Hi Dan, thank you !
You are right !
What I did: (for any else which may have interest in this setup)
As you suggested I split/converted the mypkcs-file.p12 file in two pieces:
user.pem and key.pem:
[code]
openssl pkcs12 -in mypkcs-file.p12 -out user.pem -nodes -clcerts -nokeys
openssl pkcs12 -in mypkcs-file.p12 -out key.pem -nodes -nocerts
[/code]
>From Smoothwall web interface, in the openVPN page, I got the Root Certificate
>and saved it as cacert.pem.
On NM, I create a new VPN connection as:
type: TLS
user certificate: user.pem
CA certificate: cacert.pem
Private key: key.pem
on the advanced options window I had to setup LZO data compression on general
tab, and Cipher BF-CBC on Certificates tab, to match what I did on SW/Zerina.
I had to put SELinux in permissive mode, otherwise I got on syslog:
[code]
Feb 12 16:14:45 nanobit nm-openvpn[4640]: Cannot load certificate file
/home/miguel/tmp/user.pem: error:0200100D:system library:fopen:Permission
denied: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL
routines:SSL_CTX_use_certificate_file:system lib
Feb 12 16:14:45 nanobit nm-openvpn[4640]: Exiting
Feb 12 16:14:45 nanobit NetworkManager: <info> VPN plugin failed: 1
Feb 12 16:14:45 nanobit NetworkManager: <info> VPN plugin state changed: 6
Feb 12 16:14:45 nanobit NetworkManager: <info> VPN plugin state change reason: 0
Feb 12 16:14:45 nanobit NetworkManager: <WARN> connection_state_changed():
Could not process the request because no VPN connection was active.
[/code]
and I had to setup the DNS by hand. NM did not updated the nameservers as
informed by SW, using the defaults on IPV4 Settings tab. I had to change to
"Automatic (VPN) addresses only to enable the DNS servers text field and I put
the internal DNS servers for this VPN connection. The default router and IP
address were set just fine.
Regardless the big problem related with SELinux in permissive mode, NM-vpn is
working fine !
I hope others can find this post and setup their SW/Zerina VPN too.
Thank you very much for your help !
PS: There are any chances you have a fix to the SELinux issue ? I have tried
"restorecon /home/miguel/tmp/user.pem" and no luck....
_________________________________________________________________
Show them the way! Add maps and directions to your party invites.
http://www.microsoft.com/windows/windowslive/products/events.aspx
_______________________________________________
NetworkManager-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/networkmanager-list
