Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Thomas Haller wrote: On Thu, 2018-02-22 at 12:34 -0500, David H. Durgee wrote: Thomas Haller wrote: The proper solution is to add support for this option. Patches welcome. I doubt my programming skills are up to a patch for this. Is this one on the list somewhere of addition options to be supported? If not, can it be added? Hi, I did something, it's on review: https://bugzilla.gnome.org/show_bug.cgi?id=793746 In either case, any idea of when it might be available? Is there a release schedule for the plugin? Releases are done infrequently. Also, your distribution might not rebase the package to a new upstream release, and it might not be willing to backport new features in the current release of the distribution. But that depends... Given that I only need to use the service when taking my laptop out of the office I believe I can live with continuing to use openvpn directly until the plugin supports the option. I doubt that private tunnel is the only service using this option, so I suspect others are also encountering it and adding support to the plugin should be done at some point. Maybe it's a pain point for many user. But I never saw a feature request about it, and there is (AFAIK) no open RFE on bugzilla.gnome.org. Be that as it may, it's easy to add. best, Thomas Thank you for your effort on this issue. My release of mint is based upon ubuntu xenial and that is where the openvpn plugin is packaged. So if your work passes review and is released I would expect to see it when ubuntu adds it to their repository. As this is an LTS release I would expect updates to be made, but I have no idea how quickly it would be done. If for some reason ubuntu does not update their repository, do you also maintain a PPA for your releases? I have added a few PPAs to my configuration to address products that are not updated as part of mint or ubuntu and could add another one if needed and available. Thank you once again for your assistance in sorting this issue out. Dave ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
On Thu, 2018-02-22 at 12:34 -0500, David H. Durgee wrote: > Thomas Haller wrote: > > > > The proper solution is to add support for this option. Patches > > welcome. > > I doubt my programming skills are up to a patch for this. Is this > one > on the list somewhere of addition options to be supported? If not, > can > it be added? Hi, I did something, it's on review: https://bugzilla.gnome.org/show_bug.cgi?id=793746 > In either case, any idea of when it might be available? > Is there a release schedule for the plugin? Releases are done infrequently. Also, your distribution might not rebase the package to a new upstream release, and it might not be willing to backport new features in the current release of the distribution. But that depends... > Given that I only need to use the service when taking my laptop out > of > the office I believe I can live with continuing to use openvpn > directly > until the plugin supports the option. I doubt that > private > tunnel is the only service using this option, so I suspect others > are > also encountering it and adding support to the plugin should be done > at > some point. Maybe it's a pain point for many user. But I never saw a feature request about it, and there is (AFAIK) no open RFE on bugzilla.gnome.org. Be that as it may, it's easy to add. best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Thomas Haller wrote: On Thu, 2018-02-22 at 11:43 -0500, David H. Durgee wrote: Thomas Haller wrote: On Wed, 2018-02-21 at 12:03 -0500, David H. Durgee wrote: Thomas Haller wrote: I will consider debug logging after you have a chance to inspect the connection show and let me know if it looks sane or is missing a crucial element. Hi, the settings don't look wrong, but whether the settings are correct depends very much on your server configuratoin. Enable debug logging and see why the connection failed. Since NM does not support the argument, you should investigate whether that argument is required in your setup. For example, (as you said, plain openvpn works) by running openvpn with the ovpn without the option. best, Thomas Per your suggestion I tried using openvpn with the edited file and as expected it fails to connect. So the appears to be required to initialize the connection. Now the question is how do I add them to the configuration? I manually added the contents of that element to a file ~/.certs/nm-openvpn/Ashburn-edited-extra-certs.pem along with the other elements, but that appears to be insufficient. I assume that I need to add the proper entry to /etc/NetworkManager/system-connections/Private Tunnel - Ashburn, but my question is what form does that entry take? In the [vpn] section I see various entries referencing the certificates, specifically: cert=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-cert.pem key=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-key.pem ca=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-ca.pem ta=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-tls-auth.pem So I assume I need a similar line for this one, but