Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connecting to VPN has no effect on Debian testing "Bullseye" #133

Open
wandering-tales opened this issue Aug 27, 2020 · 20 comments
Open

Connecting to VPN has no effect on Debian testing "Bullseye" #133

wandering-tales opened this issue Aug 27, 2020 · 20 comments

Comments

@wandering-tales
Copy link

I'm actually using OpenFortiGUI v0.9.2-1 on my Debian testing "Bullseye" system, installed from the https://apt.iteas.at/iteas APT repository for "buster" distribution.

Clicking on "Connect" button does not have any effect. The underlying cause can be found in the logs:

sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

This looks like a long time recurrent error in Debian and Debian based distros (e.g. Ubuntu), and I detected its occurrence is intermittent between versions: the errors seems to be fixed in certain versions and then reappears in new ones.

The setting "SUDO -E Option" is already enabled. It is enabled by default.

I already tried several times to clean up the program configuration in my home dir.
@angela-d
Copy link

I recently just upgraded from stretch to buster and found simply having the SUDO -E option had no effect.

My /etc/sudoers wasn't taking /etc/sudoers.d into effect, perhaps the same issue for you?

I posted my openfortigui notes - maybe it will be of some help?

@k-dahl
Copy link

k-dahl commented Sep 8, 2020

On Linux Mint 20/Cinnamon I am not seeing any effect when clicking on Connect, nothing in logs at all, nothing in the shell that the app is launched from. No difference with sudo.

@angela-d
Copy link

angela-d commented Sep 10, 2020
edited
Loading

If you run openfortigui in terminal, what happens?

(Type it into a command-line terminal, don't use the GUI button)

@theinvisible
Copy link
Owner

I'm actually using OpenFortiGUI v0.9.2-1 on my Debian testing "Bullseye" system, installed from the https://apt.iteas.at/iteas APT repository for "buster" distribution.

Clicking on "Connect" button does not have any effect. The underlying cause can be found in the logs:

sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

This looks like a long time recurrent error in Debian and Debian based distros (e.g. Ubuntu), and I detected its occurrence is intermittent between versions: the errors seems to be fixed in certain versions and then reappears in new ones.

The setting "SUDO -E Option" is already enabled. It is enabled by default.

I already tried several times to clean up the program configuration in my home dir.

This sudo message simply mean there is no matching sudo rule for openfortigui found and so it trys to ask for a password interactively which is not possible in this case as there is no input terminal available.

In short: Something is wrong with your sudo configuration. You can try to copy the contents of /etc/sudoers.d/openfortigui into /etc/sudoers and try again. But as Bullseye is not really released now it can also be some OS bug.

@k-dahl
Copy link

k-dahl commented Sep 10, 2020

If you run openfortigui in terminal, what happens?

(Type it into a command-line terminal, don't use the GUI button)

I was running it in the command line terminal, there was just no output there whatsoever. I did find the logs though. I suspect this issue may be because Linux Mint 20 changes the name of the release to no longer match Ubuntu (it's 'ulyana' now but based on Ubuntu 'focal'). This was just starting the gui and clicking on connect on the one entry I have added:

Sep. 10 09:29:01 openfortiGUI::Debug: "start-main::"
Sep. 10 09:29:01 openfortiGUI::Debug: using qt5ct plugin
Sep. 10 09:29:01 openfortiGUI::Debug: D-Bus global menu: no
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddVPN_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteVPN_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditVPN_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyVPN_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddGroup_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteGroup_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditGroup_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyGroup_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished()
Sep. 10 09:29:01 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished()
Sep. 10 09:29:01 openfortiGUI::Debug: D-Bus system tray: yes
Sep. 10 09:29:01 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/blitzd/.openfortigui/vpnprofiles/work.conf"
Sep. 10 09:29:01 openfortiGUI::Debug: MainWindow::refreshVpnProfileList() -> vpnprofiles found:: "work"
Sep. 10 09:29:01 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/blitzd/.openfortigui/vpnprofiles/work.conf"
Sep. 10 09:29:01 openfortiGUI::Debug: OS not affected by SUDO-Preserve-Env fix or no supported OS found, osname:: "ulyana"
Sep. 10 09:29:05 openfortiGUI::Debug: active-tab:: 0
Sep. 10 09:29:05 openfortiGUI::Debug: start vpn: "work" active-tab:: 0
Sep. 10 09:29:05 openfortiGUI::Debug: Start vpn:: "work"
Sep. 10 09:29:05 openfortiGUI::Debug: add logger "/home/blitzd/.openfortigui/main.conf"
Sep. 10 09:29:05 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/blitzd/.openfortigui/vpnprofiles/work.conf"
Sep. 10 09:29:05 openfortiGUI::Debug: vpnManager::onClientConnected()
Sep. 10 09:29:05 openfortiGUI::Debug: client api helo command:: 0 ::name:: "work"
Sep. 10 09:29:05 openfortiGUI::Debug: client disconnected:: "work"
Sep. 10 09:29:05 openfortiGUI::Debug: vpnManager::onClientVPNStatusChanged() "work" status 0
Sep. 10 09:29:05 openfortiGUI::Debug: MainWindow::onClientVPNStatusChanged:: "work" ::status:: 0
Sep. 10 09:29:05 openfortiGUI::Debug: VPN process  "work"  error occurred!
Sep. 10 09:29:05 openfortiGUI::Debug: VPN process  "work"  finished!

There was no effect within the GUI, and the VPN didn't connect.

I am otherwise able to connect openfortivpn with the same values I am using via the CLI.

@k-dahl
Copy link

k-dahl commented Sep 10, 2020

I suspect for Mint 20 this list also needs to include 'ulyana':

f84df66#diff-679ac72c3b2af32ee1c0fa28feb4dbedR1171

Output of lsb_release -c on Mint 20:

No LSB modules are available.
Distributor ID:	Linuxmint
Description:	Linux Mint 20
Release:	20
Codename:	ulyana

They used to mirror the Ubuntu releases they were based on, but it appears they stopped doing that somewhere along the way.

@angela-d
Copy link

From your logs:

OS not affected by SUDO-Preserve-Env fix or no supported OS found, osname:: "ulyana"

@blitzd I've not used Mint with Openfortigui, but what theinvisible posted to OP may affect you, as well.

Have you checked my notes? We may be on a different system, but I fiddle with my overall setup quite a bit so what affects me may be similar for others with non standard/"supported" setups, too.

@edmundlaugasson
Copy link

edmundlaugasson commented Oct 27, 2020
edited
Loading

Having same issue:

  • used https://apt.iteas.at/ repository, as we need a repository to update software in a more trusted and faster way
  • having Linux Mint 20 Cinnamon
  • nothing happens, when trying to connect
  • OpenFortiGUI v0.9.3
  • logs are empty, even after trying to connect

Any solution?

At the same time Linux Mint 19.3 MATE it works. I also notice, that trusted certification is not available in Linux Mint 20 Cinnamon.

Currently found a workaround:

  • run OpenFortiGUI via sudo (with root permissions)
  • configure connection
  • connect - now it asks certificate properly and connects
  • run OpenFortiGUI again as regular user
  • now it connects also here
  • then used SUDO -E option from OpenFortiGUI settings and then also certificate as regular user received and now works also as regular user
  • then you can delete all configuration, profiles under sudo permissions and use these under regular user only as it should be

@wandering-tales
Copy link
Author

@angela-d Sorry for the late reply. I retried again today after a long time and the error disappeared. I'm still not able to connect to my VPN because the program doesn't prompt me to insert the OTP, but that's another issue.

I checked my sudoers file, as you suggested, and the sudoers dir is correctly included:

# See sudoers(5) for more information on "@include" directives:

@includedir /etc/sudoers.d

In my /etc/sudoers.d/ dir I have a openfortigui file with the following content:

%sudo  ALL=NOPASSWD:SETENV: /usr/bin/openfortigui --start-vpn *

My current openfortigui version is 0.9.3.

