This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1286239 - OpenVPN can't connect
OpenVPN can't connect
Status: CLOSED DUPLICATE of bug 1286964
Product: Fedora
Classification: Fedora
Component: NetworkManager-openvpn (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Lubomir Rintel
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-27 09:58 EST by Vít Ondruch
Modified: 2015-12-01 05:46 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-01 05:46:33 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vít Ondruch 2015-11-27 09:58:54 EST
Description of problem:
Nov 27 14:00:45 localhost NetworkManager[1076]: <info>  vpn-connection[0x55d8fdddc520,cc410cf5-dc66-4369-81a0-cf3d0f656dfe,"OVPN BRQ UDP",0]: VPN connection: (ConnectInteractive) reply received
Nov 27 14:00:45 localhost nm-openvpn[2779]: Options error: Temporary directory (--tmp-dir) fails with '/tmp': Permission denied
Nov 27 14:00:45 localhost NetworkManager[1076]: <warn>  vpn-connection[0x55d8fdddc520,cc410cf5-dc66-4369-81a0-cf3d0f656dfe,"OVPN BRQ UDP",0]: VPN plugin: failed: connect-failed (1)
Nov 27 14:00:45 localhost nm-openvpn[2779]: Options error: Please correct these errors.
Nov 27 14:00:45 localhost NetworkManager[1076]: <warn>  vpn-connection[0x55d8fdddc520,cc410cf5-dc66-4369-81a0-cf3d0f656dfe,"OVPN BRQ UDP",0]: VPN plugin: failed: connect-failed (1)
Nov 27 14:00:45 localhost nm-openvpn[2779]: Use --help for more information.
Nov 27 14:00:45 localhost NetworkManager[1076]: <info>  vpn-connection[0x55d8fdddc520,cc410cf5-dc66-4369-81a0-cf3d0f656dfe,"OVPN BRQ UDP",0]: VPN plugin: state changed: stopping (5)
Nov 27 14:00:45 localhost NetworkManager[1076]: <info>  vpn-connection[0x55d8fdddc520,cc410cf5-dc66-4369-81a0-cf3d0f656dfe,"OVPN BRQ UDP",0]: VPN plugin: state changed: stopped (6)
Nov 27 14:00:45 localhost NetworkManager[1076]: (nm-openvpn-service:2732): nm-openvpn-WARNING **: openvpn exited with error code 1
Nov 27 14:00:45 localhost NetworkManager[1076]: <info>  vpn-connection[0x55d8fdddc520,cc410cf5-dc66-4369-81a0-cf3d0f656dfe,"OVPN BRQ UDP",0]: VPN plugin: state change reason: unknown (0)




This might be some SELinux related issue, since I observe this behavior after this update:

    Upgraded   selinux-policy-3.13.1-157.fc24.noarch                          @@commandline
    Upgrade                   3.13.1-160.fc24.noarch                          @rawhide
    Upgraded   selinux-policy-targeted-3.13.1-157.fc24.noarch                 @@commandline
    Upgrade                            3.13.1-160.fc24.noarch                 @rawhide




Version-Release number of selected component (if applicable):
$ rpm -q NetworkManager-openvpn
NetworkManager-openvpn-1.2.0-0.1.20151023gitadff387.fc24.x86_64


How reproducible:


Steps to Reproduce:
1. Try to connect to VPN via Gnome UI.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Jirka Klimes 2015-11-30 08:48:22 EST
Let's see if it is SELinux related. Can you try again and see if there are some AVC?
$ sudo ausearch -m avc -ts recent

Does it work with?
$ sudo setenforce 0

It might be a problem with openvpn running as a non root user now. But let's first figure out whether it is SELinux issue.
Comment 2 Vít Ondruch 2015-11-30 09:24:13 EST
(In reply to Jirka Klimes from comment #1)
> Let's see if it is SELinux related. Can you try again and see if there are
> some AVC?
> $ sudo ausearch -m avc -ts recent

This is what I can find in my log:


