This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

I'm having this exact same issue. Any chance for a patch? Thanks.

I just got around to installing F11 and I see the same problem with the VPNC plugin.  I am able to use vpnc CLI to complete the VPN connection.  Any updates from developers?

It appears from reading the NM mailing list that a simple "service NetworkManager restart" solves the problem.

Created attachment 358365 [details]
Patches NetworkManager-vpnc policy settings

Patch with the following command:

sudo patch -p0 < nm-vpnc-service-conf-497454.patch

Restart NetworkManager:

sudo /sbin/service NetworkManager restart

If it doesn't work immediately, you may need to reboot.  It should work after that.

Created attachment 358377 [details]
New Patch, Please read carefully

This patch fixes a mistake in the one previously posted.  This is based on the Ubuntu solution http://www.matejunkie.com/how-to-fix-networkmanagers-openvpn-plugin-in-ubuntu-904/ and modified to implement "at_console" correctly.

I recommend applying the patch manually by editing /etc/dbus-1/system.d/nm-vpnc-service.conf and adding the new policy between the other two.  I ran into issues where the system bus service would not start after applying the patch due to permissions issues.  If this happens to you because of applying the previous patch, delete /etc/dbus-1/system.d/nm-vpnc-service.conf and reboot, then reinstall NetworkManager-vpnc and apply the patch manually.

The effect this patch has is to grant anyone with access to the console access to the nm-vpnc service.  I think this is acceptable under most circumstances.  Another option would be to give permission to a group, such as dialout, and add individual users to that group.

(In reply to comment #6)
> Created an attachment (id=358377) [details]
> New Patch, Please read carefully
> 
> This patch fixes a mistake in the one previously posted.  This is based on the
> Ubuntu solution
> http://www.matejunkie.com/how-to-fix-networkmanagers-openvpn-plugin-in-ubuntu-904/
> and modified to implement "at_console" correctly.

I don't believe this is a correct fix, because the VPN service should only be accessible by root.  There is nothing a normal user, even at_console can do about it.  Root is not considered "at_console" in Fedora; that is specific to Ubuntu and OpenSUSE actually.

> I recommend applying the patch manually by editing
> /etc/dbus-1/system.d/nm-vpnc-service.conf and adding the new policy between the
> other two.  I ran into issues where the system bus service would not start
> after applying the patch due to permissions issues.  If this happens to you
> because of applying the previous patch, delete
> /etc/dbus-1/system.d/nm-vpnc-service.conf and reboot, then reinstall
> NetworkManager-vpnc and apply the patch manually.

That's due to a dbus bug, you'd only really need to 'killall -HUP dbus-daemon' to get it to re-read the permissions files actually.

What version of D-Bus are people running?  There were a few issues with dbus permissions before July 2009 in Fedora.

Hi Dan. I'm seeing it in 
dbus-libs-1:1.2.12-2.fc11 (i586)
(i.e. current up-to-date fc11). I'll be upgrading to f12 next week, will confirm whether it's still there.

I'm puzzled by your comment:

"...because the VPN service should only be accessible by root.  There is nothing a normal user, even at_console can do about it..."

The Network Manager GUI never asks me for a root password, so I assume it is running in user space. If the VPN service is only accessible by root, how does Network Manager create/modify VPN configuration? (apologies for any misunderstandings in this, just trying to figure out for myself how this is working).

(In reply to comment #8)
> Hi Dan. I'm seeing it in 
> dbus-libs-1:1.2.12-2.fc11 (i586)
> (i.e. current up-to-date fc11). I'll be upgrading to f12 next week, will
> confirm whether it's still there.
> 
> I'm puzzled by your comment:
> 
> "...because the VPN service should only be accessible by root.  There is
> nothing a normal user, even at_console can do about it..."
> 
> The Network Manager GUI never asks me for a root password, so I assume it is
> running in user space. If the VPN service is only accessible by root, how does
> Network Manager create/modify VPN configuration? (apologies for any
> misunderstandings in this, just trying to figure out for myself how this is
> working).  

nm-applet (user level) stores your configuration, and sends it to NetworkManager (root level).  NetworkManager then starts up the nm-vpnc-service daemon (also root level) and tells it to  make the connection with the configuration from nm-applet.  So the communication between NetworkManager and nm-vpnc-service is not an API that normal users ever touch; it's completely between two root-level processes.

