On Tue, 2018-02-20 at 16:46 -0500, David H. Durgee wrote: > As I indicated in my last posting, I was going to try editing out > the > element that was being complained about in the error and see what > happens. I was able to successfully import the edited ovpn file > using > network connections.
Sidenote: import of a ovpn file is only a step to create the connection profile in NetworkManager. When you activate a VPN connection, what matters is how the connection profile locks in NetworkManager, see for example $ nmcli connection show "$VPN_PROFILE" The settings in the profile matter, but it does not matter how the profile was created originally (import ovpn file, or clicked in nm- connection-editor, or nmcli). > Now that it is in my available connections, I attempted to activate > it. > Unfortunately, this failed. Looking in /var/log/syslog I found the > following: ... > Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key > negotiation > failed to occur within 60 seconds (check your network connectivity) > Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake > failed > Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error] > received, process restarting Unclear, what is wrong. What did you do about the unsupported extra-certs option? nm-openvpn does not support that, so there is no immediate way how to specify them. Is this option required for you to successfully establish the connection? You could enable debug logging, for example via sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN afterward, re-activate the VPN connection and look at journal. Note that verbose logging of openvpn might reveal private sensitive information. Take care before sending a logfile. See comment about rate limiting of journal at https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf Also, in the logfile you will see how NetworkManager's VPN plugin invokes the openvpn binary and which parameters are passed to it. Are those parameters making sense? best, Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
