Openvpn Configuration/Access Issue

Ed Greshko ed.greshko at greshko.com
Sat Feb 27 00:21:22 UTC 2016 


On 02/27/16 07:34, Stephen Morris wrote:
> On 26/02/16 19:36, Ed Greshko wrote:
>>
>> On 02/26/16 15:58, Stephen Morris wrote:
>>> On 26/02/16 08:42, Rick Stevens wrote:
>>>> On 02/25/2016 01:35 PM, Stephen Morris wrote:
>>>>> Hi,
>>>>>
>>>>>       I am trying to my vpn service provider using instructions they
>>>>> provide for Ubuntu Mint as the only information they provide for Linux.
>>>>> When I go into Networkmanager and create a new Openvpn connection and
>>>>> try to connect to it, I get a popup saying the connection failed and one
>>>>> of the messages seems to be indicating that I am missing a plugin.
>>>>>
>>>>>       As far as I can see I have every Networkmanager vpn plugin
>>>>> installed, so I am at a loss trying to understand the message. Is
>>>>> anybody able to shed any light on what/where I need to look to try to
>>>>> identify what the connection issues are?
>>>> Please include the EXACT error message you're getting. It may not be
>>>> a NetworkMangler plugin you're missing--rather an openvpn module or
>>>> OpenSSL module.
>>> Below is all the messages appearing in the notification dialog when the connection
>>> fails, in the order they are displayed from top to bottom.
>>>
>>> Failed to activate connection
>>> Device failed
>>> Failed to deactivate connection
>>> Connection updated
>>> Missing VPN plugin
>>> Failed to update connection
>>> Connection removed
>>> Connection added
>>> Failed to remove connection
>>> Failed to get secrets
>>> Connection deactivated
>>> Connection activated
>>> Failed to add connection
>>> Failed to request scan
>>>
>> If you do
>>
>> journalctl -b 0 -l --unit=NetworkManager
> I issued this command and found the following messages which means I will now need to
> play around with the configuration to resolve, particularly the certificate issue, as a
> certificate to use is specified in the client.
>
> Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: OpenVPN 2.3.10
> x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 
> 4 2016
> Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: library versions: OpenSSL
> 1.0.2f-fips  28 Jan 2016, LZO 2.08
> Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: WARNING: No server certificate
> verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more
> info.
> Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: NOTE: the current
> --script-security setting may allow this configuration to call user-defined scripts
> Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: WARNING: normally if you use
> --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1557)
> Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: NOTE: UID/GID downgrade will be
> delayed because of --client, --pull, or --up-delay
> Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: UDPv4 link local: [undef]
> Feb 27 10:27:44 localhost.localdomain nm-openvpn[2542]: UDPv4 link remote:
> [AF_INET]45.58.127.234:443
> Feb 27 10:27:46 localhost.localdomain nm-openvpn[2542]: WARNING: 'link-mtu' is used
> inconsistently, local='link-mtu 1614', remote='link-mtu 1557'
> Feb 27 10:27:46 localhost.localdomain nm-openvpn[2542]: WARNING: 'tun-mtu' is used
> inconsistently, local='tun-mtu 1557', remote='tun-mtu 1500'
> Feb 27 10:27:46 localhost.localdomain nm-openvpn[2542]: [VPN] Peer Connection Initiated
> with [AF_INET]45.58.127.234:443
> Feb 27 10:27:49 localhost.localdomain nm-openvpn[2542]: TUN/TAP device tun0 opened
> Feb 27 10:27:49 localhost.localdomain nm-openvpn[2542]:
> /usr/libexec/nm-openvpn-service-openvpn-helper --tun -- tun0 1557 1614 10.10.8.10
> 10.10.8.9 init
>
>>
>> Do you get better info?
>>
>> Here is an example of a successful openvpn connection...
>>
>> http://paste.fedoraproject.org/329720/47555814/
>>
> Is the information you have shown in the link above an excerpt from syslog?

No, it is the output from journalctl on my system with a working openVPN connection.

The warning about "server certificate" is only a warning.  I don't use that option/feature
and there is no problem.

> Having found some information around how I need to configure the NetworkManager
> connection I now have the vpn connection working.
> The messages I have shown above that I didn't understand, was all because of my
> stupidity. The button I clicked on in the connection failure notification also shows the
> same thing when clicked on in the successful connection notification. What I now think
> it was, is that these are things that NetworkManager knows how to detect, and it was
> asking how I wanted notification of those messages if they occurred.
> Sorry for all the trouble I put people to due to my lack of understanding of something,
> that in hindsight should have been obvious to me as to what it was.
>
> Having got the interface working, its performance potentially explains why the cost of
> lifetime membership was dropped from $1000US to $40US.
>

Good that you have it working.

-- 
In reality, some people should stick to running Windows and others should stay away from
computers altogether.

More information about the users mailing list