Adding VPN results in password loss about ubuntu-touch HOT 60 OPEN

There is a app allowing more option.

com.ubuntu.developer.pete-woods.vpn-editor_0.3.1_all.zip

Once the file is edited correctly in the terminal, opening the GUI config. breaks it again.

from ubuntu-touch.

Hi, I just tested on my N5, channel stable OTA8, It works well, using whatismyIP everything correct. Pls follow the blog VPN round 2 images, do not forget to add LZO in settings even if Proton would say not necessary. And just in case, did not you delete the certificates from the folder you point from VPN edit? Just asking, and trying to figure out why it does not works for you. Before you start again, clean with UT tweak tool the VPN edit app.

from ubuntu-touch.

i can confirm that modifying password-flags from 1 to 0 and adding
[vpn-secrets]
password=PASSWORD
still fixes the 'no valid vpn secrets' error

can you please explain for noobs how to do it, im reallly lost, ty mate

you need to go the terminal and use nano to open sudo nano /etc/NetworkManager/system-connections there you will see password-flags=1 which you should change to password-flags=0
then go to the bottom of the file and add the lines

[vpn-secrets]
password=PASSWORD

where PASSWORD is your actual password
then save and exit with ctrl+x
note if you don't open the file with sudo you won't be able to read it, it will appear empty

from ubuntu-touch.

It's not related to a device, it happens on mako and hammerhead also.

from ubuntu-touch.

I just created a configuration with a client certificate with password for hammerhead and this works. Does it mean password for the certificate is not accepted? Can we get serverlogs? I have:

Jun  5 11:55:46 rooty ovpn-vpnserver[4427]: 80.110.115.214:26657 TLS: Initial packet from [AF_INET]80.110.115.214:26657, sid=5060ae98 dbba4960
Jun  5 11:55:46 rooty ovpn-vpnserver[4427]: 80.110.115.214:26657 VERIFY OK: depth=1, C=AT, L=Vienna, O=bin.org.in, CN=bin.org.in CA, name=vpnserver, [email protected]
Jun  5 11:55:46 rooty ovpn-vpnserver[4427]: 80.110.115.214:26657 VERIFY OK: depth=0, C=AT, L=Vienna, O=bin.org.in, CN=knecht, name=vpnserver, [email protected]
Jun  5 11:55:47 rooty ovpn-vpnserver[4427]: 80.110.115.214:26657 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Jun  5 11:55:47 rooty ovpn-vpnserver[4427]: 80.110.115.214:26657 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun  5 11:55:47 rooty ovpn-vpnserver[4427]: 80.110.115.214:26657 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Jun  5 11:55:47 rooty ovpn-vpnserver[4427]: 80.110.115.214:26657 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun  5 11:55:47 rooty ovpn-vpnserver[4427]: 80.110.115.214:26657 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Jun  5 11:55:47 rooty ovpn-vpnserver[4427]: 80.110.115.214:26657 [knecht] Peer Connection Initiated with [AF_INET]80.110.115.214:26657
Jun  5 11:55:47 rooty ovpn-vpnserver[4427]: MULTI: new connection by client 'knecht' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Jun  5 11:55:47 rooty ovpn-vpnserver[4427]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Jun  5 11:55:47 rooty ovpn-vpnserver[4427]: MULTI: Learn: 10.8.0.6 -> knecht/80.110.115.214:26657
Jun  5 11:55:47 rooty ovpn-vpnserver[4427]: MULTI: primary virtual IP for knecht/80.110.115.214:26657: 10.8.0.6
Jun  5 11:55:49 rooty ovpn-vpnserver[4427]: knecht/80.110.115.214:26657 PUSH: Received control message: 'PUSH_REQUEST'
Jun  5 11:55:49 rooty ovpn-vpnserver[4427]: knecht/80.110.115.214:26657 send_push_reply(): safe_cap=940
Jun  5 11:55:49 rooty ovpn-vpnserver[4427]: knecht/80.110.115.214:26657 SENT CONTROL [knecht]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

from ubuntu-touch.

Note that the phone assumes SHA1 signature, but maybe on the server there is SHA256 set. You cant choose this from the current GUI on the phone.

from ubuntu-touch.

