Openvpn Configuration/Access Issue

Stephen Morris samorris at netspace.net.au
Fri Feb 26 23:34:41 UTC 2016 

On 26/02/16 19:36, Ed Greshko wrote:
>
> On 02/26/16 15:58, Stephen Morris wrote:
>> On 26/02/16 08:42, Rick Stevens wrote:
>>> On 02/25/2016 01:35 PM, Stephen Morris wrote:
>>>> Hi,
>>>>
>>>>       I am trying to my vpn service provider using instructions they
>>>> provide for Ubuntu Mint as the only information they provide for Linux.
>>>> When I go into Networkmanager and create a new Openvpn connection and
>>>> try to connect to it, I get a popup saying the connection failed and one
>>>> of the messages seems to be indicating that I am missing a plugin.
>>>>
>>>>       As far as I can see I have every Networkmanager vpn plugin
>>>> installed, so I am at a loss trying to understand the message. Is
>>>> anybody able to shed any light on what/where I need to look to try to
>>>> identify what the connection issues are?
>>> Please include the EXACT error message you're getting. It may not be
>>> a NetworkMangler plugin you're missing--rather an openvpn module or
>>> OpenSSL module.
>> Below is all the messages appearing in the notification dialog when the connection
>> fails, in the order they are displayed from top to bottom.
>>
>> Failed to activate connection
>> Device failed
>> Failed to deactivate connection
>> Connection updated
>> Missing VPN plugin
>> Failed to update connection
>> Connection removed
>> Connection added
>> Failed to remove connection
>> Failed to get secrets
>> Connection deactivated
>> Connection activated
>> Failed to add connection
>> Failed to request scan
>>
> If you do
>
> journalctl -b 0 -l --unit=NetworkManager
I issued this command and found the following messages which means I 
will now need to play around with the configuration to resolve, 
particularly the certificate issue, as a certificate to use is specified 
in the client.

Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: OpenVPN 2.3.10 
x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] 
[IPv6] built on Jan  4 2016
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: library 
versions: OpenSSL 1.0.2f-fips  28 Jan 2016, LZO 2.08
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: WARNING: No 
server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: NOTE: the 
current --script-security setting may allow this configuration to call 
user-defined scripts
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: WARNING: 
normally if you use --mssfix and/or --fragment, you should also set 
--tun-mtu 1500 (currently it is 1557)
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: NOTE: UID/GID 
downgrade will be delayed because of --client, --pull, or --up-delay
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: UDPv4 link 
local: [undef]
Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: UDPv4 link 
remote: [AF_INET]45.58.127.234:443
Feb 27 10:27:46 localhost.localdomain nm-openvpn[2542]: WARNING: 
'link-mtu' is used inconsistently, local='link-mtu 1614', 
remote='link-mtu 1557'
Feb 27 10:27:46 localhost.localdomain nm-openvpn[2542]: WARNING: 
'tun-mtu' is used inconsistently, local='tun-mtu 1557', remote='tun-mtu 
1500'
Feb 27 10:27:46 localhost.localdomain nm-openvpn[2542]: [VPN] Peer 
Connection Initiated with [AF_INET]45.58.127.234:443
Feb 27 10:27:49 localhost.localdomain nm-openvpn[2542]: TUN/TAP device 
tun0 opened
Feb 27 10:27:49 localhost.localdomain nm-openvpn[2542]: 
/usr/libexec/nm-openvpn-service-openvpn-helper --tun -- tun0 1557 1614 
10.10.8.10 10.10.8.9 init

>
> Do you get better info?
>
> Here is an example of a successful openvpn connection...
>
> http://paste.fedoraproject.org/329720/47555814/
>
Is the information you have shown in the link above an excerpt from syslog?
Having found some information around how I need to configure the 
NetworkManager connection I now have the vpn connection working.
The messages I have shown above that I didn't understand, was all 
because of my stupidity. The button I clicked on in the connection 
failure notification also shows the same thing when clicked on in the 
successful connection notification. What I now think it was, is that 
these are things that NetworkManager knows how to detect, and it was 
asking how I wanted notification of those messages if they occurred.
Sorry for all the trouble I put people to due to my lack of 
understanding of something, that in hindsight should have been obvious 
to me as to what it was.

Having got the interface working, its performance potentially explains 
why the cost of lifetime membership was dropped from $1000US to $40US.

More information about the users mailing list