FedoraForum.org - Fedora Support Forums and Community
Results 1 to 12 of 12
  1. #1
    Join Date
    Oct 2009
    Posts
    15

    Unhappy Don't connect openvpn

    Hi everyone,

    I installed fedora15, My openvpn didn't connect to my working computer.

    I checked openvpn configure more time, but still don't connect,

    Please dear everyone help me, how to use openvpn after installing fedora15.

    Best regards,

    Robin

  2. #2
    Join Date
    Jul 2005
    Age
    57
    Posts
    1,196

    Re: Don't connect openvpn

    If you are sure that your openvpn configuration is correct and that all of your certificates are in spots that match your configuration and are accessible by you as a user, I'd check the firewall next and make sure the proper port is open. You might also be able to do a scan through /var/log/messages for messages about openvpn or DENY messages from the kernel related to your ports. Regardless, you'll need to provide more information to get any real help. Are you starting it from the command line? Are you using a GUI to configure it? Are you running KDE or Gnome - I know that the KDE network manager will properly configure a VPN connection on F15 and that it works, so it isn't likely to be a system problem unless something is configured wrong someplace. I'll be away for a bit but others here can help out as well.

  3. #3
    Join Date
    Nov 2007
    Location
    Finland
    Age
    35
    Posts
    314

    Re: Don't connect openvpn

    openvpn doesn't work with systemd at the moment.
    I can't connect either as I have to supply a username and password to connect. I have a bug filed for that issue
    https://bugzilla.redhat.com/show_bug.cgi?id=704747
    my blog
    my forum
    my "art"
    my packages
    IRC: Magnu5

  4. #4
    Join Date
    Jun 2011
    Posts
    20

    NetworkManager does not bring up OpenVPN connection

    Hello,

    Though the former problem described consist and posted earlier might be different than the one beneath, I did not want to start a new thread.

    I have been facing massive obstacle with XFCE NetworkManager & openVPN plugin.
    I cannot figure out actually the "call stack" among several external program calls, however I v found the particular error gets printed out nm-udev-manager.c :: /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...

    This occurs when
    Code:
     if (!driver)
    is not fulfilling a non-zero value thus it lets me come to the conclusion that
    Code:
    g_udev_device_get_driver (udev_device);
    furnish no adequate value, which has been earlier created by
    Code:
    device_creator()
    according to the following call, ASSERT, whatever :
    Code:
    g_return_val_if_fail (G_UDEV_IS_DEVICE (device), NULL);
    Code:
    const gchar *
    g_udev_device_get_driver (GUdevDevice *device)
    {
      g_return_val_if_fail (G_UDEV_IS_DEVICE (device), NULL);
      return udev_device_get_driver (device->priv->udevice);
    }


    I am either still not fully understanding the NetworkManager and its helpers way of working or HAL daemon cannot really furnish what is needed by NetworkManager[645] (see log beneath) . Since NetworkManager is supposed to "get the device interface from hal to create the device."


    Kind regards,
    Sigmarsson





    Code:
    Jun 10 20:40:47 xfce NetworkManager[645]: <info> Starting VPN service 'openvpn'...
    Jun 10 20:40:47 xfce NetworkManager[645]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 2676
    Jun 10 20:40:47 xfce NetworkManager[645]: <info> VPN service 'openvpn' appeared; activating connections
    Jun 10 20:40:47 xfce NetworkManager[645]: <info> VPN plugin state changed: 3
    Jun 10 20:40:47 xfce NetworkManager[645]: <info> VPN connection 'Tomato' (Connect) reply received.
    Jun 10 20:40:47 xfce nm-openvpn[2681]: OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 17 2011
    Jun 10 20:40:47 xfce nm-openvpn[2681]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Jun 10 20:40:47 xfce nm-openvpn[2681]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 10 20:40:47 xfce nm-openvpn[2681]: LZO compression initialized
    Jun 10 20:40:47 xfce nm-openvpn[2681]: UDPv4 link local: [undef]
    Jun 10 20:40:47 xfce nm-openvpn[2681]: UDPv4 link remote: 
    Jun 10 20:40:51 xfce nm-openvpn[2681]: [] Peer Connection Initiated with 
    Jun 10 20:40:53 xfce lldpad[776]: evb_ifdown:port tap0 remove failed
    Jun 10 20:40:53 xfce lldpad[776]: vdp_ifdown:tap0 vdp data remove failed
    Jun 10 20:40:53 xfce nm-openvpn[2681]: TUN/TAP device tap0 opened
    Jun 10 20:40:53 xfce nm-openvpn[2681]: /usr/libexec/nm-openvpn-service-openvpn-helper tap0 1500 1574   init
    Jun 10 20:40:53 xfce NetworkManager[645]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
    Jun 10 20:40:53 xfce NetworkManager[645]: <warn> VPN plugin failed: 2
    Jun 10 20:40:53 xfce nm-openvpn[2681]: script failed: external program exited with error status: 1
    Jun 10 20:40:53 xfce nm-openvpn[2681]: Exiting