Pete woods app used to work with earlier ubuntu touch releases: [https://askubuntu.com/questions/754878/how-to-setup-openvpn-provided-with-ota10-on-ubuntu-touch]

However, it has stopped working since Ubuntu Touch OTA-14. It has been documented elsewhere before [https://bugs.launchpad.net/canonical-devices-system-image/+bug/1651458]

Does anyone know if this problem has been resolved with UBports OTA-1? Would it be worth to get a Nexus 5 to get back VPN-functionality without having to use the terminal?

from ubuntu-touch.

Can you confirm with the last devel the connection to VPN doesn't work anymore, even with the trick mentioned above ?

For my case, it was working fine up to mid august on the hammerhead devel.

from ubuntu-touch.

Oh, it works! I did not follow the advice from NeoTheThird correctly. If I do and edit the vpn config file after creating it with pete woods VPN-app, everything works fine. Thank you!

from ubuntu-touch.

I wipe all my configs, redo the setup and it works.

from ubuntu-touch.

So can I close this?

from ubuntu-touch.

Have i been hit over the head? I can't for the love of me remember filing this report...

@ernesst Did you use the workaround from above or just set it up from the gui?

@Flohack74 I would keep this open until investigation is done and we can be sure that you can just easily set up a vpn using just the gui in the settings.

from ubuntu-touch.

Depends the security setup of the vpn.
With my own vpn, set it up with pivpn i'm using a key + password. It works.

Using protonvpn for instance, requiring a login and password the problem is still present.

from ubuntu-touch.

My VPN set up still has this problem.
Has anyone been able to set up a VPN from a fresh install, and got past this bug?

from ubuntu-touch.

Problem still present with 16.04/RC on nexus 5 (hammerhead).

from ubuntu-touch.

16.04/RC on FP2, login + password (+ca.certificate) does not work. (OpenVPN to synology diskstation)

Adding "[vpn-secrets]" removes error of missing secrets and switch goes green imediately.
But theres still no connection.

There also seems to be a bug in Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1211110

But following the suggestion to change the ipv4 dns-settings, does not solve the problem for me.

from ubuntu-touch.

Hello! We are (I am and protonvpn support) trying to connect my Meizu pro 5 OTA-8 with protonvpn servers by the open vpn like this instruction https://ubports.com/blog/ubports-blog-1/post/vpn-on-ubuntu-touch-178
About week we are trying to use different settings, but I see error "no vpn secrets".

1. I use login and password;
2. Certificate protonvpn.ca and .key file (have its by email from protonvpn);
3. I use VPN editor app for ubuntu touch.
   Protonvpn not working.
   But if I use vpn settings from vpngate site (.ca, .cert and .key) connection - ok!
   Correct instruction by the link https://ubports.com/blog/ubports-blog-1/post/vpn-on-ubuntu-touch-178 please, it not work.
   If ubports support can connect with protonvpn (OTA-8) please let me know how you do this?

from ubuntu-touch.

I totally forgot about this topic, because for me VPN is working well for some time now.
It turned out, that my provider was blocking/throttling UDP connections (even if he said, he would not do this). Connection over TCP was working very well.

from ubuntu-touch.

Hi, @MK1973 has asked me to upload a couple of screenshots to show that it's working using that tutorial & how it looks on a UT device :)

from ubuntu-touch.

We test any settings (LZO, no LZO), ca and key files allways in downloads. I restart Unity, it close all apps, reconfig vpn settings, but no connection - error. I make 3 files (ca, cert and key) from VPNGATE ovpn and my vpn work well, but I want use protonvpn too, but it not work. I am send screenshots of my settings to protonvpn support, they dont know where the problem, I am made all my steps directly from link https://ubports.com/blog/ubports-blog-1/post/vpn-on-ubuntu-touch-178
I think problem in openvpn app ubuntu touch, it gives connecting only with certificates TLS, authentication with pass - no.

from ubuntu-touch.

My ubuntu 16.04 PC connecting well with protonvpn, from protonvpn-cli and with ovpn file, any way. Provider not blocking. Meizu with ovpn ubuntu touch not working correctly, I think so, sorry.

from ubuntu-touch.

tfw you realize the source of the much cited VPN Editor looks like a fork/clone of this repo or perhaps the otherway around hmmmm

from ubuntu-touch.

i can confirm that modifying password-flags from 1 to 0 and adding
[vpn-secrets]
password=PASSWORD
still fixes the 'no valid vpn secrets' error

from ubuntu-touch.

I hope all openvpn protocols in ubports firmware will be update in the next OTA. Original Meizu (powered from ubuntu) can working only with 3 files and not working with password protocol.

from ubuntu-touch.

