Can connect to VPN through terminal (openvpn) but not through NetworkManager

Issues related to configuring your network
Post Reply
yaomtc
Posts: 26
Joined: 2017/04/22 00:07:03

Can connect to VPN through terminal (openvpn) but not through NetworkManager

Post by yaomtc » 2017/04/22 00:10:39

When I use the config file and certificate provided by my VPN, and the openvpn command line tool, I'm able to connect. However, even when I followed their directions exactly, NetworkManager wouldn't work with the VPN. It just says "Connecting" for a while and then gives up, apparently. Here's the messages:

Code: Select all

Apr 21 23:34:53 centOSdesk nm-openvpn[3467]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 21 23:34:53 centOSdesk nm-openvpn[3467]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 21 23:34:53 centOSdesk nm-openvpn[3467]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 21 23:34:54 centOSdesk nm-openvpn[3467]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 21 23:34:54 centOSdesk nm-openvpn[3467]: TCP_CLIENT link local: (not bound)
Apr 21 23:34:54 centOSdesk nm-openvpn[3467]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 21 23:34:54 centOSdesk nm-openvpn[3467]: Connection reset, restarting [0]
Apr 21 23:34:54 centOSdesk nm-openvpn[3467]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 21 23:35:08 centOSdesk dbus[627]: [system] Failed to activate service 'org.bluez': timed out
Apr 21 23:35:08 centOSdesk dbus-daemon: dbus[627]: [system] Failed to activate service 'org.bluez': timed out
Apr 21 23:35:14 centOSdesk nm-openvpn[3467]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 21 23:35:14 centOSdesk nm-openvpn[3467]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 21 23:35:14 centOSdesk nm-openvpn[3467]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 21 23:35:15 centOSdesk nm-openvpn[3467]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 21 23:35:15 centOSdesk nm-openvpn[3467]: TCP_CLIENT link local: (not bound)
Apr 21 23:35:15 centOSdesk nm-openvpn[3467]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 21 23:35:15 centOSdesk nm-openvpn[3467]: Connection reset, restarting [0]
Apr 21 23:35:15 centOSdesk nm-openvpn[3467]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 21 23:35:17 centOSdesk NetworkManager: libnm-Message: Connect timer expired, disconnecting.
Apr 21 23:35:17 centOSdesk NetworkManager[687]: <warn>  [1492832117.9303] vpn-connection[0x7f6ad320d0f0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN connection: connect timeout exceeded.
Apr 21 23:35:17 centOSdesk nm-openvpn[3467]: SIGTERM[hard,init_instance] received, process exiting
Apr 21 23:35:17 centOSdesk NetworkManager[687]: <warn>  [1492832117.9339] vpn-connection[0x7f6ad320d0f0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN plugin: failed: connect-failed (1)
Apr 21 23:35:17 centOSdesk NetworkManager[687]: <info>  [1492832117.9344] vpn-connection[0x7f6ad320d0f0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN plugin: state changed: stopping (5)
Apr 21 23:35:17 centOSdesk NetworkManager[687]: <info>  [1492832117.9349] vpn-connection[0x7f6ad320d0f0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN plugin: state changed: stopped (6)
Apr 21 23:35:17 centOSdesk NetworkManager: (nm-openvpn-service:3458): libnm-CRITICAL **: ((nm-vpn-service-plugin.c:199)): assertion '<dropped>' failed
Apr 21 23:35:17 centOSdesk NetworkManager: (nm-openvpn-service:3458): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 21 23:35:17 centOSdesk NetworkManager[687]: <info>  [1492832117.9493] vpn-connection[0x7f6ad320d0f0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN service disappeared

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Can connect to VPN through terminal (openvpn) but not through NetworkManager

Post by hunter86_bg » 2017/04/22 11:44:54

I am pretty convinced that this is SElinux issue.In order to verify use "setenforce 0" and try again.
If the certificates ,keys etc are copied in one of the following directories,they will retain correct selinux context:
/home/username/.cert/ or in /etc/pki/
Otherwise use the ”semanage fcontext” and after that "restorecon" tool.

yaomtc
Posts: 26
Joined: 2017/04/22 00:07:03

Re: Can connect to VPN through terminal (openvpn) but not through NetworkManager

Post by yaomtc » 2017/04/23 18:59:34

Tried setenforce 0, same/similar results. Messages are below. Certificates have been in the ~/.cert/nm-openvpn folder. I don't know how to use those tools you mentioned, I can look at the man pages when I get back later?

Also, might the fact that I have consistent network device naming disabled (for the purpose of Maya, especially license activation) have any effect here?

