Problem with OpenVPN connection over NetworkManager

mocambo · 03-09-2016, 01:30 PM

Connecting to OpenVPN server by command line works flawlessly.

Problems are encoutered with NetworkManager when trying to connect to same OpenVPN server.
New connection configured by using "import a saved VPN configuration..." NetworkManager feature. Imported configuration is same what used when successfully connected by command line.

If you have any clue, please let me know.

Thank you in advance !

Journal messages after NetworkManager connection:

Code:

märts 09 21:05:00 mocambo NetworkManager[1435]: <info>  Starting VPN service 'openvpn'...
märts 09 21:05:00 mocambo NetworkManager[1435]: <info>  VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3850
märts 09 21:05:00 mocambo NetworkManager[1435]: <info>  VPN service 'openvpn' appeared; activating connections
märts 09 21:05:00 mocambo NetworkManager[1435]: <info>  VPN plugin state changed: init (1)
märts 09 21:05:07 mocambo NetworkManager[1435]: (nm-openvpn-service:3850): nm-openvpn-WARNING **: Directory '/var/lib/openvpn/chroot' not usable for chroot by 'nm-openvpn', openvpn will not be chro
märts 09 21:05:07 mocambo NetworkManager[1435]: <info>  VPN plugin state changed: starting (3)
märts 09 21:05:07 mocambo NetworkManager[1435]: nm-openvpn-Message: openvpn started with pid 3862
märts 09 21:05:07 mocambo NetworkManager[1435]: <info>  VPN connection 'OpenVPN' (ConnectInteractive) reply received.
märts 09 21:05:07 mocambo nm-openvpn[3862]: OpenVPN 2.3.9 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 24 2015
märts 09 21:05:07 mocambo nm-openvpn[3862]: library versions: OpenSSL 1.0.2f  28 Jan 2016, LZO 2.09
märts 09 21:05:07 mocambo nm-openvpn[3862]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
märts 09 21:05:07 mocambo nm-openvpn[3862]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
märts 09 21:05:07 mocambo nm-openvpn[3862]: WARNING: file '/home/moc/.cert/client-key.pem' is group or others accessible
märts 09 21:05:07 mocambo nm-openvpn[3862]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
märts 09 21:05:07 mocambo nm-openvpn[3862]: UDPv4 link local: [undef]
märts 09 21:05:07 mocambo nm-openvpn[3862]: UDPv4 link remote: [AF_INET]193.40.244.196:1194
märts 09 21:05:47 mocambo NetworkManager[1435]: <warn>  VPN connection 'OpenVPN' connect timeout exceeded.
märts 09 21:05:47 mocambo NetworkManager[1435]: nm-openvpn-Message: Terminated openvpn daemon with PID 3862.
märts 09 21:05:47 mocambo nm-openvpn[3862]: SIGTERM[hard,] received, process exiting

Successful try by command line:

Code:

