VPN connection works when password is given on the terminal, but not on the GUI
https://askubuntu.com/questions/1566908/vpn-connection-works-when-password-is-given-on-the-terminal-but-not-on-the-gui
I'm on Kubuntu 26.04. I can connect to a VPN with a command line like this:
sudo openconnect --protocol=nc --useragent "Pulse-Secure/22.8.4.38767" <gateway_address>
I created a VPN connection on the GUI matching these settings, and I get that the connection "failed to activate". I then try with nmcli:
nmcli connection up my_VPN_name
I get a GUI to enter the password, then the connection fails. The terminal says "Connection activation failed: Unknown reason" and gives a suggested journalctl line. Running this line I find "dbus: failure: connect-failed (1)".
However, with:
nmcli connection up my_VPN_name --ask
I'm asked username and password on the terminal. I enter them. The connection is activated sucessfully.
So, somehow the GUI username/password is not being correctly handled. Any ideas?
I believe the password is being passed to the gateway alright. Why? Because sometimes I get a message about "Session limit reached" after entering the password (both with and without --ask), with a choice of which active session to kill. It is after that that the connection fails with GUI or succeeds on terminal.
EDIT:
With sudo journalctl --system --follow I see the following differences.
Success (i.e. with --ask):
Connected to HTTPS on <server.name> with ciphersuite ...
Got HTTP response: HTTP/1.1 101 Switching Protocols
Configured as <ip_address> with SSL connected and ESP in progress
Session authentication will expire at ...
Failure (without --ask):
Connected to HTTPS on <gateway_ip> with ciphersuite ...
Got HTTP response: HTTP/1.1 400 Bad Request
Unexpected 400 result from server
Creating SSL connection failed
Unknown error; exiting.
I should point out that my <gateway_address> is of the form <server.name>/<loc>. But the password GUI shows under VPN Host only the <server.name> part. With nmcli connection show my_VPN_name I see that the whole <server.name>/<loc> is stored. Could it be that the GUI is botching the gateway by sending just the IP address, while on terminal it's left as configured? Note that on success I see only the <server.name> part, and on failure I see only the numerical IP address.