I hope all openvpn protocols in ubports firmware will be update in the next OTA. Original Meizu (powered from ubuntu) can working only with 3 files and not working with password protocol.

Oh, it should also already work with password.
You just need the special vpn-configurator: https://open-store.io/app/com.ubuntu.developer.pete-woods.vpn-editor.

edit: just realized that it was already mentioned before, sorry.

from ubuntu-touch.

What about "Wireguard VPN" in Ubports? Is it possible?

from ubuntu-touch.

Hello! How to change file with password? "in the /etc/NetworkManager/system-connections directory the vpn confige files are stored.
If i edit the vpn config like this:
password-flags=0
And add the following:
[vpn-secrets]
password=YourPassword
Now restart network manager by:
service network-manager restart

The connection could be established by shifting the key in the networking-manager gui."

I am trying fix the problem with "no vpn secrets". In the file manager I go to the "etc/networkmanager/system-connections" but the file with vpn settings I cant open and change. How I can do it?

from ubuntu-touch.

the should be a file under "/etc/NetworkManager/system-connections" (note its /etc not etc)
you can find the appropiate file by using ls on that path

from ubuntu-touch.

In first realease of Ubuntu touch I remember good work of VPN app. I could choose any connections and settings, but after first update someone cut our vpn and now we have problems.

from ubuntu-touch.

Some time ago, I was unable to install a vpn configuration on my BQ M10 tablet with VPN editor, the password could not register.
Now, by being on the dev channel, it works!!!
However, I don't know how long it's been working because I hadn't tried it for a long time !

from ubuntu-touch.

Bug still present in OTA-11 stable with embedded system settings VPN, however, using https://open-store.io/app/com.ubuntu.developer.pete-woods.vpn-editor in combination with https://ubports.com/blog/ubports-blog-1/post/vpn-on-ubuntu-touch-178 doesn't require password-flags workaround to establish coms to ProtonVPN (at least on hammerhead, that is).

[connection]
id=<protonvpn remote server>
uuid=<uuid>
type=vpn
autoconnect=false
permissions=
secondaries=
[vpn]
ta-dir=1
connection-type=password
auth=SHA512
password-flags=1
remote=<protonvpn remote server>
cipher=AES-256-CBC
comp-lzo=yes
port=1194
username=<username>
ca=/etc/openvpn/ca.crt
ta=/etc/openvpn/ta.key
service-type=org.freedesktop.NetworkManager.openvpn
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

from ubuntu-touch.

@fpb4 @NeoTheThird I think I've found why the system settings VPN editor bugs, at least with ProtonVPN (I don't have another VPN provider and didn't test) : that's because the system settings VPN doesn't have HMAC authentication field to fill like the VPN editor does, see this picture (taken from here) :

I discovered this by adding a first VPN server with VPN editor app, which has the HMAC authentication field. This is what I did then :

1. Delete VPN editor app
2. Configure a second VPN with system settings VPN (use connection-type=password with ProtonVPN, like in NetworkManager on the desktop) and register it
3. Mount the rootfs readable so you can edit your freshly configured VPN
4. Edit it with Nano, and add the line auth=SHA512 between connection-type=password and password-flag=1
5. Remount the rootfs read-only
6. Restart Network Manager
7. You may need to reboot your phone, but after that your VPN connection works

So I really think the system settings VPN just needs to get an HMAC authentication field (besides the abilty to import .ovpn file) ;)

from ubuntu-touch.

hey @spartid great find! it might be an idea to file that in a new issue tho, it will make it easier to track

from ubuntu-touch.

@Fuseteam yes, I'll do that, thanks for the hint !

from ubuntu-touch.

How i do edit the file?
error not solved with spartid trick, maybe ist me i dont undestand it, can explain?

from ubuntu-touch.

i can confirm that modifying password-flags from 1 to 0 and adding
[vpn-secrets]
password=PASSWORD
still fixes the 'no valid vpn secrets' error

can you please explain for noobs how to do it, im reallly lost, ty mate

from ubuntu-touch.

i can confirm that modifying password-flags from 1 to 0 and adding
[vpn-secrets]
password=PASSWORD
still fixes the 'no valid vpn secrets' error

can you please explain for noobs how to do it, im reallly lost, ty mate

you need to go the terminal and use nano to open sudo nano /etc/NetworkManager/system-connections there you will see password-flags=1 which you should change to password-flags=0
then go to the bottom of the file and add the lines

