Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon

From: "David H. Durgee" <dhdurgee verizon net>
To: Thomas Haller <thaller redhat com>, networkmanager-list gnome org
Subject: Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Date: Wed, 21 Feb 2018 12:03:58 -0500

Thomas Haller wrote:

On Tue, 2018-02-20 at 16:46 -0500, David H. Durgee wrote:

As I indicated in my last posting, I was going to try editing out
the
element that was being complained about in the error and see what
happens.  I was able to successfully import the edited ovpn file
using
network connections.

Sidenote: import of a ovpn file is only a step to create the connection
profile in NetworkManager.
When you activate a VPN connection, what matters is how the connection
profile locks in NetworkManager, see for example

   $ nmcli connection show "$VPN_PROFILE"

The settings in the profile matter, but it does not matter how the
profile was created originally (import ovpn file, or clicked in nm-
connection-editor, or nmcli).

I have attached the output of the connection show to this response.

Now that it is in my available connections, I attempted to activate
it.
Unfortunately, this failed.  Looking in /var/log/syslog I found the
following:
...

Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key
negotiation
failed to occur within 60 seconds (check your network connectivity)
Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake
failed
Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error]
received, process restarting

Unclear, what is wrong.


What did you do about the unsupported extra-certs option? nm-openvpn
does not support that, so there is no immediate way how to specify
them. Is this option required for you to successfully establish the
connection?

I simply edited it out of the profile. I don't know if it is requiredor optional.


You could enable debug logging, for example via

   sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN

afterward, re-activate the VPN connection and look at journal.

Note that verbose logging of openvpn might reveal private sensitive
information. Take care before sending a logfile. See comment about rate
limiting of journal at
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf


Also, in the logfile you will see how NetworkManager's VPN plugin
invokes the openvpn binary and which parameters are passed to it. Are
those parameters making sense?



best,
Thomas

I will consider debug logging after you have a chance to inspect theconnection show and let me know if it looks sane or is missing a crucialelement.


Thank you for your assistance in this matter.

Dave

Attachment: Ashburn.conf
Description: Text document

Follow-Ups:
- Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
  - From: Thomas Haller

References:
- Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
  - From: David H. Durgee
- Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
  - From: Thomas Haller
- Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
  - From: David H. Durgee
- Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]