Cannot connect to OpenVPN using Gnome

machitgarha · January 3, 2020, 7:07pm

Hi.

While I can connect to an OpenVPN server using command line (using openvpn command), I cannot connect to it using Gnome (neither via the top panel nor Network options in Settings).
When I try to connect using Gnome, it immediately shows me a notification that the connection cannot be established and disconnects. Also, I should note that the problem is system-wide; I tried another user, but no luck.

Things I tried so far, but didn’t work:

Reinstalling openvpn, NetworkManager-openvpn and NetworkManager-openvpn-gnome packages.
Removing /var/cache directory.
Re-adding the VPNs after removing .config, .cache and .cert directories.

Here is the related output of journalctl -u NetworkManager -r:

Jan 03 20:31:36 machitgarha NetworkManager[1053]: <info>  [1578070896.8569] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN plugin: state changed: stopped (6)
Jan 03 20:31:36 machitgarha NetworkManager[1053]: <info>  [1578070896.8565] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN plugin: state changed: stopping (5)
Jan 03 20:31:36 machitgarha NetworkManager[1053]: <warn>  [1578070896.8564] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN plugin: failed: connect-failed (1)
Jan 03 20:31:36 machitgarha NetworkManager[1053]: <warn>  [1578070896.8563] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN plugin: failed: connect-failed (1)
Jan 03 20:31:36 machitgarha NetworkManager[1053]: <info>  [1578070896.6973] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN connection: (ConnectInteractive) reply received
Jan 03 20:31:36 machitgarha NetworkManager[1053]: <info>  [1578070896.6972] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: VPN plugin: state changed: starting (3)
Jan 03 20:31:34 machitgarha NetworkManager[1053]: <info>  [1578070894.8390] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: Saw the service appear; activating connection
Jan 03 20:31:34 machitgarha NetworkManager[1053]: <info>  [1578070894.2316] vpn-connection[0x55d277726510,00b99905-3880-444b-bd75-ed5e882c1d8f,"Canada UDP",0]: Started the VPN service, PID 53133
Jan 03 20:31:33 machitgarha NetworkManager[1053]: <info>  [1578070893.9544] audit: op="connection-activate" uuid="00b99905-3880-444b-bd75-ed5e882c1d8f" name="Canada UDP" pid=1851 uid=1000 result="success"

Note: The Gnome integrated VPN service was working before making some changes to some packages (or whatever change), however, from somewhere, it started not to work.

Thanks in advance!

vits95 · January 4, 2020, 12:59am

It works (Gnome side). Did your used “Import from file…”?

Please, see:

machitgarha · January 4, 2020, 1:01am

Yes, I’ve used “Import from file…” option. Just doesn’t work.
EDIT: Using sudo dnf upgrade does not help anything. Unfortunately.

vits95 · January 4, 2020, 1:11am

It is Fedora 31 on your machine?

machitgarha · January 4, 2020, 1:12am

Yes. I’m using Fedora 31.

vits95 · January 4, 2020, 1:21am

The last guess for a while: did your rebooted after refreshing the configs, or tried another user? Maybe it is just some “cache” that persist log-offs (in RAM)…

machitgarha · January 4, 2020, 1:24am

Yes. I’ve rebooted many times from that time, and as I mentioned, I tried another user. Still doesn’t work.
Thanks for paying attention!

gbonnema · January 5, 2020, 9:38pm

If you want someone to keep helping you, avoid being sarcastic. They are spending their time for you, no personal gain. People are trying to help, the least you can do is be courteous.

P.S. These problems are never simple. I had a similar problem and it took some time and the help of other more knowledgeable people to discover I had to relabel stuff.

I hope you find out what is wrong.

machitgarha · January 6, 2020, 5:33pm

@gbonnema I didn’t want to be sarcastic, I wasn’t and won’t be. I just appreciated his help. I think you got me wrong. Reviewing the whole discussion, I cannot find any impoliteness from myself; tell your meaning clearly (I think you didn’t understand my writings, or maybe I’ve written badly).

gbonnema · January 6, 2020, 8:14pm

It was the sentences “… as I mentioned … Thanks for paying attention” that made me think you were being sarcastic. If that was not the intention: my bad. I apologize.

gbonnema · January 6, 2020, 8:19pm

You may have solved the symptom, but the cause is still there. Making SElinux permissive or disabled is like opening your door to prevent someone from complaining if they forgot their key. You just seriously decreased security.

It looks like you have the same problem I had: the files have the wrong security label, you need to relabel some specific part of your files. Let me check if I can find the bug I posted and someone told me how to relabel and what to relabel.

EDIT: The bug is a redhat bug and the link is 1774678 – SELinux is preventing openvpn from 'open' accesses on the file /home/gbonnema/.cert/nm-openvpn/nl79.nordvpn.com.udp-ca.pem.. The solution said:
"Hi,

Please run:
# restorecon -Rv /home/gbonnema/.cert/

To fix labels of cert files.

Thanks,
Lukas.
"

You will have to run that as root though. and of course use your own specific directory names, not gbonnema.

vits95 · January 6, 2020, 10:17pm

Fun time. I’ve just remembered one topic on the another forum: “How to defeat the SELinux in Fedora?”

system · February 3, 2020, 10:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.