[vpn-secrets]
password=PASSWORD

where PASSWORD is your actual password
then save and exit with ctrl+x
note if you don't open the file with sudo you won't be able to read it, it will appear empty

THANKS I CORRECTLY CONFIGURED MY RISEUP VPN, THANKS THANKS!!
if i can suggest, make a little guide for us ,noob users, so this error can be closed.

from ubuntu-touch.

i can confirm that modifying password-flags from 1 to 0 and adding
[vpn-secrets]
password=PASSWORD
still fixes the 'no valid vpn secrets' error

can you please explain for noobs how to do it, im reallly lost, ty mate

you need to go the terminal and use nano to open sudo nano /etc/NetworkManager/system-connections there you will see password-flags=1 which you should change to password-flags=0
then go to the bottom of the file and add the lines

[vpn-secrets]
password=PASSWORD

where PASSWORD is your actual password
then save and exit with ctrl+x
note if you don't open the file with sudo you won't be able to read it, it will appear empty

btw i see the option auttoconnect, can it be enabled so no need to reconct manually?

from ubuntu-touch.

THANKS I CORRECTLY CONFIGURED MY RISEUP VPN, THANKS THANKS!!
if i can suggest, make a little guide for us ,noob users, so this error can be closed.

the underlying issue should be fixed, the terminal workaround should not be necessary XD

from ubuntu-touch.

btw i see the option auttoconnect, can it be enabled so no need to reconct manually?

that sounds like a feature request feel free to file it in a separate issue ;)

from ubuntu-touch.

btw i see the option auttoconnect, can it be enabled so no need to reconct manually?

that sounds like a feature request feel free to file it in a separate issue ;)

not a feature request, when i edit with nano, at the top it says "autoconect=fase", just wondering if it can be manually to "autoconect=true", may it does it, idk

from ubuntu-touch.

not a feature request, when i edit with nano, at the top it says "autoconect=fase", just wondering if it can be manually to "autoconect=true", may it does it, idk

can't hurt to try, :)
it'fl either work; which means we neer some gui option
or not then we also have to fix it.

from ubuntu-touch.

i can confirm that modifying password-flags from 1 to 0 and adding
[vpn-secrets]
password=PASSWORD
still fixes the 'no valid vpn secrets' error

can you please explain for noobs how to do it, im reallly lost, ty mate

you need to go the terminal and use nano to open sudo nano /etc/NetworkManager/system-connections there you will see password-flags=1 which you should change to password-flags=0
then go to the bottom of the file and add the lines

[vpn-secrets]
password=PASSWORD

where PASSWORD is your actual password
then save and exit with ctrl+x
note if you don't open the file with sudo you won't be able to read it, it will appear empty

I am getting the following error using NANO even though i used SUDO and confirmed the password:

Unable to create directory /root/.nano:
Read-only file system
It is required for saving/loading search
history or cursor positions.

Press Enter to continue

Once i hit Enter nano shows an empty screen. in addition the user needs to pretty much unlock that folder for any editing whatsoever. Alternatively using a code editor like Seabass2 works fine in making all the changes:

First:
sudo chmod -R ugo+rwx /etc/NetworkManager/system-connections
sudo nano /etc/NetworkManager/system-connections

For me the password now saves and the error about the not having vpn secrets is gone, however the connection for me still fails stating that it could not find a valid certificate even though it is defined and available. CA certificate ...*. crt file, TLS key .... *.key file key direction 1. But no luck connecting (by the way the the VPN editor also doesn't correctly save the settings TYPE, and key direction which reverts in the UI to the wrong values even though once you click on the drop down the correct ones are selected)

Also btw after restarting the network manager and rebooting the device the vpn configuration file is still in the same folder, however the network settings VPN now shows no more profiles :-/

from ubuntu-touch.

i can confirm that modifying password-flags from 1 to 0 and adding
[vpn-secrets]
password=PASSWORD
still fixes the 'no valid vpn secrets' error

can you please explain for noobs how to do it, im reallly lost, ty mate

you need to go the terminal and use nano to open sudo nano /etc/NetworkManager/system-connections there you will see password-flags=1 which you should change to password-flags=0
then go to the bottom of the file and add the lines

[vpn-secrets]
password=PASSWORD

where PASSWORD is your actual password
then save and exit with ctrl+x
note if you don't open the file with sudo you won't be able to read it, it will appear empty

I am getting the following error using NANO even though i used SUDO and confirmed the password:

Unable to create directory /root/.nano:
Read-only file system
It is required for saving/loading search
history or cursor positions.

Press Enter to continue

Once i hit Enter nano shows an empty screen. in addition the user needs to pretty much unlock that folder for any editing whatsoever. Alternatively using a code editor like Seabass2 works fine in making all the changes:

First:
sudo chmod -R ugo+rwx /etc/NetworkManager/system-connections
sudo nano /etc/NetworkManager/system-connections

For me the password now saves and the error about the not having vpn secrets is gone, however the connection for me still fails stating that it could not find a valid certificate even though it is defined and available. CA certificate ...*. crt file, TLS key .... *.key file key direction 1. But no luck connecting (by the way the the VPN editor also doesn't correctly save the settings TYPE, and key direction which reverts in the UI to the wrong values even though once you click on the drop down the correct ones are selected)

Also btw after restarting the network manager and rebooting the device the vpn configuration file is still in the same folder, however the network settings VPN now shows no more profiles :-/

you need to edit the file inside of /etc/NetworkManager/system-connections fwiw you shouldn't need to mess with permissions, you just need sudo

from ubuntu-touch.

good news i managed to reproduce this bug on the desktop
it appears the vpn password is supposed to be saved in the keyring, when it is that's what password-flags=1 appears to do. when is unable to read the keyring, it should prompt for the password. if even that is impossible it gives exactly the same error: "no valid vpn secrets"

from ubuntu-touch.

more good news, i now have suspicions that vpn passwords are stored in .local/share/keyrings/login.keyring
this time with some bad news: it is encrypted and i can't seem to decrypt it with my passphrase, pin, phablet, 0000 or even an empty string
on the bright side i don't remember every password i ever used on my device, it might be encrypted with my very first password which i simply don't remember

from ubuntu-touch.

The output of ps aux|grep keyring suggests that gnome-keyrings-daemon is running for vpn credentials; I think we can confidently say vpn credentials are saved in it. But since it's never decrypted, it leads to the "loss of vpn password" bug. It's not actually lost but simply not accessible
According to this answer it should be able to unlocked with gnome-keyring-daemon --daemonize --login but on ut it complains that it is infact insecure

from ubuntu-touch.

I also encountered the issue, that my VPN password was not getting saved.
It turned out, that it was because I've had no lock password set (no sudo).
After setting a lock password and a reboot (important), the VPN password was getting saved.

from ubuntu-touch.

@luksus42 can you check if you can unlock your keyring with your lock password? the keyring should be in ~/.local/share/keyrings it should be unlockable like this: https://github.com/mcdope/pam_usb/blob/2890b8ad21c20ea6a9f0fa914fa6e87ae79b04d5/tools/pamusb-keyring-unlock-gnome#L46

from ubuntu-touch.

@Fuseteam
I am not sure, if I did it right:

phablet@ubuntu-phablet:~$ echo -n mypassword | gnome-keyring-daemon --daemonize --login
gnome-keyring-daemon: insufficient process capabilities, unsecure memory might get used    

from ubuntu-touch.

@luksus42 you did it correctly, i got the same some time ago, i'm unsure if that's an issue with xenial or with how gnome-keyring is setup

from ubuntu-touch.

Noting further research on the keyring issue, as that's at least what's causing the password to disappear from the UI. I'm going to use https://specifications.freedesktop.org/secret-service/latest/ terminology to avoid confusion.

On a fresh install (hard to say what's going to happen on older ones at the moment, no idea what happened to the Collections after some updates, or password changes, or whatever else) on my Pixel 2 XL something is wrong with the default login Collection (/org/freedesktop/secrets/collection/login) - it doesn't have the proper secret-service interface.

After installing libsecret-tools using crackle any attempt at manipulating the Collection results in this error:

phablet@ubuntu-phablet:~$ secret-tool store --label='Test' test test
Password: 
** Message: Remote error from secret service: org.freedesktop.DBus.Error.UnknownMethod: No such interface 'org.freedesktop.Secret.Collection' on object at path /org/freedesktop/secrets/collection/login
secret-tool: No such interface 'org.freedesktop.Secret.Collection' on object at path /org/freedesktop/secrets/collection/login

gdbus returns an empty interface on introspection:

phablet@ubuntu-phablet:~$ gdbus introspect -e --dest org.freedesktop.secrets -o /org/freedesktop/secrets/collection/login
node /org/freedesktop/secrets/collection/login {
};