Code: Select all

Apr 23 18:46:29 centOSdesk NetworkManager[689]: <info>  [1492987589.7076] audit: op="connection-activate" uuid="70507ea1-5222-4d20-8a9b-3598395461ba" name="us554.nordvpn.com.tcp443" pid=3900 uid=1000 result="su$
Apr 23 18:46:29 centOSdesk NetworkManager[689]: <info>  [1492987589.7110] vpn-connection[0x7ffb0f6ee0f0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: Started the VPN service, PID 3974
Apr 23 18:46:29 centOSdesk NetworkManager[689]: <info>  [1492987589.7168] vpn-connection[0x7ffb0f6ee0f0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: Saw the service appear; activating con$
Apr 23 18:46:29 centOSdesk NetworkManager[689]: <info>  [1492987589.7977] vpn-connection[0x7ffb0f6ee0f0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN plugin: state changed: starting (3)
Apr 23 18:46:29 centOSdesk NetworkManager[689]: <info>  [1492987589.7977] vpn-connection[0x7ffb0f6ee0f0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN connection: (ConnectInteractive) r$
Apr 23 18:46:29 centOSdesk nm-openvpn[3982]: WARNING: file '/home/chris/.cert/nm-openvpn/us554_nordvpn_com_tls.key' is group or others accessible
Apr 23 18:46:29 centOSdesk nm-openvpn[3982]: OpenVPN 2.4.1 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr  3 2017
Apr 23 18:46:29 centOSdesk nm-openvpn[3982]: library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Apr 23 18:46:29 centOSdesk nm-openvpn[3982]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 23 18:46:30 centOSdesk nm-openvpn[3982]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 23 18:46:30 centOSdesk nm-openvpn[3982]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 23 18:46:31 centOSdesk nm-openvpn[3982]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 23 18:46:31 centOSdesk nm-openvpn[3982]: TCP_CLIENT link local: (not bound)
Apr 23 18:46:31 centOSdesk nm-openvpn[3982]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 23 18:46:31 centOSdesk nm-openvpn[3982]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Apr 23 18:46:31 centOSdesk nm-openvpn[3982]: Connection reset, restarting [0]
Apr 23 18:46:31 centOSdesk nm-openvpn[3982]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 23 18:46:33 centOSdesk PackageKit: resolve transaction /280_cbdadacd from uid 1000 finished with success after 7691ms
Apr 23 18:46:33 centOSdesk fprintd: ** Message: No devices in use, exit
Apr 23 18:46:36 centOSdesk nm-openvpn[3982]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 23 18:46:36 centOSdesk nm-openvpn[3982]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 23 18:46:36 centOSdesk nm-openvpn[3982]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 23 18:46:37 centOSdesk nm-openvpn[3982]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 23 18:46:37 centOSdesk nm-openvpn[3982]: TCP_CLIENT link local: (not bound)
Apr 23 18:46:37 centOSdesk nm-openvpn[3982]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 23 18:46:37 centOSdesk nm-openvpn[3982]: Connection reset, restarting [0]
Apr 23 18:46:37 centOSdesk nm-openvpn[3982]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 23 18:46:42 centOSdesk nm-openvpn[3982]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 23 18:46:42 centOSdesk nm-openvpn[3982]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 23 18:46:42 centOSdesk nm-openvpn[3982]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 23 18:46:43 centOSdesk nm-openvpn[3982]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 23 18:46:43 centOSdesk nm-openvpn[3982]: TCP_CLIENT link local: (not bound)
Apr 23 18:46:43 centOSdesk nm-openvpn[3982]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 23 18:46:43 centOSdesk nm-openvpn[3982]: Connection reset, restarting [0]
Apr 23 18:46:43 centOSdesk nm-openvpn[3982]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 23 18:46:48 centOSdesk nm-openvpn[3982]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 23 18:46:48 centOSdesk nm-openvpn[3982]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 23 18:46:48 centOSdesk nm-openvpn[3982]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 23 18:46:49 centOSdesk nm-openvpn[3982]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 23 18:46:49 centOSdesk nm-openvpn[3982]: TCP_CLIENT link local: (not bound)
Apr 23 18:46:49 centOSdesk nm-openvpn[3982]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 23 18:46:49 centOSdesk nm-openvpn[3982]: Connection reset, restarting [0]
Apr 23 18:46:49 centOSdesk nm-openvpn[3982]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 23 18:46:54 centOSdesk nm-openvpn[3982]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 23 18:46:54 centOSdesk nm-openvpn[3982]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 23 18:46:54 centOSdesk nm-openvpn[3982]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 23 18:46:55 centOSdesk nm-openvpn[3982]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 23 18:46:55 centOSdesk nm-openvpn[3982]: TCP_CLIENT link local: (not bound)
Apr 23 18:46:55 centOSdesk nm-openvpn[3982]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 23 18:46:55 centOSdesk nm-openvpn[3982]: Connection reset, restarting [0]
Apr 23 18:46:55 centOSdesk nm-openvpn[3982]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 23 18:47:05 centOSdesk nm-openvpn[3982]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 23 18:47:05 centOSdesk nm-openvpn[3982]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 23 18:47:05 centOSdesk nm-openvpn[3982]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 23 18:47:06 centOSdesk nm-openvpn[3982]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 23 18:47:06 centOSdesk nm-openvpn[3982]: TCP_CLIENT link local: (not bound)
Apr 23 18:47:06 centOSdesk nm-openvpn[3982]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 23 18:47:06 centOSdesk nm-openvpn[3982]: Connection reset, restarting [0]
Apr 23 18:47:06 centOSdesk nm-openvpn[3982]: SIGUSR1[soft,connection-reset] received, process restarting

