GNOME.org
 

[no subject]

On NM=2C I create a new VPN connection as:
type: TLS
user certificate: user.pem
CA certificate: cacert.pem
Private key: key.pem

on the advanced options window I had to setup LZO data compression on gener=
al tab=2C and Cipher BF-CBC on Certificates tab=2C to match what I did on S=
W/Zerina.

I had to put SELinux in permissive mode=2C otherwise I got on syslog:
[code]
Feb 12 16:14:45 nanobit nm-openvpn[4640]: Cannot load certificate file /hom=
e/miguel/tmp/user.pem: error:0200100D:system library:fopen:Permission denie=
d: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL rou=
tines:SSL_CTX_use_certificate_file:system lib
Feb 12 16:14:45 nanobit nm-openvpn[4640]: Exiting
Feb 12 16:14:45 nanobit NetworkManager: <info>  VPN plugin failed: 1
Feb 12 16:14:45 nanobit NetworkManager: <info>  VPN plugin state changed: 6
Feb 12 16:14:45 nanobit NetworkManager: <info>  VPN plugin state change rea=
son: 0
Feb 12 16:14:45 nanobit NetworkManager: <WARN>  connection_state_changed():=
 Could not process the request because no VPN connection was active.
[/code]

and I had to setup the DNS by hand. NM did not updated the nameservers as i=
nformed by SW=2C using the defaults on IPV4 Settings tab. I had to change t=
o "Automatic (VPN) addresses only to enable the DNS servers text field and =
I put the internal DNS servers for this VPN connection. The default router =
and IP address were set just fine.

Regardless the big problem related with SELinux in permissive mode=2C NM-vp=
n is working fine !

I hope others can find this post and setup their SW/Zerina VPN too.

Thank you very much for your help !

PS: There are any chances you have a fix to the SELinux issue ? I have trie=
d "restorecon /home/miguel/tmp/user.pem" and no luck....


_________________________________________________________________
Show them the way! Add maps and directions to your party invites.=20
http://www.microsoft.com/windows/windowslive/products/events.aspx=

--_4848b590-80f9-46fe-8f5a-01ad8e58c344_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style>
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Verdana
}
</style>
</head>
<body class=3D'hmmessage'>
Hi Dan=2C thank you ! <br><br>You are right !<br>What I did: (for any else =
which may have interest in this setup)<br><br>As you suggested I split/conv=
erted the mypkcs-file.p12 file in two pieces: user.pem and key.pem:<br>[cod=
e]<br>openssl pkcs12 -in mypkcs-file.p12 -out user.pem -nodes -clcerts -nok=
eys<br>openssl pkcs12 -in mypkcs-file.p12 -out key.pem -nodes -nocerts<br>[=
/code]<br><br>From Smoothwall web interface=2C in the openVPN page=2C I got=
 the Root Certificate and saved it as cacert.pem.<br><br>On NM=2C I create =
a new VPN connection as:<br>type: TLS<br>user certificate: user.pem<br>CA c=
ertificate: cacert.pem<br>Private key: key.pem<br><br>on the advanced optio=
ns window I had to setup LZO data compression on general tab=2C and Cipher =
BF-CBC on Certificates tab=2C to match what I did on SW/Zerina.<br><br>I ha=
d to put SELinux in permissive mode=2C otherwise I got on syslog:<br>[code]=
<br>Feb 12 16:14:45 nanobit nm-openvpn[4640]: Cannot load certificate file =
/home/miguel/tmp/user.pem: error:0200100D:system library:fopen:Permission d=
enied: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL=
 routines:SSL_CTX_use_certificate_file:system lib<br>Feb 12 16:14:45 nanobi=
t nm-openvpn[4640]: Exiting<br>Feb 12 16:14:45 nanobit NetworkManager: &lt=
=3Binfo&gt=3B&nbsp=3B VPN plugin failed: 1<br>Feb 12 16:14:45 nanobit Netwo=
rkManager: &lt=3Binfo&gt=3B&nbsp=3B VPN plugin state changed: 6<br>Feb 12 1=
6:14:45 nanobit NetworkManager: &lt=3Binfo&gt=3B&nbsp=3B VPN plugin state c=
hange reason: 0<br>Feb 12 16:14:45 nanobit NetworkManager: &lt=3BWARN&gt=3B=
&nbsp=3B connection_state_changed(): Could not process the request because =
no VPN connection was active.<br>[/code]<br><br>and I had to setup the DNS =
by hand. NM did not updated the nameservers as informed by SW=2C using the =
defaults on IPV4 Settings tab. I had to change to "Automatic (VPN) addresse=
s only to enable the DNS servers text field and I put the internal DNS serv=
ers for this VPN connection. The default router and IP address were set jus=
t fine.<br><br>Regardless the big problem related with SELinux in permissiv=
e mode=2C NM-vpn is working fine !<br><br>I hope others can find this post =
and setup their SW/Zerina VPN too.<br><br>Thank you very much for your help=
 !<br><br>PS: There are any chances you have a fix to the SELinux issue ? I=
 have tried "restorecon /home/miguel/tmp/user.pem" and no luck....<br><br><=
br /><hr />See all the ways you can stay connected <a href=3D'http://www.mi=
crosoft.com/windows/windowslive/default.aspx' target=3D'_new'>to friends an=
d family</a></body>
</html>=

--_4848b590-80f9-46fe-8f5a-01ad8e58c344_--
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]