Compare to mako on which all of this works:

phablet@ubuntu-phablet:~$ secret-tool search setting-name vpn
[/org/freedesktop/secrets/collection/login/1]
label = VPN password secret for VPN connection 1/org.freedesktop.NetworkManager.openvpn/vpn
secret = HERE_WOULD_BE_YOUR_PASSWORD_DONT_POST_THIS_ANYWHERE
created = 2022-03-23 18:15:10
modified = 2022-03-23 18:15:10
schema = org.freedesktop.NetworkManager.Connection
attribute.setting-name = vpn
attribute.setting-key = password
attribute.connection-uuid = 5f734bcb-d410-4949-9de7-444ae4fa0bb1

phablet@ubuntu-phablet:~$ gdbus introspect -e --dest org.freedesktop.secrets -o /org/freedesktop/secrets/collection/login
node /org/freedesktop/secrets/collection/login {
  interface org.freedesktop.DBus.Properties {
    methods:
      Get(in  s interface_name,
          in  s property_name,
          out v value);
      GetAll(in  s interface_name,
             out a{sv} properties);
      Set(in  s interface_name,
          in  s property_name,
          in  v value);
    signals:
      PropertiesChanged(s interface_name,
                        a{sv} changed_properties,
                        as invalidated_properties);
    properties:
  };
  interface org.freedesktop.DBus.Introspectable {
    methods:
      Introspect(out s xml_data);
    signals:
    properties:
  };
  interface org.freedesktop.DBus.Peer {
    methods:
      Ping();
      GetMachineId(out s machine_uuid);
    signals:
    properties:
  };
  interface org.freedesktop.Secret.Collection {
    methods:
      Delete(out o prompt);
      SearchItems(in  a{ss} attributes,
                  out ao results);
      CreateItem(in  a{sv} properties,
                 in  (oayays) secret,
                 in  b replace,
                 out o item,
                 out o prompt);
    signals:
      ItemCreated(o item);
      ItemDeleted(o item);
      ItemChanged(o item);
    properties:
      readonly ao Items = ['/org/freedesktop/secrets/collection/login/1', '/org/freedesktop/secrets/collection/login/2'];
      readwrite s Label = 'Login';
      readonly b Locked = false;
      readonly t Created = 0;
      readonly t Modified = 1647540877;
  };
  node 2 {
  };
  node 1 {
  };
};

Removing the files from /home/phablet/.local/share/keyrings doesn't do anything. On the other hand after installing python3-secretstorage the Collection and VPN settings work after a reboot - this somehow fixes the Collection (and by extension the VPN settings), even though:

• the package doesn't seem to be used by anything on the system, or I can't find it
• the package doesn't have any maintainer scripts that would do anything
• installing any of the dependencies doesn't fix anything
• removing the package once it started working doesn't break it

In short: magic.

from ubuntu-touch.

for comparison secret-tool installed with crackle seems to work fine on lancelot
searching for the secret with secret-tool search setting-name vpn properly return the secret. however enabling the vpn still says "no valid secret".

from ubuntu-touch.

Keep in mind that it's going to be hard to figure this out on a not fresh install (also secret-tool will always unlock the Collection) - that's the next step, figure out how to fix this for existing installs.

from ubuntu-touch.

Well, vpn configuration is still a problem on hammerhead with OTA-25. I've tried with both the vpn-editir and the settings vpn setup and still just get the "no vpn secrets" error and the password has disappeared. Also tried editing the connection file and restarting networking, all to no avail. Haven't rebooted yet. Anyway, it is all far too complicated configuring vpn at the moment; even if it worked it is still a lot of effort. Has there been any progresd on reading ovpn files?

from ubuntu-touch.

There is some work in progress, but no clear working solution yet at the time of writing

from ubuntu-touch.

This is the current state of the work in progress: https://gitlab.com/groups/ubports/development/core/-/merge_requests?scope=all&state=opened&search=Vpn

from ubuntu-touch.

it appears this issue is worse on focal, the previous [vpn-secrets] trick no longer seem to work
it works fine, i forgot to put the username

from ubuntu-touch.

it appears this issue is worse on focal, the previous [vpn-secrets] trick no longer seem to work it works fine, i forgot to put the username

On xenial?

from ubuntu-touch.

it appears this issue is worse on focal, the previous [vpn-secrets] trick no longer seem to work it works fine, i forgot to put the username

On xenial?

on focal

from ubuntu-touch.