On 27/02/16 11:21, Ed Greshko wrote:
On 02/27/16 07:34, Stephen Morris wrote:
On 26/02/16 19:36, Ed Greshko wrote:
On 02/26/16 15:58, Stephen Morris wrote:
On 26/02/16 08:42, Rick Stevens wrote:
On 02/25/2016 01:35 PM, Stephen Morris wrote:
Hi,
I am trying to my vpn service provider using instructions they
provide for Ubuntu Mint as the only information they provide for Linux.
When I go into Networkmanager and create a new Openvpn connection and
try to connect to it, I get a popup saying the connection failed and one
of the messages seems to be indicating that I am missing a plugin.
As far as I can see I have every Networkmanager vpn plugin
installed, so I am at a loss trying to understand the message. Is
anybody able to shed any light on what/where I need to look to try to
identify what the connection issues are?
Please include the EXACT error message you're getting. It may not be
a NetworkMangler plugin you're missing--rather an openvpn module or
OpenSSL module.
Below is all the messages appearing in the notification dialog when the connection
fails, in the order they are displayed from top to bottom.
Failed to activate connection
Device failed
Failed to deactivate connection
Connection updated
Missing VPN plugin
Failed to update connection
Connection removed
Connection added
Failed to remove connection
Failed to get secrets
Connection deactivated
Connection activated
Failed to add connection
Failed to request scan
If you do
journalctl -b 0 -l --unit=NetworkManager
I issued this command and found the following messages which means I will now need to
play around with the configuration to resolve, particularly the certificate issue, as a
certificate to use is specified in the client.
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: OpenVPN 2.3.10
x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan
4 2016
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: library versions: OpenSSL
1.0.2f-fips 28 Jan 2016, LZO 2.08
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: WARNING: No server certificate
verification method has been enabled. See http://openvpn.net/howto.html#mitm for more
info.
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: NOTE: the current
--script-security setting may allow this configuration to call user-defined scripts
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: WARNING: normally if you use
--mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1557)
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: NOTE: UID/GID downgrade will be
delayed because of --client, --pull, or --up-delay
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: UDPv4 link local: [undef]
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: UDPv4 link remote:
[AF_INET]45.58.127.234:443
Feb 27 10:27:46 localhost.localdomain nm-openvpn[2542]: WARNING: 'link-mtu' is used
inconsistently, local='link-mtu 1614', remote='link-mtu 1557'
Feb 27 10:27:46 localhost.localdomain nm-openvpn[2542]: WARNING: 'tun-mtu' is used
inconsistently, local='tun-mtu 1557', remote='tun-mtu 1500'
Feb 27 10:27:46 localhost.localdomain nm-openvpn[2542]: [VPN] Peer Connection Initiated
with [AF_INET]45.58.127.234:443
Feb 27 10:27:49 localhost.localdomain nm-openvpn[2542]: TUN/TAP device tun0 opened
Feb 27 10:27:49 localhost.localdomain nm-openvpn[2542]:
/usr/libexec/nm-openvpn-service-openvpn-helper --tun -- tun0 1557 1614 10.10.8.10
10.10.8.9 init
Do you get better info?
Here is an example of a successful openvpn connection...
http://paste.fedoraproject.org/329720/47555814/
Is the information you have shown in the link above an excerpt from syslog?
No, it is the output from journalctl on my system with a working openVPN connection.
The warning about "server certificate" is only a warning. I don't use that option/feature
and there is no problem.
Having set a security option that I think has gotten rid of the
certificate message, I think NetworkManager is trying to provide some
protection against server spoofing, albeit without a physical
certificate from the server is fairly limited.
Apart from the speed degradation issues, I now have to resolve an issue
with the flash based browser game, and the two non-browser online games,
that I am playing at the moment, refusing to allow connection if the vpn
is active.
regards,
Steve
Having found some information around how I need to configure the NetworkManager
connection I now have the vpn connection working.
The messages I have shown above that I didn't understand, was all because of my
stupidity. The button I clicked on in the connection failure notification also shows the
same thing when clicked on in the successful connection notification. What I now think
it was, is that these are things that NetworkManager knows how to detect, and it was
asking how I wanted notification of those messages if they occurred.
Sorry for all the trouble I put people to due to my lack of understanding of something,
that in hindsight should have been obvious to me as to what it was.
Having got the interface working, its performance potentially explains why the cost of
lifetime membership was dropped from $1000US to $40US.
Good that you have it working.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org