[Solved] Problems setting up openvpn client
Posted: 2019/12/13 11:00:44
To configure the connection I used
and got confirmation:
I opened nm-connection-editor and tried to edit the connection Bahnhof. It was no problem to fill in and save the username but when trying to save the password I get Enter password to unlock your login keyring. The password you use to log in to your computer no longer matches that of your login keyring. in a pop-up window. No matter what I put in there it does not get accepted. I also got an selinux issue which had been reported several years ago about the .ca-certificate.
https://bugzilla.redhat.com/show_bug.cgi?id=1074830 .
The selinux troubleshooter gave me precisely this and I tried moving the certificate but I still get the same message about the mismatched password. So then I tried to switch selinux off by entering setenforce 0 as root. That did not help.
Same thing happens if I try to connect after having supplied the connection password.
All efforts above according to posts here and there in various fora. So what is going on here?
My best guess is that this has to do with my user being authenticated by an LDAP-server. If so what should I do? Is it possible to solve this problem for this user? Must I create a locally authenticated user? If so does it suffice to do what the selinux troubleshooter suggests:
or do I have to disable selinux?
Thanks for any help.
Cheers,
gostal
Code: Select all
sudo nmcli connection import type openvpn file /home/gostal/Downloads/vpn/Integrity_OpenVPN_v3/Bahnhof.ovpn
Code: Select all
Connection 'Bahnhof' (a58b19a0-9537-45a3-912b-dc8b4e1eac40) successfully added.
https://bugzilla.redhat.com/show_bug.cgi?id=1074830 .
The selinux troubleshooter gave me precisely this and I tried moving the certificate but I still get the same message about the mismatched password. So then I tried to switch selinux off by entering setenforce 0 as root. That did not help.
Same thing happens if I try to connect after having supplied the connection password.
All efforts above according to posts here and there in various fora. So what is going on here?
My best guess is that this has to do with my user being authenticated by an LDAP-server. If so what should I do? Is it possible to solve this problem for this user? Must I create a locally authenticated user? If so does it suffice to do what the selinux troubleshooter suggests:
Code: Select all
SELinux is preventing /usr/sbin/openvpn from open access on the file /home/gostal/Downloads/vpn/Integrity_OpenVPN_v3/ca.crt.
***** Plugin openvpn (47.5 confidence) suggests ***************************
If you want to mv ca.crt to standard location so that openvpn can have open access
Then you must move the cert file to the ~/.cert directory
Do
# mv /home/gostal/Downloads/vpn/Integrity_OpenVPN_v3/ca.crt ~/.cert
# restorecon -R -v ~/.cert
***** Plugin openvpn (47.5 confidence) suggests ***************************
If you want to modify the label on ca.crt so that openvpn can have open access on it
Then you must fix the labels.
Do
# semanage fcontext -a -t home_cert_t /home/gostal/Downloads/vpn/Integrity_OpenVPN_v3/ca.crt
# restorecon -R -v /home/gostal/Downloads/vpn/Integrity_OpenVPN_v3/ca.crt
Thanks for any help.
Cheers,
gostal