OpenVPN bug F41

Hello everyone,

I’m new to Fedora (been using other distros and wanted to test it). I’ve seen that there was various posts about similar issues with older versions but none of the solutions proposed worked out for me.

I’ve been trying to connect to my Cyberghost vpn via Network manager with ovpn files but it never worked. I’ve tried to modify the install.sh file the vendor made for the CLI app but it didn’t worked as well.

Everytime i try the NetworkManager and go to the logs after it says “couldn’t load certificate”

18:09:01 openvpn: Cannot load certificate file /home/niz/Cyberghostvpn/fr_gaming-tcp_openvpn/client.crt
18:09:01 openvpn: Cannot load certificate file /home/niz/Cyberghostvpn/fr_gaming-tcp_openvpn/client.crt
18:09:00 openvpn: Cannot load certificate file /home/niz/Cyberghostvpn/fr_gaming-tcp_openvpn/client.crt
18:08:58 openvpn: Cannot load certificate file /home/niz/Cyberghostvpn/fr_gaming-tcp_openvpn/client.crt
18:08:57 openvpn: Cannot load certificate file /home/niz/Cyberghostvpn/fr_gaming-tcp_openvpn/client.crt
18:08:40 openvpn: Cannot load certificate file /home/niz/Cyberghostvpn/fr_gaming-tcp_openvpn/client.crt
18:02:47 openvpn: Cannot load certificate file /home/niz/Cyberghostvpn/fr-traffic_openvpn/client.crt

Also, it seems that there is an OpenSSL error :

18:09:01 openvpn: OpenSSL: error:0A080002:SSL routines::system lib:
18:09:01 openvpn: OpenSSL: error:0A080002:SSL routines::system lib:
18:09:01 openvpn: OpenSSL: error:10080002:BIO routines::system lib:
18:09:01 openvpn: OpenSSL: error:8000000D:system library::Permission denied:calling fopen(/home/niz/Cyberghostvpn/fr_gaming-tcp_openvpn/client.crt, r)
18:09:01 openvpn: library versions: OpenSSL 3.2.2 4 Jun 2024, LZO 2.10
18:09:01 openvpn: OpenVPN 2.6.12 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]

If anyone has an idea about how to solve this it would be very helpfull…

Thx

  • Move the keys and certs to ~/.cert.
  • Update the connection settings.
  • Restore SELinux labels:
restorecon -R ~/.cert

Hello ! Thank you for your response !

I followed the steps as explained in the link you sent me but unfortunately it still doesn’t work…

Here are the logs :

nov. 18 12:13:04 pc-204.home NetworkManager[1832]: <info>  [1731928384.1417] audit: op="connection-update" uuid="9f706485-9e76-4e79-ba88-6a87b99b1e58" name="FR_gaming" pid=95815 uid=1000 result="success"
nov. 18 12:13:07 pc-204.home NetworkManager[1832]: <info>  [1731928387.7932] vpn[0x559d1cf86df0,9f706485-9e76-4e79-ba88-6a87b99b1e58,"FR_gaming"]: starting openvpn
nov. 18 12:13:07 pc-204.home NetworkManager[1832]: <info>  [1731928387.7934] audit: op="connection-activate" uuid="9f706485-9e76-4e79-ba88-6a87b99b1e58" name="FR_gaming" pid=95815 uid=1000 result="success"
nov. 18 12:13:07 pc-204.home nm-openvpn[100828]: Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers>
nov. 18 12:13:07 pc-204.home nm-openvpn[100828]: WARNING: file '/home/niz/.cert/fr_gaming_tcp_openvpn/client.key' is group or others accessible
nov. 18 12:13:07 pc-204.home nm-openvpn[100828]: OpenVPN 2.6.12 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
nov. 18 12:13:07 pc-204.home nm-openvpn[100828]: library versions: OpenSSL 3.2.2 4 Jun 2024, LZO 2.10
nov. 18 12:13:07 pc-204.home nm-openvpn[100828]: DCO version: N/A
nov. 18 12:13:08 pc-204.home nm-openvpn[100828]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
nov. 18 12:13:08 pc-204.home nm-openvpn[100828]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
nov. 18 12:13:08 pc-204.home nm-openvpn[100828]: TCP/UDP: Preserving recently used remote address: [AF_INET]149.88.28.195:1194
nov. 18 12:13:08 pc-204.home nm-openvpn[100828]: UDPv4 link local: (not bound)
nov. 18 12:13:08 pc-204.home nm-openvpn[100828]: UDPv4 link remote: [AF_INET]149.88.28.195:1194
nov. 18 12:13:08 pc-204.home nm-openvpn[100828]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
nov. 18 12:13:08 pc-204.home nm-openvpn[100828]: read UDPv4 [ECONNREFUSED]: Connection refused (fd=6,code=111)
nov. 18 12:13:10 pc-204.home nm-openvpn[100828]: read UDPv4 [ECONNREFUSED]: Connection refused (fd=6,code=111)
nov. 18 12:13:14 pc-204.home nm-openvpn[100828]: read UDPv4 [ECONNREFUSED]: Connection refused (fd=6,code=111)
nov. 18 12:13:23 pc-204.home nm-openvpn[100828]: read UDPv4 [ECONNREFUSED]: Connection refused (fd=6,code=111)
nov. 18 12:13:39 pc-204.home nm-openvpn[100828]: read UDPv4 [ECONNREFUSED]: Connection refused (fd=6,code=111)

After seeing nov. 18 12:13:39 pc-204.home nm-openvpn[100828]: read UDPv4 [ECONNREFUSED]: Connection refused (fd=6,code=111) i thought that i had made an error typing the username or password so i did it again carefully but i had the same error afterwards…

niz

This error means the service is down or your access to the Internet is restricted.

It worked ! Thank you !

1 Like