How to save VPN passwords with NetworkManger

5 Comments

I was having a lot of trouble with NetworkManager not saving my VPN group and user passwords. I'm guessing this is a bug and I did see some references to launchpad bugs while doing my googling to find a solution. However, it took me a while to figure it out. It requires a little editing of the system-connection files.

If you look in /etc/NetworkManager/system-connections/, you will see your connection files. Open one of them and change a few of the settings. The two settings I had to change/add were:

[vpn]
ipSec-secret-type=save    # This wasn't in the file
IPSec secret-flags=0      # This was set to 1 originally
xauth-password-type=save 
XAuth password-flags=0   

# This entire section didn't exist, I had to add it
[vpn-secrets]
XAuth password=some-password
IPSec secret=some-group-password

There are other things in the file, but I didn't have to change those. It's very Odd that nm-applet can't seem to figure this out. Quite a bug. Anyway, here is my entire file for reference:

[connection]
id=CiscoVPN
uuid=5513f555-ec88-4444-9818-6bee77785kska
type=vpn
autoconnect=false
timestamp=1331220616

[vpn]
service-type=org.freedesktop.NetworkManager.vpnc
NAT Traversal Mode=natt
ipsec-secret-type=save
IPSec secret-flags=0
xauth-password-type=save
IPSec ID=GroupId
IPSec gateway=10.0.0.1
Xauth password-flags=0
Xauth username=myname
IKE DH Group=dh2

[vpn-secrets]
Xauth password=mypassword
IPSec secret=mygrouppassword

[ipv4]
method=auto

Comments

I assumed it didn't save the password because it's attempting to be secure ;)

Posted by joshtronic, on

Passwords are supposed to be saved in the system keyring. This doesn't always work, and what brought me to this blog entry :-)

Posted by Matthew, on

Thanks, this helped me a lot - as our universities group password is not a secret, it's just fine to save it that way :)

Posted by Solfallsild, on

Thanks, this helped me a lot - as our universities group password is not a secret, it's just fine to save it that way :)

Posted by Solfallsild, on

Oh, thank you, thank, you thank you.. this was driving me nuts. I don't want to use gnome-keyring to store passwords for vpn, since that means I can't start up the vpn automatically on boot.

Posted by Sandra, on

Post a comment

The fields highlighted in red are required.
  • Markdown allowed in message.