should it be "extra-certs=" or "ec=" there? I guess I could try both, but I would prefer to get it right the first time. Or is it perhaps something else entirely? Hi, Editing the connection of NetworkManager with a new option that is not supported by nm-openvpn plugin does not make it work. nm-openvpn plugin does not support this option (yet). See https://git.gnome.org/browse/network-manager-openvpn/commit/?id=master especially https://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service.c?id=dd8868f8a020988a47b7d4d4b502a98531fdeee0 which constructs the command line arguments for openvpn binary. The proper solution is to add support for this option. Patches welcome. I doubt my programming skills are up to a patch for this. Is this one on the list somewhere of addition options to be supported? If not, can it be added? In either case, any idea of when it might be available? Is there a release schedule for the plugin? Possible work arounds are: - try to find a client configuration that does not require this option. Maybe reconfigure the server is feasable. Not in this case, this is not my server but a service provider. - use openvpn directly, without NetworkManager That is my current approach, I guess I can continue doing so while the option is added to the plugin. - replace the openvpn binary with a wrapper shell script, that hacks this option. Something like (totally untested!) #!/bin/bash EXTRA_ARGS= if [[ echo "$@" | grep -q '--remote MY.REMOTE.THAT.I.RECOGNIZE' ]]; then EXTRA_ARGS="--extra-certs /path/to/extra/certs" fi exec /path/to/real/openvpn "$@" $EXTRA_ARGS I guess that might work, but it is a bit messy. Given that I only need to use the service when taking my laptop out of the office I believe I can live with continuing to use openvpn directly until the plugin supports the option. I doubt that private tunnel is the only service using this option, so I suspect others are also encountering it and adding support to the plugin should be done at some point. Thanks again for your assistance in this matter. Dave ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
On Thu, 2018-02-22 at 11:43 -0500, David H. Durgee wrote: > Thomas Haller wrote: > > On Wed, 2018-02-21 at 12:03 -0500, David H. Durgee wrote: > > > Thomas Haller wrote: > > > > > > I will consider debug logging after you have a chance to inspect > > > the > > > connection show and let me know if it looks sane or is missing a > > > crucial > > > element. > > > > Hi, > > > > the settings don't look wrong, but whether the settings are > > correct > > depends very much on your server configuratoin. Enable debug > > logging > > and see why the connection failed. > > > > Since NM does not support the argument, you should > > investigate whether that argument is required in your setup. For > > example, (as you said, plain openvpn works) by running openvpn with > > the > > ovpn without the option. > > > > > > best, > > Thomas > > Per your suggestion I tried using openvpn with the edited file and > as > expected it fails to connect. So the appears to be > required to initialize the connection. Now the question is how do I > add > them to the configuration? I manually added the contents of that > element to a file ~/.certs/nm-openvpn/Ashburn-edited-extra-certs.pem > along with the other elements, but that appears to be insufficient. > > I assume that I need to add the proper entry to > /etc/NetworkManager/system-connections/Private Tunnel - Ashburn, but > my > question is what form does that entry take? In the [vpn] section I > see > various entries referencing the certificates, specifically: > > cert=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-cert.pem > key=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-key.pem > ca=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-ca.pem > ta=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-tls-auth.pem > > So I assume I need a similar line for this one, but should it be > "extra-certs=" or "ec=" there? I guess I could try both, but I > would > prefer to get it right the first time. Or is it perhaps something > else > entirely? Hi, Editing the connection of NetworkManager with a new option that is not supported by nm-openvpn plugin does not make it work. nm-openvpn plugin does not support this option (yet). See https://git.gnome.org/browse/network-manager-openvpn/commit/?id=master especially https://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service.c?id=dd8868f8a020988a47b7d4d4b502a98531fdeee0 which constructs the command line arguments for openvpn binary. The proper solution is to add support for this option. Patches welcome. Possible work arounds are: - try to find a client configuration that does not require this option. Maybe reconfigure the server is feasable. - use openvpn directly, without NetworkManager - replace the openvpn binary with a wrapper shell script, that hacks this option. Something like (totally untested!) #!