Re: Issue connecting to Fortigate SSL VPN using NM GUI

2019-01-25 Thread Bruno Martins 

Hello guys,

Thank you both for your answers!

I don't have SELinux enabled and ufw was also not enabled, although I've 
enabled it and added a rule to accept GRE traffic anyway.


Here are the new logs after adding the debug option to the daemon:

https://paste.gnome.org/pwzhdqf9f

It still does not work, unfortunately.

When connecting using command line, it takes ~2 secs connecting to the 
VPN service.


Best regards,

Bruno

On 23/01/19 03:10, Greg Oliver via networkmanager-list wrote:
On Sun, Jan 20, 2019 at 1:51 AM Berend De Schouwer via 
networkmanager-list > wrote:


On Tue, 2019-01-15 at 23:27 +, br...@bmartins.pt
 wrote:
> Hello everyone,
>
> I'm using Ubuntu 18.04 fully updated and currently having issues
> connecting to my company's VPN service using NetworkManager GUI.

Works for me (to our company's Forti VPN) on Fedora 29. So it can
work.


> If I manually connect from CLI using "sudo openfortivpn
> gateway.company.com:443  -u
mys...@company.com " everything works as
> expected.
>
> Log messages written to /var/log/syslog were pasted here:
> https://paste.gnome.org/ph1gz6fvg
>
> It looks like a timeout occurs, but I don't know where I can
increase
> it.

The timeout looks long enough.  How long does it take to connect when
running 'sudo ...'?

I suspect it's running into selinux rules since it works running as
sudo.  Maybe look at audit.log or try with selinux disabled.

You can increase pppd's debug info by editing /etc/ppp/options and
adding 'debug' (needs selinux off)


If it requires GRE, I have found in later Fedora's, I have to manually 
alter the firewall to make them all work:


sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 
-p gre -j ACCEPT
sudo firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 
-p gre -j ACCEPT


___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: Issue connecting to Fortigate SSL VPN using NM GUI

2019-01-22 Thread Greg Oliver via networkmanager-list 
On Sun, Jan 20, 2019 at 1:51 AM Berend De Schouwer via networkmanager-list <
networkmanager-list@gnome.org> wrote:

> On Tue, 2019-01-15 at 23:27 +, br...@bmartins.pt wrote:
> > Hello everyone,
> >
> > I'm using Ubuntu 18.04 fully updated and currently having issues
> > connecting to my company's VPN service using NetworkManager GUI.
>
> Works for me (to our company's Forti VPN) on Fedora 29.  So it can
> work.
>
>
> > If I manually connect from CLI using "sudo openfortivpn
> > gateway.company.com:443 -u mys...@company.com" everything works as
> > expected.
> >
> > Log messages written to /var/log/syslog were pasted here:
> > https://paste.gnome.org/ph1gz6fvg
> >
> > It looks like a timeout occurs, but I don't know where I can increase
> > it.
>
> The timeout looks long enough.  How long does it take to connect when
> running 'sudo ...'?
>
> I suspect it's running into selinux rules since it works running as
> sudo.  Maybe look at audit.log or try with selinux disabled.
>
> You can increase pppd's debug info by editing /etc/ppp/options and
> adding 'debug' (needs selinux off)
>

If it requires GRE, I have found in later Fedora's, I have to manually
alter the firewall to make them all work:

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p
gre -j ACCEPT
sudo firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -p
gre -j ACCEPT
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: Issue connecting to Fortigate SSL VPN using NM GUI

2019-01-19 Thread Berend De Schouwer via networkmanager-list 
On Tue, 2019-01-15 at 23:27 +, br...@bmartins.pt wrote:
> Hello everyone,
> 
> I'm using Ubuntu 18.04 fully updated and currently having issues
> connecting to my company's VPN service using NetworkManager GUI. 

Works for me (to our company's Forti VPN) on Fedora 29.  So it can
work.


> If I manually connect from CLI using "sudo openfortivpn
> gateway.company.com:443 -u mys...@company.com" everything works as
> expected.
> 
> Log messages written to /var/log/syslog were pasted here:
> https://paste.gnome.org/ph1gz6fvg
> 
> It looks like a timeout occurs, but I don't know where I can increase
> it.

The timeout looks long enough.  How long does it take to connect when
running 'sudo ...'?

I suspect it's running into selinux rules since it works running as
sudo.  Maybe look at audit.log or try with selinux disabled.

You can increase pppd's debug info by editing /etc/ppp/options and
adding 'debug' (needs selinux off)

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Issue connecting to Fortigate SSL VPN using NM GUI

2019-01-15 Thread bruno 
Hello everyone,

I'm using Ubuntu 18.04 fully updated and currently having issues
connecting to my company's VPN service using NetworkManager GUI. 

If I manually connect from CLI using "sudo openfortivpn
gateway.company.com:443 -u mys...@company.com" everything works as
expected.

Log messages written to /var/log/syslog were pasted here:
https://paste.gnome.org/ph1gz6fvg

It looks like a timeout occurs, but I don't know where I can increase
it.

I believe the problem may be affecting multiple distros, as I could
find this bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1490874

Sadly, no solution is available.

Can you please take a look?

Thanks!

Kind regards,

Bruno

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list