Re: No network on first try

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/17/18 00:36, Martin Wagner wrote:
> On Thu, 2018-03-15 at 16:21 +0800, Ed Greshko wrote:
>> You've said you have things set to activate a VPN connection for the
>> ethernet
>> interface, yes?
>>
>> What type of VPN are you using?  I don't have my VPN activated
>> automatically.  But
>> when it comes to OpenVPN there are 2 choices for saving the
>> password.  Either for one
>> user and encrypted or for all users and un-encrypted.  I would think
>> that for the VPN
>> to be activated without your having logged-in it would have to have
>> been saved
>> un-encrypted for all users. 
>>
>> I just tested it on a VPN and unless I have the PW saved for all the
>> interface will
>> not come up on boot.
> I think you're on to something. When I inspected the log files I found
> the following that's logged during startup.
>
> vpn-connection[]: Failed to request VPN secrets #3: No agents were
> available for this request.
>
> But I do have the 'Make available to other users' enabled in the
> settings for this VPN profile. The certificate for the VPN provider is
> in a folder under /home/mainuser. If that location would make any
> difference?

Yes, it would.

The problem you now have is that you've placed the certs in a non-standard location. 
This means they will have the wrong selinux context.

The easiest thing to do is delete the VPN profiles and say "yes" when it prompts to
place the certs in the standard location of

~/.local/share/networkmanagement/certificates/<Connection Name>

They will then have selinux context like this...

[egreshko@meimei US-West]$ pwd
/home/egreshko/.local/share/networkmanagement/certificates/US-West
[egreshko@meimei US-West]$ ls -Z
unconfined_u:object_r:home_cert_t:s0 ca.crt
unconfined_u:object_r:home_cert_t:s0 cert.crt
unconfined_u:object_r:home_cert_t:s0 private.key
unconfined_u:object_r:home_cert_t:s0 tls_auth.key


-- 
Conjecture is just a conclusion based on incomplete information. It isn't a fact.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux