Setup OpenVPN connection with connection-type = password, password-flags = 2
2. nmcli con up id "OpenVPN" passwd-file /path/to/pwdfile


Actual results:
$ nmcli con up id "OpenVPN" passwd-file /path/to/pwdfile
A password is required to connect to 'OpenVPN'.
Warning: password for 'vpn.secret.password' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets

$ nmcli con show "OpenVPN" | grep vpn.secret
vpn.secrets:                            <hidden>

$ cat /path/to/pwdfile
vpn.secrets.password:hunter2


Expected results:
VPN connection should be established successfully.

Additional info:
If I change the contents of pwdfile to be
vpn.secret.password:hunter2

it works. But this is a regression from the previous version and it breaks backward compatibility.

--- Additional comment from Thomas Haller on 2018-09-14 05:47:07 EDT ---

fix here: https://github.com/NetworkManager/NetworkManager/pull/201

--- Additional comment from Thomas Haller on 2018-09-14 09:20:25 EDT ---

fixed upstream in

master: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=5815ae8c60961f088e4e54b41ddf8254cb83574a
nm-1-14: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=6bfab6796f064c4f878e05476a60cd59fa8bf11e
nm-1-12: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=10888abe96fedd3d6c5b99faea76465522f8e8e9
Comment 4 errata-xmlrpc 2018-10-30 11:15:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3207