Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Problem importing OpenVPN client config into NetworkManager

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
imrazor
Posts: 23
Joined: 2012-08-12 04:08

Problem importing OpenVPN client config into NetworkManager

#1 Post by imrazor »

I have an OpenVPN config file that was generated by pfSense 2.4. The file imported successfully on a Fedora 27 laptop and it was able to connect to the pfSense endpoint. On my Debian 9 laptop, however, the file imports without error, but the connection always fails. 'journalctl -u NetworkManager' shows:

Code: Select all

 nm-openvpn[5314]: OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
nm-openvpn[5314]: library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
nm-openvpn[5314]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
 nm-openvpn[5314]: TCP/UDP: Preserving recently used remote address: [AF_INET]<address:port>
nm-openvpn[5314]: UDP link local: (not bound)
 nm-openvpn[5314]: UDP link remote: [AF_INET]<address:port>
nm-openvpn[5314]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
nm-openvpn[5314]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
[b]nm-openvpn[5314]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
 nm-openvpn[5314]: TLS Error: TLS handshake failed[/b]
nm-openvpn[5314]: SIGUSR1[soft,tls-error] received, process restarting
NetworkManager[451]: <warn>  [1516574869.6979] vpn-connection[0x564df03e81b0,16c9db04-4f81-4c01-b61e-b6ec28c10aa8,"config",0]: VPN connection: connect timeout exceed
nm-openvpn-serv[5305]: Connect timer expired, disconnecting.
NetworkManager[451]: <warn>  [1516574869.7002] vpn-connection[0x564df03e81b0,16c9db04-4f81-4c01-b61e-b6ec28c10aa8,"config",0]: VPN plugin: failed: connect-failed (1)
NetworkManager[451]: <info>  [1516574869.7003] vpn-connection[0x564df03e81b0,16c9db04-4f81-4c01-b61e-b6ec28c10aa8,"config",0]: VPN plugin: state changed: stopping (5
NetworkManager[451]: <info>  [1516574869.7005] vpn-connection[0x564df03e81b0,16c9db04-4f81-4c01-b61e-b6ec28c10aa8,"config",0]: VPN plugin: state changed: stopped (6)
(Some info has been removed from the log for privacy and security)

Also, if I su to root, then enter "openvpn --config config.ovpn" I'm able to connect to the pfSense endpoint just fine. I'm suspecting some kind of permissions or elevation issue due to being able to connect as root, but I'm not sure where to go from here. I would prefer to not have to open a root terminal to connect to the VPN.

EDIT: Forgot to mention using Debian 9 Stretch x64, with xfce, network-manager, and openvpn installed from the standard repos. Everything is up to date as of 1/21/19.

User avatar
dotlj
Posts: 646
Joined: 2009-12-25 17:21

Re: Problem importing OpenVPN client config into NetworkMana

#2 Post by dotlj »

Does your .ovpn file include the following?

Code: Select all

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Does your /etc/resolv.conf file change when you connect using a root terminal? This is important not to leak DNS.
Naturally to change the routing, you need to use sudo or be root.
I try to avoid network-manager and prefer to use the CLI, it's easier to connect.

Post Reply