Can anyone with this issue also provide the output of:

find /etc/ConsoleKit

for me?  Thanks!

I'm having this issue after the latest batch of updates from redhat.  For me however, the problem is with a pptp vpn connection.

I've tried the solution in Bug 50896, (restart dbus) but it has no effect.

$ rpm -q dbus
dbus-1.2.16-9.fc12.i686

$ rpm -qa | grep NetworkManager
NetworkManager-0.7.997-2.git20091214.fc12.i686
NetworkManager-openvpn-0.7.996-4.git20090923.fc12.i686
NetworkManager-pptp-0.7.996-4.git20090921.fc12.i686
NetworkManager-gnome-0.7.997-2.git20091214.fc12.i686
NetworkManager-vpnc-0.7.996-4.git20090921.fc12.i686
NetworkManager-glib-0.7.997-2.git20091214.fc12.i686

$ find /etc/ConsoleKit
/etc/ConsoleKit
/etc/ConsoleKit/run-seat.d
/etc/ConsoleKit/run-session.d
/etc/ConsoleKit/seats.d
/etc/ConsoleKit/seats.d/00-primary.seat

Hi, I'm Getting the same issue after the latest patch.

Sorry, I was unable to check this earlier because my machines were quite a few thousand km away, then I hit problems with f11-f12 upgrades. However the problem seems to have disappeared for me in f12.

Hi, I have the issue in the f12, before the latest patch, I was able to make VPN connection through pptp using the NetworkManager. Right now it says that "failed because VPN secrets are invalid". 

I already verify my user and password in the VPN and they are correct

I am getting this too.  Downgrading to ppp-2.4.4-13.fc12.x86_64 fixes this.

Thanks for the tip Craig, Downgrading to ppp-2.4.4-13.fc12.x84_64 works for me too

excellent, thanks Craig, downgraded, and it works like a charm again.

The latest set of Fedora 12 updates fixed this too.  I'm back to the new ppp.

This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 11 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Original reporter:  are you possibly using certificates with your connection, and do you have an unencrypted private key?

I am seeing this with NetworkManager / OpenVPN. If I export the configuration and call openvpn directly, it works fine.

I should mention, I am using latest F13.

There was one case that I just fixed last night for this where:

1) you are using plain "Certificates TLS", *not* Passwords + Certificates
2) your private key is not encrypted

If this is your configuration, then I'd expect the current packages to still be broken, and I have fixed this upstream and will push out an update soon.

Second, PKCS#8 private keys (which start with -----BEGIN ENCRYPTED PRIVATE KEY-----) were not recognized and thus weren't usable; that's been fixed too and is bug #581992.

I tested NetworkManager-openvpn-0.8-2.git20100411.fc12.i686, my private key is encrypted... here's the exported config:
--- cut ---
client
remote 192.2.1.1
ca /home/***/ca.crt
cert /home/***/***.crt
key /home/***/***.key
comp-lzo yes
dev tap
proto udp
tls-auth /home/***/ta.key 1
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user openvpn
group openvpn
--- cut ---
I get:
--- cut ---
May 16 15:43:37 *** NetworkManager[1287]: <info> VPN connection '***' (Connect) reply received.
May 16 15:43:37 *** NetworkManager[1287]: <warn> VPN connection '***' failed to connect: 'No VPN secrets!'.
May 16 15:43:37 *** NetworkManager[1287]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
--- cut ---
Downgrading to NetworkManager-openvpn-0.7.996-4.git20090923.fc12.i686 fixes it. I also downgraded NetworkManager (too big icons in KDE) and just restarted NetworkManager.

Can you paste in the top 3 lines of your private key?  Anything up to the gobbledegook that looks like "MIIE6TAbBgkqhkiG9w0BBQMwDgQI0kWoJQEcM1sCAggABIIEyEH/1x0vBJ8+ylef"

Having the same issue;

F13 - all updates applied. 

