Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon

From: Thomas Haller <thaller redhat com>
To: "David H. Durgee" <dhdurgee verizon net>, networkmanager-list gnome org
Subject: Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Date: Wed, 21 Feb 2018 11:37:31 +0100

On Tue, 2018-02-20 at 16:46 -0500, David H. Durgee wrote:

As I indicated in my last posting, I was going to try editing out
the 
element that was being complained about in the error and see what 
happens.  I was able to successfully import the edited ovpn file
using 
network connections.


Sidenote: import of a ovpn file is only a step to create the connection
profile in NetworkManager.
When you activate a VPN connection, what matters is how the connection
profile locks in NetworkManager, see for example

  $ nmcli connection show "$VPN_PROFILE"

The settings in the profile matter, but it does not matter how the
profile was created originally (import ovpn file, or clicked in nm-
connection-editor, or nmcli).

Now that it is in my available connections, I attempted to activate
it. 
Unfortunately, this failed.  Looking in /var/log/syslog I found the 
following:

...

Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key
negotiation 
failed to occur within 60 seconds (check your network connectivity)
Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake
failed
Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error] 
received, process restarting


Unclear, what is wrong.


What did you do about the unsupported extra-certs option? nm-openvpn
does not support that, so there is no immediate way how to specify
them. Is this option required for you to successfully establish the
connection?



You could enable debug logging, for example via

  sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN

afterward, re-activate the VPN connection and look at journal.

Note that verbose logging of openvpn might reveal private sensitive
information. Take care before sending a logfile. See comment about rate
limiting of journal at
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf


Also, in the logfile you will see how NetworkManager's VPN plugin
invokes the openvpn binary and which parameters are passed to it. Are
those parameters making sense?



best,
Thomas

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
  - From: David H. Durgee

References:
- Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
  - From: David H. Durgee
- Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
  - From: Thomas Haller
- Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
  - From: David H. Durgee

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]