Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon



Thomas Haller wrote:
On Tue, 2018-02-20 at 16:46 -0500, David H. Durgee wrote:
As I indicated in my last posting, I was going to try editing out
the
element that was being complained about in the error and see what
happens.  I was able to successfully import the edited ovpn file
using
network connections.
Sidenote: import of a ovpn file is only a step to create the connection
profile in NetworkManager.
When you activate a VPN connection, what matters is how the connection
profile locks in NetworkManager, see for example

   $ nmcli connection show "$VPN_PROFILE"

The settings in the profile matter, but it does not matter how the
profile was created originally (import ovpn file, or clicked in nm-
connection-editor, or nmcli).
I have attached the output of the connection show to this response.
Now that it is in my available connections, I attempted to activate
it.
Unfortunately, this failed.  Looking in /var/log/syslog I found the
following:
...

Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key
negotiation
failed to occur within 60 seconds (check your network connectivity)
Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake
failed
Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error]
received, process restarting
Unclear, what is wrong.


What did you do about the unsupported extra-certs option? nm-openvpn
does not support that, so there is no immediate way how to specify
them. Is this option required for you to successfully establish the
connection?

I simply edited it out of the profile.  I don't know if it is required or optional.


You could enable debug logging, for example via

   sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN

afterward, re-activate the VPN connection and look at journal.

Note that verbose logging of openvpn might reveal private sensitive
information. Take care before sending a logfile. See comment about rate
limiting of journal at
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf


Also, in the logfile you will see how NetworkManager's VPN plugin
invokes the openvpn binary and which parameters are passed to it. Are
those parameters making sense?



best,
Thomas
I will consider debug logging after you have a chance to inspect the connection show and let me know if it looks sane or is missing a crucial element.

Thank you for your assistance in this matter.

Dave

Attachment: Ashburn.conf
Description: Text document



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]