For some time I have been using IPsec over L2TP to connect to customer sites (this is the type of VPN UniFi routers prefer) without issue.
But today I tried to connect to a site and it reported that it “Needs Authorisation”. I opened the connection configuration in Network Manager and the password field was blank and a dialogue window popped up saying:
Failed to get secrets for <VPN Name>
No agents were available for this request
This behaviour persists even if I change the password storage option for the connection to either “Store password for all users (not encrypted)” or “Ask for this password every time”.
The only journal message that leaps out at me is:
kded5[890]: org.kde.plasma.nm.kded: GetSecrets was called again! This should not happen, cancelling first call "/org/freedesktop/NetworkManager/Settings/5" "vpn"
Was there an update to kdewallet in the recent batch of updates? What is the best way to progress in diagnosing this?
I have tried deleting the VPN and then removing and re-installing strongswan and networkmanager-strongswan. After installing it again I re-created the VPN link and it refuses to save the VPN password, though it saves the username and IPsec PSK, all the while complaining about “No agents were available for this request”.
What agent is it talking about? Is there a password subsystem I should try and re-install?
Maybe there is, but how would I know? What can I do to fix it?
I go into the kwalletmanager and then, what? I see a VPN entry, so you would think that if I remove the VPN connection and delete the wallet password entry then it would all work again, but it doesn’t.
Now, any time I try to do anything with any VPN network manager entry it just talks about “No agents were available” and I don’t know what that means. What agent? For doing what? How do I diagnose this?
I look in my journal and I see entries like: kded5[855]: org.kde.plasma.nm.kded: GetSecrets was called again! This should not happen, cancelling first call "/org/freedesktop/NetworkManager/Settings/4" "vpn"
over and over again.
I have found some references to “No agents were available” from 2019 and 2016. In both cases a root cause wasn’t found, they just changed to “Store passwords for all users” and moved on, however that fix doesn’t work in my case.
I am thoroughly confused. I have setup this sort of VPN on a fair few Manjaro machines and never had an issue. I am getting close to throwing my hands in the air and just reinstalling the whole OS, but I hate to do that because I would really prefer to learn a fix than just work around it, and a reinstall is a fairly painful workaround.
I am struggling to find a definitive description of how VNPs work in this scenario, there is a lot of assumed knowledge in a lot of the documentation that I can find. I can infer, from what I have read and seen so far, there is something that’s running off to the kde wallet to collect the secrets, but the specifics elude me. Is it a part of strongswan that is trying to access the wallet, under the control of Network Manager, or does Network Manager itself collect the secrets from the wallet and then passes it to strongswan during the establishment of the link?
I did a clean install of Manjaro and that solved the problem… until kernel 6.0.2 rolled around. Now it’s broken again, but this time I think I know what’s going wrong!