----
time->Fri Nov 27 14:00:33 2015
type=PROCTITLE msg=audit(1448629233.469:567): proctitle=2F7573722F7362696E2F6F70656E76706E002D2D72656D6F7465006F76706E2D6272712E7265646861742E636F6D0034343300756470002D2D6E6F62696E64002D2D6465760074756E002D2D636
970686572004145532D3235362D434243002D2D617574682D6E6F6361636865002D2D746C732D72656D6F7465006F76706E2D
type=SYSCALL msg=audit(1448629233.469:567): arch=c000003e syscall=21 success=no exit=-13 a0=55de5778acc1 a1=7 a2=7 a3=55de59889d00 items=0 ppid=2732 pid=2751 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="openvpn" exe="/usr/sbin/openvpn" subj=system_u:system_r:openvpn_t:s0 key=(null)
type=AVC msg=audit(1448629233.469:567): avc:  denied  { read write } for  pid=2751 comm="openvpn" name="/" dev="tmpfs" ino=9197 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=0
----
time->Fri Nov 27 14:00:45 2015
type=PROCTITLE msg=audit(1448629245.885:568): proctitle=2F7573722F7362696E2F6F70656E76706E002D2D72656D6F7465006F76706E2D6272712E7265646861742E636F6D0034343300756470002D2D6E6F62696E64002D2D6465760074756E002D2D636970686572004145532D3235362D434243002D2D617574682D6E6F6361636865002D2D746C732D72656D6F7465006F76706E2D
type=SYSCALL msg=audit(1448629245.885:568): arch=c000003e syscall=21 success=no exit=-13 a0=55827d2f2cc1 a1=7 a2=7 a3=55827e711d00 items=0 ppid=2732 pid=2779 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="openvpn" exe="/usr/sbin/openvpn" subj=system_u:system_r:openvpn_t:s0 key=(null)
type=AVC msg=audit(1448629245.885:568): avc:  denied  { read write } for  pid=2779 comm="openvpn" name="/" dev="tmpfs" ino=9197 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=0
----
time->Fri Nov 27 14:01:35 2015
type=PROCTITLE msg=audit(1448629295.066:571): proctitle=2F7573722F7362696E2F6F70656E76706E002D2D72656D6F7465006F76706E2D6272712E7265646861742E636F6D0034343300756470002D2D6E6F62696E64002D2D6465760074756E002D2D636970686572004145532D3235362D434243002D2D617574682D6E6F6361636865002D2D746C732D72656D6F7465006F76706E2D
type=SYSCALL msg=audit(1448629295.066:571): arch=c000003e syscall=21 success=no exit=-13 a0=55b3ac1d3cc1 a1=7 a2=7 a3=55b3acfe6d00 items=0 ppid=2732 pid=2887 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="openvpn" exe="/usr/sbin/openvpn" subj=system_u:system_r:openvpn_t:s0 key=(null)
type=AVC msg=audit(1448629295.066:571): avc:  denied  { read write } for  pid=2887 comm="openvpn" name="/" dev="tmpfs" ino=9197 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=0
----
time->Fri Nov 27 14:02:00 2015
type=PROCTITLE msg=audit(1448629320.714:572): proctitle=2F7573722F7362696E2F6F70656E76706E002D2D72656D6F7465006F76706E2D6272712E7265646861742E636F6D0034343300756470002D2D6E6F62696E64002D2D6465760074756E002D2D636970686572004145532D3235362D434243002D2D617574682D6E6F6361636865002D2D746C732D72656D6F7465006F76706E2D
type=SYSCALL msg=audit(1448629320.714:572): arch=c000003e syscall=21 success=no exit=-13 a0=55b391e36cc1 a1=7 a2=7 a3=55b3925ecd00 items=0 ppid=2732 pid=2920 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="openvpn" exe="/usr/sbin/openvpn" subj=system_u:system_r:openvpn_t:s0 key=(null)
type=AVC msg=audit(1448629320.714:572): avc:  denied  { read write } for  pid=2920 comm="openvpn" name="/" dev="tmpfs" ino=9197 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=0
Comment 3 Vít Ondruch 2015-12-01 05:46:33 EST

*** This bug has been marked as a duplicate of bug 1286964 ***

Note You need to log in before you can comment on or make changes to this bug.