Installed Packages
NetworkManager.i686              1:0.8.1-0.1.git20100510.fc13   @fedora         
NetworkManager-glib.i686         1:0.8.1-0.1.git20100510.fc13   @fedora         
NetworkManager-gnome.i686        1:0.8.1-0.1.git20100510.fc13   @fedora         
NetworkManager-openconnect.i686  0.8.0-1.git20100411.fc13       @updates-testing
NetworkManager-openvpn.i686      1:0.8-2.git20100411.fc13       @updates-testing
NetworkManager-pptp.i686         1:0.8.0-1.git20100411.fc13     @updates-testing
NetworkManager-vpnc.i686         1:0.8.0-1.git20100411.fc13     @fedora         

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC3/kf0a1WWl/+Yv5vXMVPPGvJYnZ9GMWnct5qje10uQY6zLdTl
SKvLQKri3LjDKV73Rv5MFKWPmM+UROG1jwpzCY0sgzUYRknf5r/FhyZKc3DTSbDl
1p8FnRm+gORMFp6RSlMRi6c9oF+mVJYvYKsw0jV7yXBsmGFXNuetu7Zg7QIDAQAB
-snip-

Messages;
May 24 08:46:33 zoidburg NetworkManager[1652]: <info
workManager.openvpn'...
May 24 08:46:33 zoidburg NetworkManager[1652]: <info
er.openvpn' started (org.freedesktop.NetworkManager.
May 24 08:46:33 zoidburg NetworkManager[1652]: <info
er.openvpn' appeared, activating connections
May 24 08:46:33 zoidburg NetworkManager[1652]: <info
May 24 08:46:33 zoidburg NetworkManager[1652]: <info
May 24 08:46:33 zoidburg NetworkManager[1652]: <info
ceived.
May 24 08:46:33 zoidburg NetworkManager[1652]: <warn
 'No VPN secrets!'.
May 24 08:46:33 zoidburg NetworkManager[1652]: <info
t for IPv4 routing and DNS.

I got this issue on my fedora13. Solved (as a current workaround) with this recipe: https://bugs.launchpad.net/ubuntu/+source/network-manager-vpnc/+bug/360818/comments/97

patch available at: http://launchpadlibrarian.net/36995728/dont-check-secrets-for-tls-connection-type.patch

see https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/453807

(In reply to comment #22)
> There was one case that I just fixed last night for this where:
> 
> 1) you are using plain "Certificates TLS", *not* Passwords + Certificates
...snip...
> 
> If this is your configuration, then I'd expect the current packages to still be
> broken, and I have fixed this upstream and will push out an update soon.

Dan,

Is there an updated rpm for this available for download yet? Could you push out this update?

- Mike

Never mind. I built it from git, and it does solve my problem.

- Mike

Should be fixed upstream by:

commit 45897f7b5e3541a74f56444cbfc828403bfff040
Author: Dan Williams <dcbw>
Date:   Mon May 3 23:05:53 2010 -0700

    core: fix handling of unencrypted private keys for TLS connections
    

we just need a rebuild and update for F13.

NetworkManager-openvpn-0.8.1-0.1.git20100609.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/NetworkManager-openvpn-0.8.1-0.1.git20100609.fc13

NetworkManager-openvpn-0.8.1-0.1.git20100609.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/NetworkManager-openvpn-0.8.1-0.1.git20100609.fc12

NetworkManager-openvpn-0.8.1-0.1.git20100609.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update NetworkManager-openvpn'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/NetworkManager-openvpn-0.8.1-0.1.git20100609.fc13

NetworkManager-openvpn-0.8.1-0.1.git20100609.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update NetworkManager-openvpn'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/NetworkManager-openvpn-0.8.1-0.1.git20100609.fc12

Just updated to 

NetworkManager-openvpn.i686      1:0.8.1-0.1.git20100609.fc13   @updates-testing

and this resolves this issue.

NetworkManager-openvpn-0.8.1-0.1.git20100609.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

NetworkManager-openvpn-0.8.1-0.1.git20100609.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.