network-manager won't connect with self-signed cert

I had an openconnect VPN working until they chaged the cert. It's self signed and my syslog looks like this:

NetworkManager[777]: <info> [1537936242.5306] settings-connection[0x55a6b75f3520,28292c55-ffbf-4639-bffb-369cc7196457]: write: successfully updated (keyfile: update /etc/NetworkManager/system-connections/VPN 1 (28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1")), connection was modified in the process
NetworkManager[777]: <info> [1537936242.5353] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
NetworkManager[777]: <info> [1537936242.5370] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN plugin: state changed: starting (3)
openconnect[9838]: Connected to 34.196.133.252:443
openconnect[9838]: SSL negotiation with 34.196.133.252
openconnect[9838]: Server certificate verify failed: signer not found
openconnect[9838]: Connected to HTTPS on 34.196.133.252
openconnect[9838]: Got CONNECT response: HTTP/1.1 200 OK
NetworkManager[777]: Set up DTLS failed; using SSL instead
openconnect[9838]: CSTP connected. DPD 300, Keepalive 30
openconnect[9838]: Connected as 192.168.0.173, using SSL
openconnect[9838]: SIOCSIFMTU: Operation not permitted
NetworkManager[777]: <info> [1537936242.8559] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN connection: (IP Config Get) reply received.
NetworkManager[777]: <info> [1537936242.8582] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",4:(vpn0)]: VPN connection: (IP4 Config Get) reply received
NetworkManager[777]: <warn> [1537936242.8583] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",4:(vpn0)]: invalid IP4 config received!
NetworkManager[777]: <warn> [1537936242.8584] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",4:(vpn0)]: VPN connection: did not receive valid IP config information
NetworkManager[777]: <info> [1537936242.8606] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN plugin: state changed: started (4)
NetworkManager[777]: <info> [1537936242.8608] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN plugin: state changed: stopping (5)
NetworkManager[777]: <info> [1537936242.8608] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN plugin: state changed: stopped (6)

Now I posted this similar here: New Cert and I followed the instructions given. However, I installed a 3rd party openconnect, and even though it worked, it broke my network manager (the lib dependencies were having problems) it broke the Gnome GUI, and I could not split tunnel it. So I need another way. I was able to connect with this command:

sudo /usr/local/sbin/openconnect -u me --servercert pin-sha256:1eq6Zy8FGCoEabDB/RnGydqzRMi5TSOpBNAGxm1ivFg=

And that worked, but does not work with the distro oppenconnect. How can I turn that pin-sha256 blurb into a .crt or .pem or something that the regular openconnect will handle?

UPDATE I can connect on the command line with sudo:

 sudo openconnect -u <name> <ip>

So I am guessing that the Network Manager is not running as root. How do I do that?

Sorted by: Reset to default

Pop Feed Daily

network-manager won't connect with self-signed cert

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Sign up or log in

Post as a guest

You Might Also Like

My Minecraft account is taking forever to sign in [closed]

How is it possible to preview a Minecraft world only by using its seed?

Objective minecraft.custom:minecraft.leave_game not working

Is it just me or is the Rocket League's "Super Sonic Acrobatic Rocket-Powered Battle Cars" Konami Code easter egg GONE?