@scrlkx
Copy link

scrlkx commented Aug 6, 2021
edited
Loading

I'm not sure we're are in the same problem, but a workaround that works for me is start it from the command line with sudo, like: sudo openfortigui. Plus I let the SUDO -E Option setting enabled.

No other way works for me, and it seems to be something specific with openfortigui.

@edmundlaugasson
Copy link

edmundlaugasson commented Aug 17, 2021
edited
Loading

Strange, but when SUDO -E Option setting enabled, it will not query certificate. So I first disable that option, then I get certificate. But even I run sudo openfortigui, in logs I get message sudo: Sorry, you are not allowed to use this solution. Besides, I tried also so, that logged in as root firstly (sudo -i) and then started openfortigui, still same issue... Openfortigui Version 0.9.5 is used from this repository. Is original website not updated? I see there still 0.9.4 version...

@theinvisible
Copy link
Owner

Indeed, was a bit late to update project site. There is now 0.9.5 available, also a real build .deb package for bullseye is now available: http://apt.iteas.at/iteas/pool/main/o/openfortigui/openfortigui_0.9.5-1_amd64_bullseye.deb

@scrlkx
Copy link

scrlkx commented Sep 1, 2021

Just to keep the thread,

In the latest version, when trying to connect as a regular user, I get the following logs.

Sep 1 09:10:27 sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required

@theinvisible
Copy link
Owner

This means your sudo ist not configured correctly for your user, best is to start with this sample configuration and adjust to your system: https://github.com/theinvisible/openfortigui/blob/master/openfortigui/sudo/openfortigui

@edmundlaugasson
Copy link

edmundlaugasson commented Sep 2, 2021
edited
Loading

No, my sudo is working fine (it is autoconfigured by Openfortigui), just VPN certificate was outdated. Now it works again. Haven't fully tested everything. I'm just user and not VPN-server admin.

@Episodio1
Copy link

Hi!

Debian 11 bookworm (in "testing" release)

Running nonGUI with "sudo openfortivpn" connects OK. (v.1.17)

Running GUI (v 0.9.5) with/without sudo opens OK, but when connnecting to VPN nothing happens and error shows up in "journalctl":

debian kernel: openfortigui[14058]: segfault at 80 ip 00007fe8122ef2f0 sp 00007ffc5b7b3a08 error 4 in libQt5Core.so.5.15.2[7fe8121b7000+301000]

@Episodio1
Copy link

Running GUI (v 0.9.5) with/without sudo opens OK, but when connnecting to VPN nothing happens and error shows up in "journalctl":

Oops! Enabling checkbox: FILE -> SETTINGS >> SUDO -E . fixed the issue.

@alexmcwi
Copy link

alexmcwi commented Jun 7, 2022

Thank you @edmundlaugasson ! This works.

Having same issue:

* used https://apt.iteas.at/ repository, as we need a repository to update software in a more trusted and faster way

* having Linux Mint 20 Cinnamon

* nothing happens, when trying to connect

* OpenFortiGUI v0.9.3

* logs are empty, even after trying to connect

Any solution?

At the same time Linux Mint 19.3 MATE it works. I also notice, that trusted certification is not available in Linux Mint 20 Cinnamon.

Currently found a workaround:

* run OpenFortiGUI via sudo (with root permissions)

* configure connection

* connect - now it asks certificate properly and connects

* run OpenFortiGUI again as regular user

* now it connects also here

* then used SUDO -E option from OpenFortiGUI settings and then also certificate as regular user received and now works also as regular user

* then you can delete all configuration, profiles under sudo permissions and use these under regular user only as it should be

@Trikenstein
Copy link

Solved in Debian 12, using apt install openfortivpn which is a package supported by Debian

Solution with screenshot in #189

@theinvisible
Copy link
Owner

Solved in Debian 12, using apt install openfortivpn which is a package supported by Debian

Solution with screenshot in #189

Thats a NetworkManager plugin and has nothing to do whit OpenfortiGUI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@k-dahl @theinvisible @Episodio1 @edmundlaugasson @scrlkx @wandering-tales @angela-d @Trikenstein @alexmcwi