/bin/bash EXTRA_ARGS= if [[ echo "$@" | grep -q '--remote MY.REMOTE.THAT.I.RECOGNIZE' ]]; then EXTRA_ARGS="--extra-certs /path/to/extra/certs" fi exec /path/to/real/openvpn "$@" $EXTRA_ARGS best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Thomas Haller wrote: On Wed, 2018-02-21 at 12:03 -0500, David H. Durgee wrote: Thomas Haller wrote: I will consider debug logging after you have a chance to inspect the connection show and let me know if it looks sane or is missing a crucial element. Hi, the settings don't look wrong, but whether the settings are correct depends very much on your server configuratoin. Enable debug logging and see why the connection failed. Since NM does not support the argument, you should investigate whether that argument is required in your setup. For example, (as you said, plain openvpn works) by running openvpn with the ovpn without the option. best, Thomas Per your suggestion I tried using openvpn with the edited file and as expected it fails to connect. So the appears to be required to initialize the connection. Now the question is how do I add them to the configuration? I manually added the contents of that element to a file ~/.certs/nm-openvpn/Ashburn-edited-extra-certs.pem along with the other elements, but that appears to be insufficient. I assume that I need to add the proper entry to /etc/NetworkManager/system-connections/Private Tunnel - Ashburn, but my question is what form does that entry take? In the [vpn] section I see various entries referencing the certificates, specifically: cert=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-cert.pem key=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-key.pem ca=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-ca.pem ta=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-tls-auth.pem So I assume I need a similar line for this one, but should it be "extra-certs=" or "ec=" there? I guess I could try both, but I would prefer to get it right the first time. Or is it perhaps something else entirely? Dave ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
On Wed, 2018-02-21 at 12:03 -0500, David H. Durgee wrote: > Thomas Haller wrote: > > I will consider debug logging after you have a chance to inspect the > connection show and let me know if it looks sane or is missing a > crucial > element. Hi, the settings don't look wrong, but whether the settings are correct depends very much on your server configuratoin. Enable debug logging and see why the connection failed. Since NM does not support the argument, you should investigate whether that argument is required in your setup. For example, (as you said, plain openvpn works) by running openvpn with the ovpn without the option. best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Thomas Haller wrote: On Tue, 2018-02-20 at 16:46 -0500, David H. Durgee wrote: As I indicated in my last posting, I was going to try editing out the element that was being complained about in the error and see what happens. I was able to successfully import the edited ovpn file using network connections. Sidenote: import of a ovpn file is only a step to create the connection profile in NetworkManager. When you activate a VPN connection, what matters is how the connection profile locks in NetworkManager, see for example $ nmcli connection show "$VPN_PROFILE" The settings in the profile matter, but it does not matter how the profile was created originally (import ovpn file, or clicked in nm- connection-editor, or nmcli). I have attached the output of the connection show to this response. Now that it is in my available connections, I attempted to activate it. Unfortunately, this failed. Looking in /var/log/syslog I found the following: ... Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake failed Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error] received, process restarting Unclear, what is wrong. What did you do about the unsupported extra-certs option? nm-openvpn does not support that, so there is no immediate way how to specify them. Is this option required for you to successfully establish the connection? I simply edited it out of the profile. I don't know if it is required or optional. You could enable debug logging, for example via sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN afterward, re-activate the VPN connection and look at journal. Note that verbose logging of openvpn might reveal private sensitive information. Take care before sending a logfile. See comment about rate limiting of journal at https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf Also, in the logfile you will see how NetworkManager's VPN plugin invokes the openvpn binary and which parameters are passed to it. Are those parameters making sense? best, Thomas I will consider debug logging after you have a chance to inspect the connection show and let me know if it looks sane or is missing a crucial element. Thank you for your assistance in this matter. Dave connection.id: Private Tunnel - Ashburn connection.uuid:03cba5d7-57df-4bd8-b5d3-24c3f24013d7 connection.interface-name: -- connection.type:vpn connection.autoconnect: yes connection.autoconnect-priority:0 connection.timestamp: 0 connection.read-only: no connection.permissions: connection.zone:-- connection.master: -- connection.slave-type: -- connection.autoconnect-slaves: -1 (default) connection.secondaries: connection.gateway-ping-timeout:0 connection.metered: unknown connection.lldp:-1 (default) ipv4.method:auto ipv4.dns: ipv4.dns-search: ipv4.dns-options: (default) ipv4.dns-priority: 0 ipv4.addresses: ipv4.gateway: -- ipv4.routes: ipv4.route-metric: -1 ipv4.ignore-auto-routes:no ipv4.ignore-auto-dns: no ipv4.dhcp-client-id:-- ipv4.dhcp-timeout: 0 ipv4.dhcp-send-hostname:yes ipv4.dhcp-hostname: -- ipv4.dhcp-fqdn: -- ipv4.never-default: no ipv4.may-fail: yes ipv4.dad-timeout: -1 (default) ipv6.method:auto ipv6.dns: ipv6.dns-search: ipv6.dns-options: (default) ipv6.dns-priority: 0 ipv6.addresses: ipv6.gateway: -- ipv6.routes: ipv6.route-metric: -1 ipv6.ignore-auto-routes:no ipv6.ignore-auto-dns: no ipv6.never-default: no ipv6.may-fail: yes ipv6.ip6-privacy: 0 (disabled) ipv6.addr-gen-mode: stable-privacy ipv6.dhcp-send-hostname:yes ipv6.dhcp-hostname: -- vpn.service-type: org.freedesktop.NetworkManager.openvpn vpn.user-name: -- vpn.data: ta = /
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
On Tue, 2018-02-20 at 16:46 -0500, David H. Durgee wrote: > As I indicated in my last posting, I was going to try editing out > the > element that was being complained about in the error and see what > happens. I was able to successfully import the edited ovpn file > using > network connections. Sidenote: import of a ovpn file is only a step to create the connection profile in NetworkManager. When you activate a VPN connection, what matters is how the connection profile locks in NetworkManager, see for example $ nmcli connection show "$VPN_PROFILE" The settings in the profile matter, but it does not matter how the profile was created originally (import ovpn file, or clicked in nm- connection-editor, or nmcli). > Now that it is in my available connections, I attempted to activate > it. > Unfortunately, this failed. Looking in /var/log/syslog I found the > following: ... > Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key > negotiation > failed to occur within 60 seconds (check your network connectivity) > Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake > failed > Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error] > received, process restarting Unclear, what is wrong. What did you do about the unsupported extra-certs option? nm-openvpn does not support that, so there is no immediate way how to specify them. Is this option required for you to successfully establish the connection? You could enable debug logging, for example via sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN afterward, re-activate the VPN connection and look at journal. Note that verbose logging of openvpn might reveal private sensitive information. Take care before sending a logfile. See comment about rate limiting of journal at https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf Also, in the logfile you will see how NetworkManager's VPN plugin invokes the openvpn binary and which parameters are passed to it. Are those parameters making sense? best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
As I indicated in my last posting, I was going to try editing out the element that was being complained about in the error and see what happens. I was able to successfully import the edited ovpn file using network connections. Now that it is in my available connections, I attempted to activate it. Unfortunately, this failed. Looking in /var/log/syslog I found the following: Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0350] audit: op="connection-activate" uuid="03cba5d7-57df-4bd8-b5d3-24c3f24013d7" name="Private Tunnel - Ashburn" pid=2421 uid=1000 result="success" Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0521] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: Started the VPN service, PID 21285 Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0904] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: Saw the service appear; activating connection Feb 20 16:20:48 Z560 NetworkManager[1008]: nm-openvpn-Message: openvpn[21289] started Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.1261] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN plugin: state changed: starting (3) Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.1262] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN connection: (ConnectInteractive) reply received Feb 20 16:20:48 Z560 nm-openvpn[21289]: OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017 Feb 20 16:20:48 Z560 nm-openvpn[21289]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Feb 20 16:20:48 Z560 nm-openvpn[21289]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 20 16:20:48 Z560 nm-openvpn[21289]: TCP/UDP: Preserving recently used remote address: [AF_INET]198.24.187.53:1194 Feb 20 16:20:48 Z560 nm-openvpn[21289]: UDP link local: (not bound) Feb 20 16:20:48 Z560 nm-openvpn[21289]: UDP link remote: [AF_INET]198.24.187.53:1194 Feb 20 16:20:48 Z560 nm-openvpn[21289]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay Feb 20 16:20:48 Z560 nm-openvpn[21289]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake failed Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error] received, process restarting Feb 20 16:21:48 Z560 NetworkManager[1008]: [1519161708.8643] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN connection: connect timeout exceeded. Feb 20 16:21:48 Z560 NetworkManager[1008]: libnm-Message: Connect timer expired, disconnecting. Feb 20 16:21:48 Z560 NetworkManager[1008]: nm-openvpn-Message: openvpn[21289]: send SIGTERM Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGTERM[hard,init_instance] received, process exiting Feb 20 16:21:48 Z560 NetworkManager[1008]: nm-openvpn-Message: openvpn[21289] exited with success Feb 20 16:21:48 Z560 NetworkManager[1008]: [1519161708.8712] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN plugin: failed: connect-failed (1) Feb 20 16:21:48 Z560 NetworkManager[1008]: [1519161708.8721] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN plugin: state changed: stopping (5) Feb 20 16:21:48 Z560 NetworkManager[1008]: [1519161708.8722] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN plugin: state changed: stopped (6) I attached a copy of this log in case the above is unreadable. How do I correct this problem and get the tunnel working? Dave Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0350] audit: op="connection-activate" uuid="03cba5d7-57df-4bd8-b5d3-24c3f24013d7" name="Private Tunnel - Ashburn" pid=2421 uid=1000 result="success" Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0521] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: Started the VPN service, PID 21285 Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0904] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: Saw the service appear; activating connection Feb 20 16:20:48 Z560 NetworkManager[1008]: nm-openvpn-Message: openvpn[21289] started Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.1261] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN plugin: state changed: starting (3) Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.1262] vpn-connection[0x132d270,03cba5d7-57d
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Thomas Haller wrote: On Thu, 2018-02-15 at 14:24 -0500, David H. Durgee wrote: Hi, I am running Linux Mint 18.3 x64 cinnamon and have the OpenVPN plugin installed with network manager. I have an OpenVPN profile from Private Tunnel that I use with no problems on my phone with the OpenVPN Connect app. I can also use the profile at the terminal window in LM 18.3 successfully. Attempting to import the OpenVPN profile fails with an error: Cannot import VPN connection The file 'Ashburn.ovpn' could not be read or does not contain recognized VPN connection information Error: the plugin does not support import capability. The error message is not helpful because of bug https://bugzilla.gnome.org/show_bug.cgi?id=790770#c1 You might get a better message with nmcli connection import type openvpn file "$FILENAME" and maybe that already tells you what's wrong. In my terminal window I get: [snip] all this information is not relevant, because import is solely done by the user application that reads the .ovpn file and creates a corresponding connection profile in NetworkManager compatible format Commonly it's one of nmcli, nm-connection-editor, gnome-control-center, or plasma-nm. Can you be more precise about which application you are using to import the ovpn file? The information that matters most is the ovpn file itself and the version of the nm-openvpn plugin that performs the import. Please send the ovpn file, but make sure to sanitize private information (without changing the meaning of the file too much). best, Thomas I tired the command line tool as suggested: dhdurgee@Z560 ~/Downloads $ nmcli connection import type openvpn file Ashburn.ovpn Error: failed to import 'Ashburn.ovpn': configuration error: unsupported blob/xml element (line 77). Looking at the file, the line indicated and following are: -BEGIN CERTIFICATE- *** certificate omitted *** -END CERTIFICATE- Beyond that extra certificate are the RSA KEY and TLS information. I guess I can try editing the file to remove the extra certificate and see if that passes muster. Dave ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
On Thu, 2018-02-15 at 14:24 -0500, David H. Durgee wrote: Hi, > I am running Linux Mint 18.3 x64 cinnamon and have the OpenVPN > plugin > installed with network manager. I have an OpenVPN profile from > Private > Tunnel that I use with no problems on my phone with the OpenVPN > Connect > app. I can also use the profile at the terminal window in LM 18.3 > successfully. Attempting to import the OpenVPN profile fails with an > error: > > Cannot import VPN connection > > The file 'Ashburn.ovpn' could not be read or does not contain > recognized > VPN connection information > > Error: the plugin does not support import capability. The error message is not helpful because of bug https://bugzilla.gnome.org/show_bug.cgi?id=790770#c1 You might get a better message with nmcli connection import type openvpn file "$FILENAME" and maybe that already tells you what's wrong. > In my terminal window I get: [snip] all this information is not relevant, because import is solely done by the user application that reads the .ovpn file and creates a corresponding connection profile in NetworkManager compatible format Commonly it's one of nmcli, nm-connection-editor, gnome-control-center, or plasma-nm. Can you be more precise about which application you are using to import the ovpn file? The information that matters most is the ovpn file itself and the version of the nm-openvpn plugin that performs the import. Please send the ovpn file, but make sure to sanitize private information (without changing the meaning of the file too much). best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