# openvpn --config /etc/openvpn/client.ovpn
Wed Mar  9 20:58:29 2016 OpenVPN 2.3.9 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 24 2015
Wed Mar  9 20:58:29 2016 library versions: OpenSSL 1.0.2f  28 Jan 2016, LZO 2.09
Enter Auth Username: ***************
Enter Auth Password: ***************
Wed Mar  9 20:58:39 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Mar  9 20:58:39 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Mar  9 20:58:39 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar  9 20:58:39 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar  9 20:58:39 2016 Socket Buffers: R=[163840->200000] S=[163840->200000]
Wed Mar  9 20:58:40 2016 UDPv4 link local: [undef]
Wed Mar  9 20:58:40 2016 UDPv4 link remote: [AF_INET]193.40.244.196:1194
Wed Mar  9 20:58:40 2016 TLS: Initial packet from [AF_INET]193.40.244.196:1194, sid=5d530cd6 153a47f4
Wed Mar  9 20:58:40 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Mar  9 20:58:40 2016 VERIFY OK: depth=1, CN=OpenVPN CA
Wed Mar  9 20:58:40 2016 VERIFY OK: nsCertType=SERVER
Wed Mar  9 20:58:40 2016 VERIFY OK: depth=0, CN=OpenVPN Server
Wed Mar  9 20:58:40 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar  9 20:58:40 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar  9 20:58:40 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar  9 20:58:40 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar  9 20:58:40 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar  9 20:58:40 2016 [OpenVPN Server] Peer Connection Initiated with [AF_INET]193.40.244.196:1194
Wed Mar  9 20:58:42 2016 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Wed Mar  9 20:58:43 2016 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-token SESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.232.1,dhcp-option DNS 193.40.56.245,dhcp-option DNS 193.40.0.12,register-dns,block-ipv6,ifconfig 172.27.239.2 255.255.248.0'
Wed Mar  9 20:58:43 2016 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks 
Wed Mar  9 20:58:43 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.9)
Wed Mar  9 20:58:43 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.9)
Wed Mar  9 20:58:43 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.9)
Wed Mar  9 20:58:43 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.3.9)
Wed Mar  9 20:58:43 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.3.9)
Wed Mar  9 20:58:43 2016 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar  9 20:58:43 2016 OPTIONS IMPORT: explicit notify parm(s) modified
Wed Mar  9 20:58:43 2016 OPTIONS IMPORT: LZO parms modified
Wed Mar  9 20:58:43 2016 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar  9 20:58:43 2016 OPTIONS IMPORT: route options modified
Wed Mar  9 20:58:43 2016 OPTIONS IMPORT: route-related options modified
Wed Mar  9 20:58:43 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Mar  9 20:58:43 2016 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 IFACE=wlp1s4 HWADDR=00:16:6f:b2:06:b5
Wed Mar  9 20:58:43 2016 TUN/TAP device tun0 opened
Wed Mar  9 20:58:43 2016 TUN/TAP TX queue length set to 100
Wed Mar  9 20:58:43 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Mar  9 20:58:43 2016 /usr/bin/ip link set dev tun0 up mtu 1500
Wed Mar  9 20:58:43 2016 /usr/bin/ip addr add dev tun0 172.27.239.2/21 broadcast 172.27.239.255
Wed Mar  9 20:58:43 2016 /etc/openvpn/update-resolv-conf tun0 1500 1542 172.27.239.2 255.255.248.0 init
dhcp-option DNS 193.40.56.245
dhcp-option DNS 193.40.0.12
Wed Mar  9 20:58:50 2016 ROUTE remote_host is NOT LOCAL
Wed Mar  9 20:58:50 2016 /usr/bin/ip route add 193.40.244.196/32 via 192.168.43.1
Wed Mar  9 20:58:50 2016 /usr/bin/ip route add 0.0.0.0/1 via 172.27.232.1
Wed Mar  9 20:58:50 2016 /usr/bin/ip route add 128.0.0.0/1 via 172.27.232.1
Wed Mar  9 20:58:50 2016 Initialization Sequence Completed

System info:

Code:

# inxi -F
System:    Host: moc Kernel: 4.1.18-2-MANJARO i686 (32 bit) Desktop: Xfce 4.12.3
           Distro: ManjaroLinux 15.12 Capella
CPU:       Single core Intel Pentium M (-UP-) cache: 2048 KB speed: 1729 MHz (max)
Graphics:  Card: Intel Mobile 915GM/GMS/910GML Express Graphics Controller
           Display Server: X.org 1.17.4 driver: intel tty size: 197x80 Advanced Data: N/A for root
Audio:     Card Intel 82801FB/FBM/FR/FW/FRW (ICH6 Family) AC'97 Audio Controller driver: snd_intel8x0
           Sound: Advanced Linux Sound Architecture v: k4.1.18-2-MANJARO
Network:   Card-1: Intel PRO/Wireless 2915ABG [Calexico2] Network Connection driver: ipw2200
           IF: wlp1s4 state: up mac: 00:16:6f:b2:06:b5
           Card-2: Realtek RTL-8110SC/8169SC Gigabit Ethernet driver: r8169
           IF: enp1s6 state: down mac: 00:40:45:2d:6b:42
Drives:    HDD Total Size: 100.0GB (82.7% used) ID-1: /dev/sda model: FUJITSU_MHV2100B size: 100.0GB
Partition: ID-1: / size: 12G used: 12G (96%) fs: ext4 dev: /dev/sda1
           ID-2: /home size: 76G used: 63G (82%) fs: ext4 dev: /dev/sda6
           ID-3: swap-1 size: 4.19GB used: 0.34GB (8%) fs: swap dev: /dev/sda5
Sensors:   System Temperatures: cpu: 56.0C mobo: N/A
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 153 Uptime: 4:19 Memory: 1124.4/1987.3MB Client: Shell (bash) inxi: 2.2.35

nini09 · 03-14-2016, 02:51 PM

The import information isn't complete and enough. Something is missing. First of all, nm-openvpn didn't work.

sundialsvcs · 03-14-2016, 05:55 PM

Superficially, it seems to me that the OpenVPN client ("nm-openvpn?") used by this Network Manager didn't really know how to get started. Look at the configuration settings in /etc/openvpn/client.ovpn (which apparently works ...), and try to chase-down which .ovpn file (or its equivalent ...) the Network Manager tool is trying to use.