Thomas Haller wrote:
On Tue, 2018-02-20 at 16:46 -0500, David H. Durgee wrote:As I indicated in my last posting, I was going to try editing out the element that was being complained about in the error and see what happens. I was able to successfully import the edited ovpn file using network connections.Sidenote: import of a ovpn file is only a step to create the connection profile in NetworkManager. When you activate a VPN connection, what matters is how the connection profile locks in NetworkManager, see for example $ nmcli connection show "$VPN_PROFILE" The settings in the profile matter, but it does not matter how the profile was created originally (import ovpn file, or clicked in nm- connection-editor, or nmcli).
I have attached the output of the connection show to this response.
I simply edited it out of the profile. I don't know if it is required or optional.Now that it is in my available connections, I attempted to activate it. Unfortunately, this failed. Looking in /var/log/syslog I found the following: ...Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake failed Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error] received, process restartingUnclear, what is wrong. What did you do about the unsupported extra-certs option? nm-openvpn does not support that, so there is no immediate way how to specify them. Is this option required for you to successfully establish the connection?
I will consider debug logging after you have a chance to inspect the connection show and let me know if it looks sane or is missing a crucial element.You could enable debug logging, for example via sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN afterward, re-activate the VPN connection and look at journal. Note that verbose logging of openvpn might reveal private sensitive information. Take care before sending a logfile. See comment about rate limiting of journal at https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf Also, in the logfile you will see how NetworkManager's VPN plugin invokes the openvpn binary and which parameters are passed to it. Are those parameters making sense? best, Thomas
Thank you for your assistance in this matter. Dave
Attachment:
Ashburn.conf
Description: Text document