I am running Linux Mint 18.3 x64 cinnamon and have the OpenVPN plugin installed with network manager. I have an OpenVPN profile from Private Tunnel that I use with no problems on my phone with the OpenVPN Connect app. I can also use the profile at the terminal window in LM 18.3 successfully. Attempting to import the OpenVPN profile fails with an error: Cannot import VPN connection The file 'Ashburn.ovpn' could not be read or does not contain recognized VPN connection information Error: the plugin does not support import capability. In my terminal window I get: dhdurgee@Z560 ~/Downloads $ sudo openvpn --config /home/dhdurgee/Downloads/Ashburn.ovpn [sudo] password for dhdurgee: Thu Nov 16 11:47:46 2017 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017 Thu Nov 16 11:47:46 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Thu Nov 16 11:47:46 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Nov 16 11:47:46 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Nov 16 11:47:46 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]172.106.104.151:1194 Thu Nov 16 11:47:46 2017 Socket Buffers: R=[212992->212992] S=[212992->212992] Thu Nov 16 11:47:46 2017 NOTE: setsockopt TCP_NODELAY=1 failed Thu Nov 16 11:47:46 2017 UDP link local: (not bound) Thu Nov 16 11:47:46 2017 UDP link remote: [AF_INET]172.106.104.151:1194 Thu Nov 16 11:47:46 2017 TLS: Initial packet from [AF_INET]172.106.104.151:1194, sid=dfa7b684 f0ff3286 Thu Nov 16 11:47:46 2017 VERIFY OK: depth=2, CN=OpenVPN CA Thu Nov 16 11:47:46 2017 VERIFY OK: depth=1, CN=PT Transitional 20150615 Thu Nov 16 11:47:46 2017 VERIFY KU OK Thu Nov 16 11:47:46 2017 Validating certificate extended key usage Thu Nov 16 11:47:46 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Nov 16 11:47:46 2017 VERIFY EKU OK Thu Nov 16 11:47:46 2017 VERIFY OK: depth=0, CN=ash2.privatetunnel.com Thu Nov 16 11:47:46 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Thu Nov 16 11:47:46 2017 [ash2.privatetunnel.com] Peer Connection Initiated with [AF_INET]172.106.104.151:1194 Thu Nov 16 11:47:47 2017 SENT CONTROL [ash2.privatetunnel.com]: 'PUSH_REQUEST' (status=1) Thu Nov 16 11:47:47 2017 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.9.0.1,ifconfig 10.9.203.15 255.255.0.0,client-ip 72.83.50.38,ping 8,ping-restart 40,reneg-sec 3600,cipher AES-128-GCM,compress lz4-v2,peer-id 31367,topology subnet,explicit-exit-notify,redirect-gateway def1,dhcp-option DNS 10.9.0.1,sndbuf 0,rcvbuf 0,socket-flags TCP_NODELAY,block-ipv6' Thu Nov 16 11:47:47 2017 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: client-ip (2.4.4) Thu Nov 16 11:47:47 2017 Options error: option 'reneg-sec' cannot be used in this context ([PUSH-OPTIONS]) Thu Nov 16 11:47:47 2017 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:11 is ignored by previous blocks Thu Nov 16 11:47:47 2017 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:17: block-ipv6 (2.4.4) Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: timers and/or timeouts modified Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: explicit notify parm(s) modified Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: compression parms modified Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Thu Nov 16 11:47:47 2017 Socket Buffers: R=[212992->212992] S=[212992->212992] Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: --socket-flags option modified Thu Nov 16 11:47:47 2017 NOTE: setsockopt TCP_NODELAY=1 failed Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: --ifconfig/up options modified Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: route options modified Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: route-related options modified Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: peer-id set Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: adjusting link_mtu to 1625 Thu Nov 16 11:47:47 2017 OPTIONS IMPORT: data channel crypto options modified Thu Nov 16 11:47:47 2017 Data Channel: using negotiated cipher 'AES-128-GCM' Thu Nov 16 11:47:47 2017 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key Thu Nov 16 11:47:47 2017 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key Thu Nov 16 11:47:47 2017 ROUTE_GATEWAY 192.168.230.1/255.255.255.0 IFACE=wlp5s0 HWADDR=ac:81:12:a4:5e:43 Thu Nov 16 11:47:47 2017 TUN/TAP device tun0 opened Thu Nov 16 11:47:47 2017 TUN/TAP TX queue length set to 100 Thu Nov 16 11:47:47 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Thu Nov 16 11:47:47 2017 /sbin/ip link set dev tun0 up mtu 1500 Thu Nov 16 11:47:47 2017 /sbin/ip addr add dev tun0 10