  5. #5
    Join Date
    Oct 2009
    Posts
    15

    Re: Don't connect openvpn

    Quote Originally Posted by William Haller
    If you are sure that your openvpn configuration is correct and that all of your certificates are in spots that match your configuration and are accessible by you as a user, I'd check the firewall next and make sure the proper port is open. You might also be able to do a scan through /var/log/messages for messages about openvpn or DENY messages from the kernel related to your ports. Regardless, you'll need to provide more information to get any real help. Are you starting it from the command line? Are you using a GUI to configure it? Are you running KDE or Gnome - I know that the KDE network manager will properly configure a VPN connection on F15 and that it works, so it isn't likely to be a system problem unless something is configured wrong someplace. I'll be away for a bit but others here can help out as well.
    Hi william Haller,
    I use Gnome GUI to configure openvpn, I checked my username and password are correct, and my openvpn configuration no problem, my colleague use this configuration,username and password work ok on fedora 11, I think that something need to be configure execpt username, password and Certificate after installing fedora 15 with Gnome GUI.

    Regards,

    Robin

  6. #6
    Join Date
    Jun 2011
    Posts
    20

    Re: Don't connect openvpn

    Okay, but at which step cannot you go through, e.g. can the tap0 device be opened ?

    ---------- Post added at 09:42 PM ---------- Previous post was at 05:17 PM ----------

    I have set loglevel of NetworkManager to DEBUG to exact more information why nm-openvpn-service-openvpn-helper is unable to accomplish network interface configuration. Actually the device (tap0) created and would be available for further operations (ifup, route table update etc.) but somehow it never happens.

    Does any1 have idea why
    Code:
    g_udev_device_get_driver (udev_device);
    fails (see above) and in the end I am getting /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring... error message in the log ?


    Sigmarsson



    Code:
    Jun 13 19:58:49 xfce nm-openvpn[1463]: TUN/TAP device tap0 opened
    Jun 13 19:58:49 xfce nm-openvpn[1463]: /usr/libexec/nm-openvpn-service-openvpn-helper tap0 1500 1574   init
    Jun 13 19:58:50 xfce NetworkManager[648]: <debug> [1307987930.5748] [nm-udev-manager.c:586] handle_uevent(): UDEV event: action 'add' subsys 'net' device 'tap0'
    Jun 13 19:58:50 xfce NetworkManager[648]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
    Jun 13 19:58:50 xfce NetworkManager[648]: <warn> VPN plugin failed: 2
    Jun 13 19:58:50 xfce nm-openvpn[1463]: script failed: external program exited with error status: 1
    Jun 13 19:58:50 xfce nm-openvpn[1463]: Exiting

  7. #7
    Join Date
    Oct 2009
    Posts
    15

    Re: Don't connect openvpn

    Hi, I don't understand what you mean, I confuse how to go through first step. I checked my /sys/devices/virtual/net directory, don't have 'tap0', and I don't know how to use your code. can you help me figure out step by step? thanks.

  8. #8
    Join Date
    Jun 2011
    Posts
    20

    Re: Don't connect openvpn

    Have you tried to connect to your openVPN gateway with NetworkManager or just called /usr/sbin/openvpn with your config file ? Try to call manually and make sure your device gets created.

  9. #9
    Join Date
    Oct 2009
    Posts
    15

    Re: Don't connect openvpn

    i have already tried to connect my openVPN, I have a question how to check my deivce gets created.