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Can connect to VPN through terminal (openvpn) but not through NetworkManager

Post by hunter86_bg » 2017/04/23 23:27:17

If ”setenforce 0” didn't allow the connection-then it's not selinux.
Check the permitions of the .cert folder and its content.
Apr 23 18:46:29 centOSdesk nm-openvpn[3982]:
WARNING: file '/home/chris/.cert/nm-openvpn/
us554_nordvpn_com_tls.key' is group or others
accessible
Try to temporary dropping the firewall and run another test.After that start it again.
If you are using the default firewalld it should be like:

Code: Select all

systemctl stop firewalld && firewall-cmd --state
to enable:

Code: Select all

systemctl start firewalld && firewall-cmd --state

yaomtc
Posts: 26
Joined: 2017/04/22 00:07:03

Re: Can connect to VPN through terminal (openvpn) but not through NetworkManager

Post by yaomtc » 2017/04/29 00:22:46

hunter86_bg wrote:If ”setenforce 0” didn't allow the connection-then it's not selinux.
Check the permitions of the .cert folder and its content.
Apr 23 18:46:29 centOSdesk nm-openvpn[3982]:
WARNING: file '/home/chris/.cert/nm-openvpn/
us554_nordvpn_com_tls.key' is group or others
accessible
The .crt and .key files can be read and written by me. Group can read, and others can read. Should group/others have no access? That's how it is for the .pem files that I assume NetworkManager generated.
hunter86_bg wrote:Try to temporary dropping the firewall and run another test.After that start it again.
If you are using the default firewalld it should be like:

Code: Select all

systemctl stop firewalld && firewall-cmd --state
to enable:

Code: Select all

systemctl start firewalld && firewall-cmd --state
Tried this, still failed.

Code: Select all

Apr 29 00:19:16 centOSdesk NetworkManager[688]: <info>  [1493439556.3927] audit: op="connection-activate" uuid="70507ea1-5222-4d20-8a9b-3598395461ba" name="us554.nordvpn.com.tcp443" pid=5112 uid=1$
Apr 29 00:19:16 centOSdesk NetworkManager[688]: <info>  [1493439556.3963] vpn-connection[0x7f3cfcc360e0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: Started the VPN service,$
Apr 29 00:19:16 centOSdesk NetworkManager[688]: <info>  [1493439556.4017] vpn-connection[0x7f3cfcc360e0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: Saw the service appear; $
Apr 29 00:19:16 centOSdesk NetworkManager[688]: <info>  [1493439556.4831] vpn-connection[0x7f3cfcc360e0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN plugin: state change$
Apr 29 00:19:16 centOSdesk NetworkManager[688]: <info>  [1493439556.4831] vpn-connection[0x7f3cfcc360e0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN connection: (Connect$
Apr 29 00:19:16 centOSdesk nm-openvpn[5168]: WARNING: file '/home/chris/.cert/nm-openvpn/us554_nordvpn_com_tls.key' is group or others accessible
Apr 29 00:19:16 centOSdesk nm-openvpn[5168]: OpenVPN 2.4.1 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr  3 2017
Apr 29 00:19:16 centOSdesk nm-openvpn[5168]: library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Apr 29 00:19:16 centOSdesk nm-openvpn[5168]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 29 00:19:16 centOSdesk nm-openvpn[5168]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 29 00:19:16 centOSdesk nm-openvpn[5168]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 29 00:19:17 centOSdesk nm-openvpn[5168]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 29 00:19:17 centOSdesk nm-openvpn[5168]: TCP_CLIENT link local: (not bound)
Apr 29 00:19:17 centOSdesk nm-openvpn[5168]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 29 00:19:17 centOSdesk nm-openvpn[5168]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Apr 29 00:19:17 centOSdesk nm-openvpn[5168]: Connection reset, restarting [0]
Apr 29 00:19:17 centOSdesk nm-openvpn[5168]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 29 00:19:22 centOSdesk nm-openvpn[5168]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 29 00:19:22 centOSdesk nm-openvpn[5168]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 29 00:19:22 centOSdesk nm-openvpn[5168]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 29 00:19:23 centOSdesk nm-openvpn[5168]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 29 00:19:23 centOSdesk nm-openvpn[5168]: TCP_CLIENT link local: (not bound)
Apr 29 00:19:23 centOSdesk nm-openvpn[5168]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 29 00:19:23 centOSdesk nm-openvpn[5168]: Connection reset, restarting [0]
Apr 29 00:19:23 centOSdesk nm-openvpn[5168]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 29 00:19:28 centOSdesk nm-openvpn[5168]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 29 00:19:28 centOSdesk nm-openvpn[5168]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 29 00:19:28 centOSdesk nm-openvpn[5168]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 29 00:19:29 centOSdesk nm-openvpn[5168]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 29 00:19:29 centOSdesk nm-openvpn[5168]: TCP_CLIENT link local: (not bound)
Apr 29 00:19:29 centOSdesk nm-openvpn[5168]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 29 00:19:29 centOSdesk nm-openvpn[5168]: Connection reset, restarting [0]
Apr 29 00:19:29 centOSdesk nm-openvpn[5168]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 29 00:19:34 centOSdesk nm-openvpn[5168]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 29 00:19:34 centOSdesk nm-openvpn[5168]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 29 00:19:34 centOSdesk nm-openvpn[5168]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 29 00:19:35 centOSdesk nm-openvpn[5168]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 29 00:19:35 centOSdesk nm-openvpn[5168]: TCP_CLIENT link local: (not bound)
Apr 29 00:19:35 centOSdesk nm-openvpn[5168]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 29 00:19:35 centOSdesk nm-openvpn[5168]: Connection reset, restarting [0]
Apr 29 00:19:35 centOSdesk nm-openvpn[5168]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 29 00:19:40 centOSdesk nm-openvpn[5168]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 29 00:19:40 centOSdesk nm-openvpn[5168]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 29 00:19:40 centOSdesk nm-openvpn[5168]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 29 00:19:41 centOSdesk nm-openvpn[5168]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 29 00:19:41 centOSdesk nm-openvpn[5168]: TCP_CLIENT link local: (not bound)
Apr 29 00:19:41 centOSdesk nm-openvpn[5168]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 29 00:19:42 centOSdesk nm-openvpn[5168]: Connection reset, restarting [0]
Apr 29 00:19:42 centOSdesk nm-openvpn[5168]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 29 00:19:52 centOSdesk nm-openvpn[5168]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 29 00:19:52 centOSdesk nm-openvpn[5168]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 29 00:19:52 centOSdesk nm-openvpn[5168]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 29 00:19:53 centOSdesk nm-openvpn[5168]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 29 00:19:53 centOSdesk nm-openvpn[5168]: TCP_CLIENT link local: (not bound)
Apr 29 00:19:53 centOSdesk nm-openvpn[5168]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
Apr 29 00:19:53 centOSdesk nm-openvpn[5168]: Connection reset, restarting [0]
Apr 29 00:19:53 centOSdesk nm-openvpn[5168]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 29 00:20:01 centOSdesk systemd: Created slice user-0.slice.
Apr 29 00:20:01 centOSdesk systemd: Starting user-0.slice.
Apr 29 00:20:01 centOSdesk systemd: Started Session 6 of user root.
Apr 29 00:20:01 centOSdesk systemd: Starting Session 6 of user root.
Apr 29 00:20:01 centOSdesk systemd: Removed slice user-0.slice.
Apr 29 00:20:01 centOSdesk systemd: Stopping user-0.slice.
Apr 29 00:20:13 centOSdesk nm-openvpn[5168]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 29 00:20:13 centOSdesk nm-openvpn[5168]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.15.163:443
Apr 29 00:20:13 centOSdesk nm-openvpn[5168]: Attempting to establish TCP connection with [AF_INET]107.167.15.163:443 [nonblock]
Apr 29 00:20:14 centOSdesk nm-openvpn[5168]: TCP connection established with [AF_INET]107.167.15.163:443
Apr 29 00:20:14 centOSdesk nm-openvpn[5168]: TCP_CLIENT link local: (not bound)
Apr 29 00:20:14 centOSdesk nm-openvpn[5168]: TCP_CLIENT link remote: [AF_INET]107.167.15.163:443
pr 29 00:20:14 centOSdesk nm-openvpn[5168]: Connection reset, restarting [0]
Apr 29 00:20:14 centOSdesk nm-openvpn[5168]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 29 00:20:16 centOSdesk NetworkManager: libnm-Message: Connect timer expired, disconnecting.
Apr 29 00:20:16 centOSdesk nm-openvpn[5168]: SIGTERM[hard,init_instance] received, process exiting
Apr 29 00:20:16 centOSdesk NetworkManager[688]: <warn>  [1493439616.9252] vpn-connection[0x7f3cfcc360e0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN connection: connect timeout exceeded.
Apr 29 00:20:16 centOSdesk NetworkManager[688]: <warn>  [1493439616.9262] vpn-connection[0x7f3cfcc360e0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN plugin: failed: connect-failed (1)
Apr 29 00:20:16 centOSdesk NetworkManager: (nm-openvpn-service:5160): libnm-CRITICAL **: ((nm-vpn-service-plugin.c:199)): assertion '<dropped>' failed
Apr 29 00:20:16 centOSdesk NetworkManager: (nm-openvpn-service:5160): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 29 00:20:16 centOSdesk NetworkManager[688]: <info>  [1493439616.9263] vpn-connection[0x7f3cfcc360e0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN plugin: state changed: stopping (5)
Apr 29 00:20:16 centOSdesk NetworkManager[688]: <info>  [1493439616.9263] vpn-connection[0x7f3cfcc360e0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN plugin: state changed: stopped (6)
Apr 29 00:20:16 centOSdesk NetworkManager[688]: <info>  [1493439616.9314] vpn-connection[0x7f3cfcc360e0,70507ea1-5222-4d20-8a9b-3598395461ba,"us554.nordvpn.com.tcp443",0]: VPN service disappeared

