On 03/17/18 00:36, Martin Wagner wrote:
On Thu, 2018-03-15 at 16:21 +0800, Ed Greshko wrote:
You've said you have things set to activate a VPN connection for the ethernet interface, yes?
What type of VPN are you using? I don't have my VPN activated automatically. But when it comes to OpenVPN there are 2 choices for saving the password. Either for one user and encrypted or for all users and un-encrypted. I would think that for the VPN to be activated without your having logged-in it would have to have been saved un-encrypted for all users.
I just tested it on a VPN and unless I have the PW saved for all the interface will not come up on boot.
I think you're on to something. When I inspected the log files I found the following that's logged during startup.
vpn-connection[]: Failed to request VPN secrets #3: No agents were available for this request.
But I do have the 'Make available to other users' enabled in the settings for this VPN profile. The certificate for the VPN provider is in a folder under /home/mainuser. If that location would make any difference?
Yes, it would.
The problem you now have is that you've placed the certs in a non-standard location. This means they will have the wrong selinux context.
The easiest thing to do is delete the VPN profiles and say "yes" when it prompts to place the certs in the standard location of
~/.local/share/networkmanagement/certificates/<Connection Name>
They will then have selinux context like this...
[egreshko@meimei US-West]$ pwd /home/egreshko/.local/share/networkmanagement/certificates/US-West [egreshko@meimei US-West]$ ls -Z unconfined_u:object_r:home_cert_t:s0 ca.crt unconfined_u:object_r:home_cert_t:s0 cert.crt unconfined_u:object_r:home_cert_t:s0 private.key unconfined_u:object_r:home_cert_t:s0 tls_auth.key