  10. #10
    Join Date
    Jun 2011
    Posts
    20

    Re: Don't connect openvpn

    As you wrote ll /sys/devices/virtual/net and you can see there your tapx device if it s been created. Normally you find system messages piped by syslog into /var/log/messages

  11. #11
    Join Date
    Oct 2009
    Posts
    15

    Re: Don't connect openvpn

    The my starting Openvpn log message below.
    Jun 18 18:37:50 RobinLiu NetworkManager[896]: <info> Starting VPN service 'openvpn'...
    Jun 18 18:37:50 RobinLiu NetworkManager[896]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3107
    Jun 18 18:37:50 RobinLiu NetworkManager[896]: <info> VPN service 'openvpn' appeared; activating connections
    Jun 18 18:37:50 RobinLiu NetworkManager[896]: <info> VPN plugin state changed: 1
    Jun 18 18:37:50 RobinLiu NetworkManager[896]: <info> VPN plugin state changed: 3
    Jun 18 18:37:50 RobinLiu NetworkManager[896]: <info> VPN connection 'tcish_winvpn_2' (Connect) reply received.
    Jun 18 18:37:50 RobinLiu nm-openvpn[3113]: OpenVPN 2.1.4 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 17 2011
    Jun 18 18:37:51 RobinLiu nm-openvpn[3113]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jun 18 18:37:51 RobinLiu nm-openvpn[3113]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 18 18:37:51 RobinLiu nm-openvpn[3113]: Cannot load CA certificate file /home/robinliu/Downloads/efw-1242728007.pem path (null) (SSL_CTX_load_verify_locations): error:0200100D:system library:fopen:Permission denied: error:2006D002:BIO routines:BIO_new_file:system lib: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
    Jun 18 18:37:51 RobinLiu nm-openvpn[3113]: Exiting
    Jun 18 18:37:51 RobinLiu dbus: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
    Jun 18 18:37:51 RobinLiu NetworkManager[896]: <warn> VPN plugin failed: 1
    Jun 18 18:37:51 RobinLiu NetworkManager[896]: <info> VPN plugin state changed: 6
    Jun 18 18:37:51 RobinLiu NetworkManager[896]: <info> VPN plugin state change reason: 0
    Jun 18 18:37:51 RobinLiu NetworkManager[896]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
    Jun 18 18:37:51 RobinLiu NetworkManager[896]: <info> Policy set 'System eth0' (eth0) as default for IPv4 routing and DNS.
    Jun 18 18:37:51 RobinLiu dbus: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
    Jun 18 18:37:51 RobinLiu NetworkManager[896]: keyfile: updating /etc/NetworkManager/system-connections/tcish_winvpn_2
    Jun 18 18:37:53 RobinLiu setroubleshoot: SELinux is preventing /usr/sbin/openvpn from read access on the file /home/robinliu/Downloads/efw-1242728007.pem. For complete SELinux messages. run sealert -l b3d20ccf-a21f-4fea-82b7-b69b5aceb050
    Jun 18 18:37:56 RobinLiu NetworkManager[896]: <info> VPN service 'openvpn' disappeared
    WARNING: No server certificate verification method has been enabled

  12. #12
    Join Date
    Nov 2008
    Location
    Canada
    Posts
    2,723

    Re: Don't connect openvpn

    Jun 18 18:37:51 RobinLiu nm-openvpn[3113]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

    Jun 18 18:37:51 RobinLiu nm-openvpn[3113]: Cannot load CA certificate file /home/robinliu/Downloads/efw-1242728007.pem path (null) (SSL_CTX_load_verify_locations): error:0200100D:system library:fopen:Permission denied: error:2006D002:BIO routines:BIO_new_file:system lib: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

    Jun 18 18:37:53 RobinLiu setroubleshoot: SELinux is preventing /usr/sbin/openvpn from read access on the file /home/robinliu/Downloads/efw-1242728007.pem. For complete SELinux messages. run sealert -l b3d20ccf-a21f-4fea-82b7-b69b5aceb050

    Looks to me like a rather serious misconfiguration with a little selinux. Maybe you should read the howto as pointed to in the error.

Similar Threads

  1. openVPN
    By hotsauce in forum Servers & Networking
    Replies: 13
    Last Post: 5th May 2011, 12:01 AM
  2. openvpn
    By gaurav1008 in forum Fedora Focus
    Replies: 1
    Last Post: 7th April 2011, 06:01 PM
  3. OpenVPN please help
    By coolcapri in forum Installation, Upgrades and Live Media
    Replies: 0
    Last Post: 13th September 2007, 01:27 PM
  4. Openvpn can connect but cannot ping other server in network issues
    By bearbasher in forum Servers & Networking
    Replies: 0
    Last Post: 29th August 2007, 04:36 AM
  5. OpenVPN
    By windblows in forum Servers & Networking
    Replies: 0
    Last Post: 28th July 2005, 06:49 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •