Configuring a VPN connection with cmst in Debian+LXQt
Configuring your VPN with cmst (Connman System Tray) in a pristine Debian Buster and LXQt is almost straightforward but not quite.
First, it may seem obvious but you have to install the connman-vpn package for cmst to handle VPN connections.
At first sight, there is nothing to to import or define a VPN configuration under the VPN tab but if you:
- go to the tab Preferences and
- check the option Advanced Controls
a VPN Editor button will appear at the bottom of the window.
Edit: The bug hereunder has been fixed in the latest Debian package: https://sources.debian.org/patches/cmst/2018.01.06-3/. Thanks to Raphael for pointing it out!]
Trying to open a file or import a config file with the VPN Editor will probably trigger a dbus error like this one:
DBus Error Name: org.freedesktop.DBus.Error.AccessDenied String: org.freedesktop.DBus.Error.AccessDenied Message: Rejected send message, 1 matched rules; type="method_call", sender=":1.43" (uid=1000 pid=13355 comm="/usr/bin/cmst ") interface="org.cmst.roothelper" member="getFileList" error name="(unset)" requested_reply="0" destination="org.cmst.roothelper" (bus)
The reason is that the cmst package comes with a set of dbus security parameters defined for the group network whereas the appropriate group in Debian should be netdev. To fix this error:
- Edit /etc/dbus-1/system.d/org.cmst.roothelper.conf and
- Replace policy group="network" by policy group="netdev"
- Contrary to the Debian habits, the VPN "provisioning files" do not reside in some /etc subdirectory but under /var/lib/connman-vpn. Provisionning files handled by cmst in this directory are named according to the scheme "whatever.cmst.config".
man connman-vpn-provider.configfor more information over the syntax of VPN provisioning files.
- For OpenVPN connections, the man page is not accurate as regards the OpenVPN.AuthUserPass parameter. Its value is not just true|false but can also be set to the path to a file containing the username and password. The OpenVPN Import configuration tool of the VPN Editor proposes to create one.