Configuring a VPN connection with cmst in Debian+LXQt

Configuring your VPN with cmst (Connman System Tray) in a pristine Debian Buster and LXQt is almost straightforward but not quite.

First, it may seem obvious but you have to install the connman-vpn package for cmst to handle VPN connections.

At first sight, there is nothing to to import or define a VPN configuration under the VPN tab but if you:

  • go to the tab Preferences and
  • check the option Advanced Controls

a VPN Editor button will appear at the bottom of the window.

Edit: The bug hereunder has been fixed in the latest Debian package: Thanks to Raphael for pointing it out!]

Trying to open a file or import a config file with the VPN Editor will probably trigger a dbus error like this one:

DBus Error Name: org.freedesktop.DBus.Error.AccessDenied

String: org.freedesktop.DBus.Error.AccessDenied

Message: Rejected send message, 1 matched rules; type="method_call", sender=":1.43" (uid=1000 pid=13355 comm="/usr/bin/cmst ") interface="org.cmst.roothelper" member="getFileList" error name="(unset)" requested_reply="0" destination="org.cmst.roothelper" (bus)

The reason is that the cmst package comes with a set of dbus security parameters defined for the group network whereas the appropriate group in Debian should be netdev. To fix this error:

  • Edit /etc/dbus-1/system.d/org.cmst.roothelper.conf and
  • Replace policy group="network" by policy group="netdev"

Additional notes

  1. Contrary to the Debian habits, the VPN "provisioning files" do not reside in some /etc subdirectory but under /var/lib/connman-vpn. Provisionning files handled by cmst in this directory are named according to the scheme "whatever.cmst.config".
  2. See man connman-vpn-provider.config for more information over the syntax of VPN provisioning files.
  3. For OpenVPN connections, the man page is not accurate as regards the OpenVPN.AuthUserPass parameter. Its value is not just true|false but can also be set to the path to a file containing the username and password. The OpenVPN Import configuration tool of the VPN Editor proposes to create one.