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Can connect to VPN through terminal (openvpn) but not through NetworkManager

Post by hunter86_bg » 2017/04/29 06:33:38

Change the permissions to 600 and try again.It's not supposed that others to read it.Set the same permission to the folder.

Peewhy
Posts: 1
Joined: 2017/08/13 13:43:11

Re: Can connect to VPN through terminal (openvpn) but not through NetworkManager

Post by Peewhy » 2017/08/13 14:10:32

It may be a bit late, but as it does not seem that a solution was found, it might still help others you or others.

If you followed exactly the instructions in the link you provided, it won't work.

The instructions for Centos are at https://support.nordvpn.com/hc/en-us/ar ... inux-setup, and it won't work neither. But in this page, you will find a link to download the certificates (at this time, it is https://nordvpn.com/api/static/ca_and_t ... icates.zip)

You will have to unzip this file an put the certificate and the key corresponding to the server you want to connect to into your ~/.cert directory. (It won't work from another directory if you have SeLinux enabled, although SeLinux will give you notifications about how to change the configuration, either by copying the files to ~/.cert or letting SeLinux access these files from somewhere else.)

Then you will have to select the certificate instead of the .pem certificate that comes from the configuration file (The file has the .crt extension instead of .pem)

Then you will have to click "Advanced settings", select the TLS Authentication tab", and chose the key corresponding to the server and certificate in the "Use additional TLS authentication area". Then select 1 for the Key direction.

After that, it should work. If it does not and you have SeLinux enabled, you will receive an SeLinux notification with the instructions to solve the problem.

Two things to note:

1) If you use IPv6, your IPv6 address might leak. There is no known solution (meaning no solution known to me) than to disable IPv6. There is a page about how to do this on the NordVPN site: https://support.nordvpn.com/hc/en-us/ar ... 5002750169. But beware that this change has to be made on each restart of your computer. To check if you IPv6 address is leaking, you can use https://whatismyipaddress.com/ (Not many testing sites will give you this information.) To check if IPv6 is enabled on your computer, use http://ipv6-test.com/

2) You should also test for DNS leaking. (https://dnsleaktest.com)

2) If you lose the connection with the VPN server, you will automatically fall back to non VPN access. You should configure your firewall to disable direct access and allow only access through the VPN server.

Quarind
Posts: 5
Joined: 2017/08/29 13:29:33

Re: Can connect to VPN through terminal (openvpn) but not through NetworkManager

Post by Quarind » 2017/08/30 15:30:22

I setup openvpn by this guides: https://serversuit.com/community/techni ... g-vpn.html and https://serversuit.com/community/techni ... envpn.html and it work ok.
maybe some info from articles will help you. Good luck.

Post Reply