Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon

Wed, 21 Feb 2018 09:04:34 -0800 

Thomas Haller wrote:

On Tue, 2018-02-20 at 16:46 -0500, David H. Durgee wrote:

As I indicated in my last posting, I was going to try editing out
the
element that was being complained about in the error and see what
happens.  I was able to successfully import the edited ovpn file
using
network connections.

Sidenote: import of a ovpn file is only a step to create the connection
profile in NetworkManager.
When you activate a VPN connection, what matters is how the connection
profile locks in NetworkManager, see for example

   $ nmcli connection show "$VPN_PROFILE"

The settings in the profile matter, but it does not matter how the
profile was created originally (import ovpn file, or clicked in nm-
connection-editor, or nmcli).

I have attached the output of the connection show to this response.

Now that it is in my available connections, I attempted to activate
it.
Unfortunately, this failed.  Looking in /var/log/syslog I found the
following:
...


Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key
negotiation
failed to occur within 60 seconds (check your network connectivity)
Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake
failed
Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error]
received, process restarting

Unclear, what is wrong.


What did you do about the unsupported extra-certs option? nm-openvpn
does not support that, so there is no immediate way how to specify
them. Is this option required for you to successfully establish the
connection?
I simply edited it out of the profile.  I don't know if it is required or optional. 



You could enable debug logging, for example via

   sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN

afterward, re-activate the VPN connection and look at journal.

Note that verbose logging of openvpn might reveal private sensitive
information. Take care before sending a logfile. See comment about rate
limiting of journal at
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf


Also, in the logfile you will see how NetworkManager's VPN plugin
invokes the openvpn binary and which parameters are passed to it. Are
those parameters making sense?



best,
Thomas
I will consider debug logging after you have a chance to inspect the connection show and let me know if it looks sane or is missing a crucial element. 

Thank you for your assistance in this matter.

Dave

connection.id:                          Private Tunnel - Ashburn
connection.uuid:                        03cba5d7-57df-4bd8-b5d3-24c3f24013d7
connection.interface-name:              --
connection.type:                        vpn
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.timestamp:                   0
connection.read-only:                   no
connection.permissions:                 
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        -1 (default)
ipv4.method:                            auto
ipv4.dns:                               
ipv4.dns-search:                        
ipv4.dns-options:                       (default)
ipv4.dns-priority:                      0
ipv4.addresses:                         
ipv4.gateway:                           --
ipv4.routes:                            
ipv4.route-metric:                      -1
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-timeout:                      0
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.dhcp-fqdn:                         --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv4.dad-timeout:                       -1 (default)
ipv6.method:                            auto
ipv6.dns:                               
ipv6.dns-search:                        
ipv6.dns-options:                       (default)
ipv6.dns-priority:                      0
ipv6.addresses:                         
ipv6.gateway:                           --
ipv6.routes:                            
ipv6.route-metric:                      -1
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       0 (disabled)
ipv6.addr-gen-mode:                     stable-privacy
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
vpn.service-type:                       org.freedesktop.NetworkManager.openvpn
vpn.user-name:                          --
vpn.data:                               ta = 
/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-tls-auth.pem, ca = 
/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-ca.pem, key = 
/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-key.pem, dev = tun, cert = 
/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-cert.pem, remote-cert-tls = 
server, cert-pass-flags = 0, remote = us-va-ash-001.privatetunnel.com:1194:udp, 
us-va-ash-001.privatetunnel.com:1194:udp, 
us-va-ash-001.privatetunnel.com:443:tcp, 
us-va-ash-001.privatetunnel.com:1194:udp, 
us-va-ash-001.privatetunnel.com:1194:udp, 
us-va-ash-001.privatetunnel.com:1194:udp, 
us-va-ash-001.privatetunnel.com:1194:udp, 
us-va-ash-001.privatetunnel.com:1194:udp, auth = SHA1, connection-type = tls, 
ta-dir = 1
vpn.secrets:                            <hidden>
vpn.persistent:                         no
vpn.timeout:                            0

_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to