Bug ID 1207079
Summary plasma-nm5-openconnect crashes kded5 when connecting to AnyConnect VPN
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware x86-64
OS openSUSE Tumbleweed
Status NEW
Severity Major
Priority P5 - None
Component KDE Workspace (Plasma)
Assignee opensuse-kde-bugs@opensuse.org
Reporter joe.elusive@protonmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Overview:

When connecting to (previously working) AnyConnect vpn (using
plasma-nm5-openconnect), after accepting self-signed server cert (popup window
with "Signer not found" message), nm-applet window just crashes, netwokmanager
logs

<warn>  [1673529893.2478]
vpn[0x55fb7065a750,682c8bfb-8073-4b39-987b-a5cb5adeebc1,"my-vpn-name"]:
secrets: failed to request VPN secrets #3: No agents were available for this
request

Launching kded5 manually, to check logs, yields logs attached at the bottom.

Connecting to vpn from cli (using openconnect vpn.myserver.invalid) works as
expected

If "Debug log" checkbox selected when connecting via applet, it yields:
Connected to A.B.C.D:443
SSL negotiation with vpn.myserver.invalid
Server certificate verify failed: signer not found
The size of the provided fingerprint is less than the minimum required (4)


At the same time, connecting with cli openconnect doesn't log 
"The size of the provided fingerprint is less than the minimum required (4)",
and gives

POST https://vpn.myserver.invalid/
Connected to A.B.C.D:443
SSL negotiation with vpn.myserver.invalid
Server certificate verify failed: signer not found

Certificate from VPN server "vpn.myserver.invalid" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:SOME_BASE64_STRING
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on vpn.myserver.invalid with ciphersuite
(TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM)


Steps to Reproduce: 

    1) Create an openconnect vpn profile in nm-applet, with Cisco AnyConnect
protocol and vpn gateway specified 
    2) Connect to said vpn, via tray icon on nm-applet ui
    3) After pressing Connect button, accept or cancel popup window with
"Signer not found" message

Actual Results:

    kded5 crashes, window closes, vpn connection is not established

Expected Results:

    vpn connects

Build Date & Hardware:
    Tumbleweed version: 20230110, fully updated at the time of report
    Hardware: Lenovo Ideapad 5, AMD Ryzen 5 5600U
    Bug start date: Somewhere in the end of December, unfortunately i haven't
noted the first time it occured 
    Relevant packages and versions:
       plasma-nm5-openconnect-5.26.5-1.1.x86_64
       plasma-nm5-5.26.5-1.1.x86_64
       NetworkManager-openconnect-lang-1.2.8-2.1.noarch
       openconnect-bash-completion-9.01-1.1.noarch
       openconnect-9.01-1.1.x86_64
       libopenconnect5-9.01-1.1.x86_64
       NetworkManager-1.40.8-1.1.x86_64
       NetworkManager-openconnect-1.2.8-2.1.x86_64


Additional Information: 

- manjaro bug, that might be relevant:
https://forum.manjaro.org/t/pan-vpn-connection-fails-after-an-update-again/125940

- At the same time, openconnect connected to PAN GlobalProtect VPN works as
expected on same machine.

kded5 logs:

print-manager.kded: unable to register service to dbus
org.kde.libkbolt: Failed to connect to Bolt manager DBus interface: 
org.kde.bolt.kded: Couldn't connect to Bolt DBus daemon
xsettingsd: Reloading configuration
xsettingsd: Loaded 0 settings from /home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 0 settings from /home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
Installing the delayed initialization callback.
org.kde.plasma.dataengine.geolocation: gpsd not found
"location"
Delayed initialization.
Reloading the khotkeys configuration
Version 2 File!
true
Imported file "/usr/share/khotkeys/defaults.khotkeys"
Imported file "/usr/share/khotkeys/kde32b1.khotkeys"
Imported file "/usr/share/khotkeys/konqueror_gestures_kde321.khotkeys"
Registering ":1.87/StatusNotifierItem" to system tray
Registering "org.kde.StatusNotifierItem-3-1/StatusNotifierItem" to system tray
kf.bluezqt: PendingCall Error: "The name org.bluez.obex was not provided by any
.service files"
Registering ":1.77/StatusNotifierItem" to system tray
Registering ":1.49/StatusNotifierItem" to system tray
Initializing  "/usr/lib64/qt5/plugins/plasma/kcms/systemsettings/kcm_fonts.so"
Registering "org.kde.StatusNotifierHost-1801" as system tray
org.kde.plasma.nm.kded: Unhandled VPN connection state change:  2
QLayout: Attempting to add QLayout "" to QWidget "", which already has a layout
KCrash: Attempting to start /usr/bin/kded5
KCrash: Application 'kded5' crashing...
KCrash: Attempting to start /usr/libexec/drkonqi
QSocketNotifier: Invalid socket 6 and type 'Read', disabling...
QSocketNotifier: Invalid socket 20 and type 'Read', disabling...
QSocketNotifier: Invalid socket 48 and type 'Read', disabling...
kf.notifications: env says KDE is running but SNI unavailable -- check
KDE_FULL_SESSION and XDG_CURRENT_DESKTOP
kf5idletime_kwayland: This plugin does not support polling idle time
print-manager.kded: unable to register service to dbus
org.kde.libkbolt: Failed to connect to Bolt manager DBus interface: 
org.kde.bolt.kded: Couldn't connect to Bolt DBus daemon
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 0 settings from /home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 0 settings from /home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
xsettingsd: Reloading configuration
xsettingsd: Loaded 11 settings from
/home/joe/.config/xsettingsd/xsettingsd.conf
Installing the delayed initialization callback.
org.kde.plasma.dataengine.geolocation: gpsd not found
"location"
Delayed initialization.
Reloading the khotkeys configuration
Version 2 File!
true
Imported file "/usr/share/khotkeys/defaults.khotkeys"
Imported file "/usr/share/khotkeys/kde32b1.khotkeys"
Imported file "/usr/share/khotkeys/konqueror_gestures_kde321.khotkeys"
Registering "org.kde.StatusNotifierHost-1801" as system tray
Registering "org.kde.StatusNotifierItem-3-1/StatusNotifierItem" to system tray
Registering ":1.87/StatusNotifierItem" to system tray
kf.bluezqt: PendingCall Error: "The name org.bluez.obex was not provided by any
.service files"
Registering ":1.175/StatusNotifierItem" to system tray
Registering ":1.49/StatusNotifierItem" to system tray
Registering ":1.77/StatusNotifierItem" to system tray
Initializing  "/usr/lib64/qt5/plugins/plasma/kcms/systemsettings/kcm_fonts.so"
[1]  + 14914 suspended (signal)  kded5

org.kde.plasma.nm.kded: Unhandled VPN connection state change:  2
QLayout: Attempting to add QLayout "" to QWidget "", which already has a layout
Unable to find file for pid 14914 expected at "kcrash-metadata/14914.ini"
QSocketNotifier: Invalid socket 54 and type 'Read', disabling...
QSocketNotifier: Invalid socket 56 and type 'Read', disabling...
Unable to start Dr. Konqi
Re-raising signal for core dump handling.
Service  ":1.175" unregistered

[1]  + 14914 segmentation fault (core dumped)  kded5

You are receiving this mail because: