Can't use strongswan VPN

I have installed the strongswan package to use a VPN with it via NetworkManager.
I configured it, but I can’t make it working with this errors:

dic 09 09:46:20 roach NetworkManager[1590]: <info>  [1733733980.8069] vpn[0x55f12e445e20,e55bd279-6e64-4fa6-bd3e-328baf7f5385,"MyVPN"]: starting strongswan
dic 09 09:46:20 roach NetworkManager[1590]: <info>  [1733733980.8074] audit: op="connection-activate" uuid="e55bd279-6e64-4fa6-bd3e-328baf7f5385" name="MyVPN" pid=1974 uid=1000 result="success"
dic 09 09:46:20 roach charon-nm[13894]: 05[LIB]   opening '/home/cirelli/.cert/for-vpn/client_key.pem' failed: Permission denied
dic 09 09:46:20 roach charon-nm[13894]: 05[LIB] building CRED_PRIVATE_KEY - ANY failed, tried 7 builders
dic 09 09:46:20 roach charon-nm[13894]: 05[LIB]   opening '/home/cirelli/.cert/for-vpn/client_key.pem' failed: Permission denied
dic 09 09:46:20 roach charon-nm[13894]: 05[LIB] building CRED_PRIVATE_KEY - ANY failed, tried 7 builders
dic 09 09:46:20 roach charon-nm[13894]: 05[CFG] received initiate for NetworkManager connection MyVPN
dic 09 09:46:20 roach charon-nm[13894]: 05[LIB]   opening '/home/cirelli/.cert/for-vpn/ca.pem' failed: Permission denied
dic 09 09:46:20 roach charon-nm[13894]: 05[LIB] building CRED_CERTIFICATE - X509 failed, tried 6 builders
dic 09 09:46:20 roach NetworkManager[1590]: <warn>  [1733733980.8880] vpn[0x55f12e445e20,e55bd279-6e64-4fa6-bd3e-328baf7f5385,"MyVPN"]: failed to connect: 'Loading gateway certificate failed.'

I changed the permission to be as large as needed ( I even tried 777 for all):

drwxr-xr-x. 1 cirelli   34  9 dic 09.09  .cert/                                                                                                                                                                                                               

drwxr-xr-x. 1 cirelli 176  3 dic 16.50 for-vpn/

-rw-r--r--. 1 cirelli 4,0K  3 dic 16.38 ca.pem
-rw-r--r--. 1 cirelli 5,9K  3 dic 16.38 client.crt
-rw-r--r--. 1 cirelli 1,9K  3 dic 16.38 client_key.pem
-rw-r--r--. 1 cirelli 4,7K  3 dic 16.38 client.p12

I installed setroubleshoot-server and setools and tried to disable (setenforce 0) SELinux but it seems unrelated.
I can’t find SEAlert tool anymore but I don’t think it would be useful here.

What could be wrong with my permissions?

My system details (edited to be shorter)
=== fpaste 0.5.0.0 System Information ===
* OS Release (cat /etc/*-release | uniq):
     Fedora release 41 (Forty One)
     NAME="Fedora Linux"
     VERSION="41 (Workstation Edition)"
     RELEASE_TYPE=stable
     ID=fedora
     VERSION_ID=41
     VERSION_CODENAME=""
     PLATFORM_ID="platform:f41"
     PRETTY_NAME="Fedora Linux 41 (Workstation Edition)"
     ANSI_COLOR="0;38;2;60;110;180"
     LOGO=fedora-logo-icon
     CPE_NAME="cpe:/o:fedoraproject:fedora:41"
     DEFAULT_HOSTNAME="fedora"
     HOME_URL="https://fedoraproject.org/"
     DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f41/system-administrators-guide/"
     SUPPORT_URL="https://ask.fedoraproject.org/"
     BUG_REPORT_URL="https://bugzilla.redhat.com/"
     REDHAT_BUGZILLA_PRODUCT="Fedora"
     REDHAT_BUGZILLA_PRODUCT_VERSION=41
     REDHAT_SUPPORT_PRODUCT="Fedora"
     REDHAT_SUPPORT_PRODUCT_VERSION=41
     SUPPORT_END=2025-12-15
     VARIANT="Workstation Edition"
     VARIANT_ID=workstation
     Fedora release 41 (Forty One)
     
* CPU Model (grep 'model name' /proc/cpuinfo | awk -F: '{print $2}' | uniq -c |
     sed -re 's/^ +//' ):
     16  AMD Ryzen 7 PRO 5850U with Radeon Graphics
     
* 64-bit Support (grep -q ' lm ' /proc/cpuinfo && echo Yes || echo No):
     Yes
     
* Hardware Virtualization Support (grep -Eq '(vmx|svm)' /proc/cpuinfo && echo Yes || echo No):
     Yes
     
* Kernel (uname -r):
     6.11.10-300.fc41.x86_64
     
* Kernel cmdline (cat /proc/cmdline):
     BOOT_IMAGE=(hd0,gpt2)/vmlinuz-6.11.10-300.fc41.x86_64 root=UUID=09453eff-e2a6-4ce5-bb44-dd24729d636d ro rootflags=subvol=root rd.luks.uuid=luks-64ad3ddd-0df2-4880-9c7a-5a7035d7285e rhgb quiet
     
* Desktop(s) Running (ps -eo comm= | grep -E '(gnome-session|startkde|startactive|xfce.?-session|fluxbox|blackbox|hackedbox|ratpoison|enlightenment|icewm-session|od-session|wmaker|wmx|openbox-lxde|openbox-gnome-session|openbox-kde-session|mwm|e16|fvwm|xmonad|sugar-session|mate-session|lxqt-session|cinnamon|lxdm-session|awesome|phosh|sway|Hyperland)' ):
     gnome-session-b
     gnome-session-c
     gnome-session-b
     
* Desktop(s) Installed (ls -m /usr/share/{xsessions,wayland-sessions}/ | sed 's/\.desktop//g' ):
     /usr/share/wayland-sessions/:
     gnome-classic, gnome-classic-wayland, gnome,
     gnome-wayland
     
     /usr/share/xsessions/:
     
* Session Type (env | grep 'XDG_SESSION_TYPE' | sed 's/.*=//' ):
     wayland
     
* SELinux Status (sestatus):
     SELinux status:                 enabled
     SELinuxfs mount:                /sys/fs/selinux
     SELinux root directory:         /etc/selinux
     Loaded policy name:             targeted
     Current mode:                   enforcing
     Mode from config file:          enforcing
     Policy MLS status:              enabled
     Policy deny_unknown status:     allowed
     Memory protection checking:     actual (secure)
     Max kernel policy version:      33
     
* SELinux Errors (selinuxenabled && journalctl --no-hostname --since yesterday |grep avc: | grep -Eo comm="[^ ]+" | sort |uniq -c |sort -rn):
           1 comm="systemd-hostnam"
     
* Memory usage (free -hm):
                    total        used        free      shared  buff/cache   available
     Mem:            27Gi       4,3Gi        19Gi        60Mi       3,5Gi        22Gi
     Swap:          8,0Gi          0B       8,0Gi
     
* ZRAM usage (zramctl --output-all):
     NAME       DISKSIZE DATA COMPR ALGORITHM STREAMS ZERO-PAGES TOTAL MEM-LIMIT MEM-USED MIGRATED MOUNTPOINT
     /dev/zram0       8G   4K   80B lzo-rle        16          0   12K        0B      12K       0B [SWAP]
     
* Load average (uptime):
      09:51:07 up 10 min,  4 users,  load average: 0,45, 0,55, 0,34
     
* Pressure Stall Information (grep -R . /proc/pressure/):
     /proc/pressure/io:some avg10=0.00 avg60=0.01 avg300=0.00 total=745835
     /proc/pressure/io:full avg10=0.00 avg60=0.00 avg300=0.00 total=655893
     /proc/pressure/cpu:some avg10=0.00 avg60=0.00 avg300=0.08 total=4291109
     /proc/pressure/cpu:full avg10=0.00 avg60=0.00 avg300=0.00 total=0
     /proc/pressure/irq:full avg10=0.00 avg60=0.00 avg300=0.00 total=1880843
     /proc/pressure/memory:some avg10=0.00 avg60=0.00 avg300=0.00 total=14
     /proc/pressure/memory:full avg10=0.00 avg60=0.00 avg300=0.00 total=14
     
* Top 5 CPU hogs (ps axuScnh | awk '$2!=26474' | sort -rnk3 | head -5):
         1000   26478 17.6  0.1 621672 30528 ?        SNl  09:51   0:00 tracker-extract
         1000    8398 11.7  1.9 12061792 551092 ?     Sl   09:43   0:55 firefox
         1000    1974  7.4  1.2 5674700 356348 ?      RLsl 09:41   0:43 gnome-shell
         1000    8718  5.6  1.0 2956516 293056 ?      Sl   09:43   0:26 Isolated Web Co
         1000    2221  5.2  1.4 1703404 402268 ?      Sl   09:41   0:31 gnome-software
     
* Top 5 Memory hogs (ps axuScnh | sort -rnk4 | head -5):
         1000    8398 11.7  1.9 12061792 551092 ?     Sl   09:43   0:55 firefox
         1000    2221  5.2  1.4 1703404 402268 ?      Sl   09:41   0:31 gnome-software
         1000    3878  2.0  1.3 1212427752 387156 ?   Sl   09:41   0:12 slack
         1000    1974  7.4  1.2 5674700 356348 ?      SLsl 09:41   0:43 gnome-shell
         1000    8612  3.3  1.1 28491272 324004 ?     Sl   09:43   0:16 WebExtensions
     
* block devices (lsblk -o NAME,FSTYPE,SIZE,FSUSE%,MOUNTPOINT,UUID,MIN-IO,SCHED,DISC-GRAN,MODEL):
     NAME                                          FSTYPE        SIZE FSUSE% MOUNTPOINT UUID                                 MIN-IO SCHED DISC-GRAN MODEL
     zram0                                                         8G        [SWAP]                                            4096              4K 
     nvme0n1                                                   476,9G                                                           512 none       512B UMIS RPETJ512MGE2QDQ
     ├─nvme0n1p1                                   vfat          600M     3% /boot/efi  3E0F-30C5                               512 none       512B 
     ├─nvme0n1p2                                   ext4            1G    35% /boot      a474ecec-b518-457d-a14e-73dc6df2b86e    512 none       512B 
     └─nvme0n1p3                                   crypto_LUKS 475,4G                   64ad3ddd-0df2-4880-9c7a-5a7035d7285e    512 none       512B 
       └─luks-64ad3ddd-0df2-4880-9c7a-5a7035d7285e btrfs       475,3G    11% /home      09453eff-e2a6-4ce5-bb44-dd24729d636d    512            512B 
     
* PCI devices (lspci -nn):
     00:00.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne Root Complex [1022:1630]
     00:00.2 IOMMU [0806]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne IOMMU [1022:1631]
     00:01.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
     00:02.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
     00:02.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
     00:02.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
     00:02.3 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
     00:02.4 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
     00:02.6 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
     00:02.7 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
     00:08.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
     00:08.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus [1022:1635]
     00:14.0 SMBus [0c05]: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller [1022:790b] (rev 51)
     00:14.3 ISA bridge [0601]: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge [1022:790e] (rev 51)
     00:18.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 0 [1022:166a]
     00:18.1 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 1 [1022:166b]
     00:18.2 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 2 [1022:166c]
     00:18.3 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 3 [1022:166d]
     00:18.4 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 4 [1022:166e]
     00:18.5 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 5 [1022:166f]
     00:18.6 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 6 [1022:1670]
     00:18.7 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 7 [1022:1671]
     01:00.0 Non-Volatile memory controller [0108]: Shenzhen Unionmemory Information System Ltd. AM630 PCIe 4.0 x4 NVMe SSD Controller [1cc4:6303] (rev 03)
     02:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet Controller [10ec:8168] (rev 0e)
     03:00.0 Network controller [0280]: MEDIATEK Corp. MT7921 802.11ax PCI Express Wireless Network Adapter [14c3:7961]
     04:00.0 SD Host controller [0805]: Genesys Logic, Inc GL9750 SD Host Controller [17a0:9750] (rev 01)
     05:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet Controller [10ec:8168] (rev 15)
     06:00.0 USB controller [0c03]: Renesas Electronics Corp. uPD720202 USB 3.0 Host Controller [1912:0015] (rev 02)
     07:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Cezanne [Radeon Vega Series / Radeon Vega Mobile Series] [1002:1638] (rev d1)
     07:00.1 Audio device [0403]: Advanced Micro Devices, Inc. [AMD/ATI] Renoir Radeon High Definition Audio Controller [1002:1637]
     07:00.2 Encryption controller [1080]: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor [1022:15df]
     07:00.3 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 [1022:1639]
     07:00.4 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 [1022:1639]
     07:00.5 Multimedia controller [0480]: Advanced Micro Devices, Inc. [AMD] ACP/ACP3X/ACP6x Audio Coprocessor [1022:15e2] (rev 01)
     07:00.6 Audio device [0403]: Advanced Micro Devices, Inc. [AMD] Family 17h/19h/1ah HD Audio Controller [1022:15e3]
     
* USB devices (lsusb):
     Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
     Bus 001 Device 002: ID 5986:2130 Bison Electronics Inc. Integrated Camera
     Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
     Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
     Bus 003 Device 002: ID 058f:9540 Alcor Micro Corp. AU9540 Smartcard Reader
     Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
     Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
     Bus 005 Device 002: ID 2109:2817 VIA Labs, Inc. USB2.0 Hub
     Bus 005 Device 003: ID 06cb:00bd Synaptics, Inc. Prometheus MIS Touch Fingerprint Reader
     Bus 005 Device 004: ID 0489:e0cd Foxconn / Hon Hai MediaTek Bluetooth Adapter
     Bus 005 Device 005: ID 1532:005c Razer USA, Ltd DeathAdder Elite
     Bus 005 Device 006: ID 1bcf:0215 Sunplus Innovation Technology Inc. Aukey-PC-LM1E Camera
     Bus 005 Device 007: ID 05ac:024f Apple, Inc. Aluminium Keyboard (ANSI)
     Bus 005 Device 008: ID 04e8:342e Samsung Electronics Co., Ltd SCX-4300 Series
     Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
     Bus 006 Device 002: ID 2109:0817 VIA Labs, Inc. USB3.0 Hub
     
* PCI Video Card (lspci |  grep -i -E 'vga' | cut -b1-7 | xargs -i lspci -vnnks {} | grep -v "<access denied>"):
     07:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Cezanne [Radeon Vega Series / Radeon Vega Mobile Series] [1002:1638] (rev d1) (prog-if 00 [VGA controller])
     	Subsystem: Lenovo Device [17aa:509b]
     	Flags: bus master, fast devsel, latency 0, IRQ 53, IOMMU group 18
     	Memory at 860000000 (64-bit, prefetchable) [size=256M]
     	Memory at 870000000 (64-bit, prefetchable) [size=2M]
     	I/O ports at 1000 [size=256]
     	Memory at fd300000 (32-bit, non-prefetchable) [size=512K]
     	Kernel driver in use: amdgpu
     	Kernel modules: amdgpu
     
     
* GL Support (glxinfo -B | grep -E "OpenGL version|OpenGL renderer"):
     OpenGL renderer string: AMD Radeon Graphics (radeonsi, renoir, LLVM 19.1.0, DRM 3.59, 6.11.10-300.fc41.x86_64)
     OpenGL version string: 4.6 (Compatibility Profile) Mesa 24.2.8
     
* DRM Information (journalctl -k -b --no-hostname | grep -o 'kernel:.*drm.*$' | cut -d ' ' -f 2- ):
     ACPI: bus type drm_connector registered
     [drm] Initialized simpledrm 1.0.0 for simple-framebuffer.0 on minor 0
     simple-framebuffer simple-framebuffer.0: [drm] fb0: simpledrmdrmfb frame buffer device
     [drm] amdgpu kernel modesetting enabled.
     [drm] initializing kernel modesetting (RENOIR 0x1002:0x1638 0x17AA:0x509B 0xD1).
     [drm] register mmio base: 0xFD300000
     [drm] register mmio size: 524288
     [drm] add ip block number 0 <soc15_common>
     [drm] add ip block number 1 <gmc_v9_0>
     [drm] add ip block number 2 <vega10_ih>
     [drm] add ip block number 3 <psp>
     [drm] add ip block number 4 <smu>
     [drm] add ip block number 5 <dm>
     [drm] add ip block number 6 <gfx_v9_0>
     [drm] add ip block number 7 <sdma_v4_0>
     [drm] add ip block number 8 <vcn_v2_0>
     [drm] add ip block number 9 <jpeg_v2_0>
     [drm] vm size is 262144 GB, 4 levels, block size is 9-bit, fragment size is 9-bit
     [drm] Detected VRAM RAM=4096M, BAR=4096M
     [drm] RAM width 128bits DDR4
     [drm] amdgpu: 4096M of VRAM memory ready
     [drm] amdgpu: 13937M of GTT memory ready.
     [drm] GART: num cpu pages 262144, num gpu pages 262144
     [drm] PCIE GART of 1024M enabled.
     [drm] PTB located at 0x000000F4FFC00000
     [drm] Loading DMUB firmware via PSP: version=0x0101002B
     [drm] Found VCN firmware Version ENC: 1.23 DEC: 8 VEP: 0 Revision: 1
     [drm] Display Core v3.2.291 initialized on DCN 2.1
     [drm] DP-HDMI FRL PCON supported
     [drm] DMUB hardware initialized: version=0x0101002B
     [drm] kiq ring mec 2 pipe 1 q 0
     [drm] Initialized amdgpu 3.59.0 for 0000:07:00.0 on minor 1
     fbcon: amdgpudrmfb (fb0) is primary device
     amdgpu 0000:07:00.0: [drm] fb0: amdgpudrmfb frame buffer device
     [drm] pre_validate_dsc:1578 MST_DSC dsc precompute is not needed
     amdgpu 0000:07:00.0: [drm] *ERROR* dc_dmub_srv_log_diagnostic_data: DMCUB error - collecting diagnostic data
     
* Xorg modules (grep LoadModule /var/log/Xorg.0.log ~/.local/share/xorg/Xorg.0.log | cut -d \" -f 2 | xargs):
     
     
* Xorg errors (without results: "grep '^\[.*(EE)' /var/log/Xorg.0.log ~/.local/share/xorg/Xorg.0.log | cut -d ':' -f 2- "):
     N/A

* PCI Audio devices (lspci |  grep -i -E 'audio' | cut -b1-7 | xargs -i lspci -vnnks {} | grep -v "<access denied>"):
     07:00.1 Audio device [0403]: Advanced Micro Devices, Inc. [AMD/ATI] Renoir Radeon High Definition Audio Controller [1002:1637]
     	Subsystem: Lenovo Device [17aa:5094]
     	Flags: bus master, fast devsel, latency 0, IRQ 91, IOMMU group 19
     	Memory at fd3c8000 (32-bit, non-prefetchable) [size=16K]
     	Kernel driver in use: snd_hda_intel
     	Kernel modules: snd_hda_intel
     
     07:00.5 Multimedia controller [0480]: Advanced Micro Devices, Inc. [AMD] ACP/ACP3X/ACP6x Audio Coprocessor [1022:15e2] (rev 01)
     	Subsystem: Lenovo Device [17aa:5094]
     	Flags: bus master, fast devsel, latency 0, IRQ 88, IOMMU group 23
     	Memory at fd380000 (32-bit, non-prefetchable) [size=256K]
     	Kernel driver in use: snd_rn_pci_acp3x
     	Kernel modules: snd_pci_acp3x, snd_rn_pci_acp3x, snd_pci_acp5x, snd_pci_acp6x, snd_acp_pci, snd_rpl_pci_acp6x, snd_pci_ps, snd_sof_amd_renoir, snd_sof_amd_rembrandt, snd_sof_amd_vangogh, snd_sof_amd_acp63
     
     07:00.6 Audio device [0403]: Advanced Micro Devices, Inc. [AMD] Family 17h/19h/1ah HD Audio Controller [1022:15e3]
     	Subsystem: Lenovo Device [17aa:5094]
     	Flags: bus master, fast devsel, latency 0, IRQ 92, IOMMU group 24
     	Memory at fd3c0000 (32-bit, non-prefetchable) [size=32K]
     	Kernel driver in use: snd_hda_intel
     	Kernel modules: snd_hda_intel
     
     
* Audio devices (cat /proc/asound/cards):
      0 [Camera         ]: USB-Audio - Aukey-PC-LM1E Camera
                           Aukey-PC-LM1E Camera Aukey-PC-LM1E Camera at usb-0000:07:00.4-2.2, high speed
      1 [Generic        ]: HDA-Intel - HD-Audio Generic
                           HD-Audio Generic at 0xfd3c8000 irq 91
      2 [Generic_1      ]: HDA-Intel - HD-Audio Generic
                           HD-Audio Generic at 0xfd3c0000 irq 92
      3 [acp            ]: acp - acp
                           LENOVO-21A00049IX-ThinkPadP14sGen2a
     
* User audio services (systemctl --user --no-pager status wireplumber pipewire* | sed "s/$(hostname)/ahost/"):
     ● wireplumber.service - Multimedia Service Session Manager
          Loaded: loaded (/usr/lib/systemd/user/wireplumber.service; enabled; preset: enabled)
         Drop-In: /usr/lib/systemd/user/service.d
                  └─10-timeout-abort.conf
          Active: active (running) since Mon 2024-12-09 09:41:15 CET; 9min ago
      Invocation: 656a76d19caf4894ad9d93ef11d7c195
        Main PID: 1934 (wireplumber)
           Tasks: 9 (limit: 33259)
          Memory: 17.3M (peak: 17.8M)
             CPU: 278ms
          CGroup: /user.slice/user-1000.slice/user@1000.service/session.slice/wireplumber.service
                  └─1934 /usr/bin/wireplumber
     
     dic 09 09:41:15 ahost systemd[1799]: Started wireplumber.service - Multimedia Service Session Manager.
     dic 09 09:41:16 ahost wireplumber[1934]: wp-device: SPA handle 'api.alsa.acp.device' could not be loaded; is it installed?
     dic 09 09:41:16 ahost wireplumber[1934]: s-monitors: Failed to create 'api.alsa.acp.device' device
     dic 09 09:41:16 ahost wireplumber[1934]: [0:00:20.029461774] [1934]  INFO Camera camera_manager.cpp:325 libcamera v0.3.2
     
     ● pipewire.service - PipeWire Multimedia Service
          Loaded: loaded (/usr/lib/systemd/user/pipewire.service; disabled; preset: disabled)
         Drop-In: /usr/lib/systemd/user/pipewire.service.d
                  └─00-uresourced.conf
                  /usr/lib/systemd/user/service.d
                  └─10-timeout-abort.conf
          Active: active (running) since Mon 2024-12-09 09:41:15 CET; 9min ago
      Invocation: 1ff13de9fb2c43be81c2d47e3f07e076
     TriggeredBy: ● pipewire.socket
        Main PID: 1933 (pipewire)
           Tasks: 3 (limit: 33259)
          Memory: 8.9M (peak: 10.2M)
             CPU: 121ms
          CGroup: /user.slice/user-1000.slice/user@1000.service/session.slice/pipewire.service
                  └─1933 /usr/bin/pipewire
     
     dic 09 09:41:15 ahost systemd[1799]: Started pipewire.service - PipeWire Multimedia Service.
     dic 09 09:41:16 ahost pipewire[1933]: spa.v4l2: error: Input/output error
     
     ● pipewire-pulse.service - PipeWire PulseAudio
          Loaded: loaded (/usr/lib/systemd/user/pipewire-pulse.service; disabled; preset: disabled)
         Drop-In: /usr/lib/systemd/user/service.d
                  └─10-timeout-abort.conf
          Active: active (running) since Mon 2024-12-09 09:41:17 CET; 9min ago
      Invocation: b87ae57c7a04445e9b46c6a8f48555c7
     TriggeredBy: ● pipewire-pulse.socket
        Main PID: 2604 (pipewire-pulse)
           Tasks: 3 (limit: 33259)
          Memory: 6.9M (peak: 9.1M)
             CPU: 96ms
          CGroup: /user.slice/user-1000.slice/user@1000.service/session.slice/pipewire-pulse.service
                  └─2604 /usr/bin/pipewire-pulse
     
     dic 09 09:41:17 ahost systemd[1799]: Started pipewire-pulse.service - PipeWire PulseAudio.
     
     ● pipewire.socket - PipeWire Multimedia System Sockets
          Loaded: loaded (/usr/lib/systemd/user/pipewire.socket; enabled; preset: enabled)
          Active: active (running) since Mon 2024-12-09 09:41:15 CET; 9min ago
      Invocation: 7cde259afeaa46279967a587507b0f6f
        Triggers: ● pipewire.service
          Listen: /run/user/1000/pipewire-0 (Stream)
                  /run/user/1000/pipewire-0-manager (Stream)
          CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/pipewire.socket
     
     dic 09 09:41:15 ahost systemd[1799]: Listening on pipewire.socket - PipeWire Multimedia System Sockets.
     
     ● pipewire-pulse.socket - PipeWire PulseAudio
          Loaded: loaded (/usr/lib/systemd/user/pipewire-pulse.socket; enabled; preset: enabled)
          Active: active (running) since Mon 2024-12-09 09:41:15 CET; 9min ago
      Invocation: 138b5d99cfce453b8c8cf29ac9de2522
        Triggers: ● pipewire-pulse.service
          Listen: /run/user/1000/pulse/native (Stream)
          CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/pipewire-pulse.socket
     
     dic 09 09:41:15 ahost systemd[1799]: Listening on pipewire-pulse.socket - PipeWire PulseAudio.
     
* PCI Network devices (lspci |  grep -i -E 'net' | cut -b1-7 | xargs -i lspci -vnnks {} | grep -v "<access denied>"):
     02:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet Controller [10ec:8168] (rev 0e)
     	Subsystem: Lenovo Device [17aa:5094]
     	Flags: bus master, fast devsel, latency 0, IRQ 85, IOMMU group 13
     	I/O ports at 3000 [size=256]
     	Memory at fd704000 (64-bit, non-prefetchable) [size=4K]
     	Memory at fd700000 (64-bit, non-prefetchable) [size=16K]
     	Kernel driver in use: r8169
     	Kernel modules: r8169
     
     03:00.0 Network controller [0280]: MEDIATEK Corp. MT7921 802.11ax PCI Express Wireless Network Adapter [14c3:7961]
     	Subsystem: Lenovo Device [17aa:e0bc]
     	Physical Slot: 0
     	Flags: bus master, fast devsel, latency 0, IRQ 94, IOMMU group 14
     	Memory at 870200000 (64-bit, prefetchable) [size=1M]
     	Memory at 870300000 (64-bit, prefetchable) [size=16K]
     	Memory at 870304000 (64-bit, prefetchable) [size=4K]
     	Kernel driver in use: mt7921e
     	Kernel modules: mt7921e
     
     05:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet Controller [10ec:8168] (rev 15)
     	Subsystem: Lenovo Device [17aa:5094]
     	Flags: bus master, fast devsel, latency 0, IRQ 89, IOMMU group 16
     	I/O ports at 2000 [size=256]
     	Memory at fd504000 (64-bit, non-prefetchable) [size=4K]
     	Memory at fd500000 (64-bit, non-prefetchable) [size=16K]
     	Kernel driver in use: r8169
     	Kernel modules: r8169
     
     
* Network status (ip -br addr | awk '{print $1" " $2}' | column -t):
     lo               UNKNOWN
     enp2s0f0         DOWN
     enp5s0           DOWN
     wlp3s0           UP
     docker0          DOWN
     br-928d19cda7b6  DOWN
     
* Kernel buffer tail (journalctl --no-hostname -k --lines 50):
     dic 09 09:41:14 kernel: mt7921e 0000:03:00.0: WM Firmware Version: ____010000, Build Time: 20240826151030
     dic 09 09:41:14 kernel: usb 5-2.2: 3:3: cannot get freq at ep 0x86
     dic 09 09:41:14 kernel: Bluetooth: BNEP (Ethernet Emulation) ver 1.3
     dic 09 09:41:14 kernel: Bluetooth: BNEP filters: protocol multicast
     dic 09 09:41:14 kernel: Bluetooth: BNEP socket layer initialized
     dic 09 09:41:14 kernel: NET: Registered PF_QIPCRTR protocol family
     dic 09 09:41:14 kernel: usb 5-2.2: Warning! Unlikely big volume range (=4096), cval->res is probably wrong.
     dic 09 09:41:14 kernel: usb 5-2.2: [7] FU [Mic Capture Volume] ch = 1, val = 0/4096/1
     dic 09 09:41:14 kernel: usbcore: registered new interface driver snd-usb-audio
     dic 09 09:41:14 kernel: mt7921e 0000:03:00.0 wlp3s0: renamed from wlan0
     dic 09 09:41:14 kernel: Generic FE-GE Realtek PHY r8169-0-200:00: attached PHY driver (mii_bus:phy_addr=r8169-0-200:00, irq=MAC)
     dic 09 09:41:14 kernel: RPC: Registered named UNIX socket transport module.
     dic 09 09:41:14 kernel: RPC: Registered udp transport module.
     dic 09 09:41:14 kernel: RPC: Registered tcp transport module.
     dic 09 09:41:14 kernel: RPC: Registered tcp-with-tls transport module.
     dic 09 09:41:14 kernel: RPC: Registered tcp NFSv4.1 backchannel transport module.
     dic 09 09:41:14 kernel: r8169 0000:02:00.0 enp2s0f0: Link is Down
     dic 09 09:41:14 kernel: Generic FE-GE Realtek PHY r8169-0-500:00: attached PHY driver (mii_bus:phy_addr=r8169-0-500:00, irq=MAC)
     dic 09 09:41:14 kernel: r8169 0000:05:00.0 enp5s0: Link is Down
     dic 09 09:41:16 kernel: Bluetooth: hci0: Device setup in 2832021 usecs
     dic 09 09:41:16 kernel: Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported.
     dic 09 09:41:16 kernel: Bluetooth: hci0: AOSP extensions version v1.00
     dic 09 09:41:16 kernel: Bluetooth: hci0: AOSP quality report is supported
     dic 09 09:41:16 kernel: Bluetooth: MGMT ver 1.23
     dic 09 09:41:16 kernel: Bluetooth: RFCOMM TTY layer initialized
     dic 09 09:41:16 kernel: Bluetooth: RFCOMM socket layer initialized
     dic 09 09:41:16 kernel: Bluetooth: RFCOMM ver 1.11
     dic 09 09:41:17 kernel: rfkill: input handler disabled
     dic 09 09:41:17 kernel: wlp3s0: authenticate with 80:16:05:b3:d2:b3 (local address=86:7c:17:c4:18:58)
     dic 09 09:41:17 kernel: wlp3s0: send auth to 80:16:05:b3:d2:b3 (try 1/3)
     dic 09 09:41:17 kernel: wlp3s0: authenticated
     dic 09 09:41:17 kernel: wlp3s0: associate with 80:16:05:b3:d2:b3 (try 1/3)
     dic 09 09:41:17 kernel: wlp3s0: RX AssocResp from 80:16:05:b3:d2:b3 (capab=0x1411 status=0 aid=2)
     dic 09 09:41:17 kernel: wlp3s0: associated
     dic 09 09:41:17 kernel: wlp3s0: Limiting TX power to 20 (20 - 0) dBm as advertised by 80:16:05:b3:d2:b3
     dic 09 09:41:18 kernel: warning: `pool-gnome-shel' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
     dic 09 09:41:18 kernel: amdgpu 0000:07:00.0: [drm] *ERROR* dc_dmub_srv_log_diagnostic_data: DMCUB error - collecting diagnostic data
     dic 09 09:41:20 kernel: usblp0: removed
     dic 09 09:41:20 kernel: usblp 5-2.4:1.1: usblp0: USB Bidirectional printer dev 8 if 1 alt 0 proto 2 vid 0x04E8 pid 0x342E
     dic 09 09:41:21 kernel: evm: overlay not supported
     dic 09 09:41:21 kernel: bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
     dic 09 09:41:46 kernel: IPsec XFRM device driver
     dic 09 09:46:29 kernel: wlp3s0: disconnect from AP 80:16:05:b3:d2:b3 for new auth to 80:16:05:b3:d2:b4
     dic 09 09:46:29 kernel: wlp3s0: authenticate with 80:16:05:b3:d2:b4 (local address=86:7c:17:c4:18:58)
     dic 09 09:46:29 kernel: wlp3s0: send auth to 80:16:05:b3:d2:b4 (try 1/3)
     dic 09 09:46:29 kernel: wlp3s0: authenticated
     dic 09 09:46:29 kernel: wlp3s0: associate with 80:16:05:b3:d2:b4 (try 1/3)
     dic 09 09:46:29 kernel: wlp3s0: RX ReassocResp from 80:16:05:b3:d2:b4 (capab=0x1011 status=0 aid=2)
     dic 09 09:46:29 kernel: wlp3s0: associated
     dic 09 09:46:29 kernel: wlp3s0: Limiting TX power to 23 (23 - 0) dBm as advertised by 80:16:05:b3:d2:b4
     
