Cannot connect to OpenVPN using Gnome

Hi.

While I can connect to an OpenVPN server using command line (using openvpn command), I cannot connect to it using Gnome (neither via the top panel nor Network options in Settings).
When I try to connect using Gnome, it immediately shows me a notification that the connection cannot be established and disconnects. Also, I should note that the problem is system-wide; I tried another user, but no luck.

Things I tried so far, but didn’t work:

• Reinstalling openvpn, NetworkManager-openvpn and NetworkManager-openvpn-gnome packages.
• Removing /var/cache directory.
• Re-adding the VPNs after removing .config, .cache and .cert directories.

Here is the related output of journalctl -u NetworkManager -r:

Jan 03 20:31:36 machitgarha NetworkManager[1053]: <info>  [1578070896.8569] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN plugin: state changed: stopped (6)
Jan 03 20:31:36 machitgarha NetworkManager[1053]: <info>  [1578070896.8565] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN plugin: state changed: stopping (5)
Jan 03 20:31:36 machitgarha NetworkManager[1053]: <warn>  [1578070896.8564] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN plugin: failed: connect-failed (1)
Jan 03 20:31:36 machitgarha NetworkManager[1053]: <warn>  [1578070896.8563] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN plugin: failed: connect-failed (1)
Jan 03 20:31:36 machitgarha NetworkManager[1053]: <info>  [1578070896.6973] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN connection: (ConnectInteractive) reply received
Jan 03 20:31:36 machitgarha NetworkManager[1053]: <info>  [1578070896.6972] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN plugin: state changed: starting (3)
Jan 03 20:31:34 machitgarha NetworkManager[1053]: <info>  [1578070894.8390] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: Saw the service appear; activating connection
Jan 03 20:31:34 machitgarha NetworkManager[1053]: <info>  [1578070894.2316] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: Started the VPN service, PID 53133
Jan 03 20:31:33 machitgarha NetworkManager[1053]: <info>  [1578070893.9544] audit: op="connection-activate" uuid="00b99905-3880-444b-bd75-ed5e882c1d8f" name="Canada UDP" pid=1851 uid=1000 result="success"

Note: The Gnome integrated VPN service was working before making some changes to some packages (or whatever change), however, from somewhere, it started not to work.

Thanks in advance!

It works (Gnome side). Did your used “Import from file…”?

Please, see:

c40d8917cb96d8e2045bcbe2f82496175afafe7a.png1032×739 45 KB

1c6b03fc3678a69a406b9db6917131d3db2deab3.png892×1068 276 KB

d3ec404d5128abc350545e906ee2de4db729d710.png1032×739 44.7 KB

3fb79f77829ed563282f22818e4054650b184a2d.png892×1068 34.4 KB

63473087accac9c3de8a8691bb04a61628122111.png836×384 28.4 KB

Yes, I’ve used “Import from file…” option. Just doesn’t work.
EDIT: Using sudo dnf upgrade does not help anything. Unfortunately.

It is Fedora 31 on your machine?

Yes. I’m using Fedora 31.

The last guess for a while: did your rebooted after refreshing the configs, or tried another user? Maybe it is just some “cache” that persist log-offs (in RAM)…

Yes. I’ve rebooted many times from that time, and as I mentioned, I tried another user. Still doesn’t work.
Thanks for paying attention!

If you want someone to keep helping you, avoid being sarcastic. They are spending their time for you, no personal gain. People are trying to help, the least you can do is be courteous.

P.S. These problems are never simple. I had a similar problem and it took some time and the help of other more knowledgeable people to discover I had to relabel stuff.

I hope you find out what is wrong.

@gbonnema I didn’t want to be sarcastic, I wasn’t and won’t be. I just appreciated his help. I think you got me wrong. Reviewing the whole discussion, I cannot find any impoliteness from myself; tell your meaning clearly (I think you didn’t understand my writings, or maybe I’ve written badly).

It was the sentences “… as I mentioned … Thanks for paying attention” that made me think you were being sarcastic. If that was not the intention: my bad. I apologize.

You may have solved the symptom, but the cause is still there. Making SElinux permissive or disabled is like opening your door to prevent someone from complaining if they forgot their key. You just seriously decreased security.

It looks like you have the same problem I had: the files have the wrong security label, you need to relabel some specific part of your files. Let me check if I can find the bug I posted and someone told me how to relabel and what to relabel.

EDIT: The bug is a redhat bug and the link is 1774678 – SELinux is preventing openvpn from 'open' accesses on the file /home/gbonnema/.cert/nm-openvpn/nl79.nordvpn.com.udp-ca.pem.. The solution said:
"Hi,

Please run:
# restorecon -Rv /home/gbonnema/.cert/

To fix labels of cert files.

Thanks,
Lukas.
"

You will have to run that as root though. and of course use your own specific directory names, not gbonnema.

Fun time. I’ve just remembered one topic on the another forum: “How to defeat the SELinux in Fedora?”

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.