     
* DNF Repositories (dnf repolist):
     repo id                                        repo name
     code                                           Visual Studio Code
     copr:copr.fedorainfracloud.org:phracek:PyCharm Copr repo for PyCharm owned by phracek
     docker-ce-stable                               Docker CE Stable - x86_64
     fedora                                         Fedora 41 - x86_64
     fedora-cisco-openh264                          Fedora 41 openh264 (From Cisco) - x86_64
     google-chrome                                  google-chrome
     rpmfusion-nonfree-nvidia-driver                RPM Fusion for Fedora 41 - Nonfree - NVIDIA Driver
     rpmfusion-nonfree-steam                        RPM Fusion for Fedora 41 - Nonfree - Steam
     updates                                        Fedora 41 - x86_64 - Updates
     
* DNF Extras (without results: "dnf -C list extras"):
     N/A
    

Thanks in advance for any help, I’m a bit stuck here :blush:

@vgaetera thanks for the tips.
It still gives error:

$ ls -l -R -Z ~/.cert
/home/cirelli/.cert:
total 0
drwx------. 1 cirelli cirelli unconfined_u:object_r:home_cert_t:s0 100  9 dic 16.10 for-vpn

/home/cirelli/.cert/for-vpn:
total 28
-rw-------. 1 cirelli cirelli unconfined_u:object_r:home_cert_t:s0 4054  3 dic 16.38 ca.all.pem
-rw-------. 1 cirelli cirelli unconfined_u:object_r:home_cert_t:s0 4054  3 dic 16.38 ca.pem
-rw-------. 1 cirelli cirelli unconfined_u:object_r:home_cert_t:s0 6021  3 dic 16.38 client.crt
-rw-------. 1 cirelli cirelli unconfined_u:object_r:home_cert_t:s0 1874  3 dic 16.38 client_key.pem
-rw-------. 1 cirelli cirelli unconfined_u:object_r:home_cert_t:s0 4803  3 dic 16.38 client.p12

dic 09 16:10:14 roach NetworkManager[1590]: <info>  [1733757014.6800] vpn[0x55f12e4f33f0,e55bd279-6e64-4fa6-bd3e-328baf7f5385,"MyVPN"]: starting strongswan
dic 09 16:10:14 roach NetworkManager[1590]: <info>  [1733757014.6805] audit: op="connection-activate" uuid="e55bd279-6e64-4fa6-bd3e-328baf7f5385" name="MyVPN" pid=1974 uid=1000 result="success"
dic 09 16:10:14 roach charon-nm[938386]: 05[LIB]   opening '/home/cirelli/.cert/for-vpn/client_key.pem' failed: Permission denied
dic 09 16:10:14 roach charon-nm[938386]: 05[LIB] building CRED_PRIVATE_KEY - ANY failed, tried 7 builders
dic 09 16:10:14 roach charon-nm[938386]: 05[LIB]   opening '/home/cirelli/.cert/for-vpn/client_key.pem' failed: Permission denied
dic 09 16:10:14 roach charon-nm[938386]: 05[LIB] building CRED_PRIVATE_KEY - ANY failed, tried 7 builders
dic 09 16:10:14 roach charon-nm[938386]: 05[CFG] received initiate for NetworkManager connection MyVPN
dic 09 16:10:14 roach charon-nm[938386]: 05[LIB]   opening '/home/cirelli/.cert/for-vpn/ca.pem' failed: Permission denied
dic 09 16:10:14 roach charon-nm[938386]: 05[LIB] building CRED_CERTIFICATE - X509 failed, tried 6 builders
dic 09 16:10:14 roach NetworkManager[1590]: <warn>  [1733757014.7802] vpn[0x55f12e4f33f0,e55bd279-6e64-4fa6-bd3e-328baf7f5385,"MyVPN"]: failed to connect: 'Loading gateway certificate failed.'
chmod o+x ~ ~/.cert ~/.cert/for-vpn
chmod o+r ~/.cert/for-vpn/*
2 Likes

Ooookay, this was the final step!

Thanks a lot, I missed permission for everyone (o) to read and execute that directories so!

1 Like