Description of problem: SELinux is preventing /usr/sbin/openvpn from name_connect access on the tcp_socket Version-Release number of selected component (if applicable): [root@fedorahost Desktop]# rpm -qa | grep selinux-policy selinux-policy-targeted-3.12.1-69.fc19.noarch selinux-policy-3.12.1-69.fc19.noarch selinux-policy-devel-3.12.1-69.fc19.noarch How reproducible: Always Steps to Reproduce: 1. setup openvpn 2. connect to vpn Actual results: selinux prevents name_connect to access a tcp Socket Expected results: selinux should allow name_connect to access a tcp Socket Additional info: Raw Audit Messages type=AVC msg=audit(1376207034.124:657): avc: denied { name_connect } for pid=11113 comm="openvpn" dest=1886 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1376207034.124:657): arch=i386 syscall=socketcall success=no exit=EINPROGRESS a0=3 a1=bf88bfb0 a2=b7782a6c a3=6 items=0 ppid=11111 pid=11113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=openvpn exe=/usr/sbin/openvpn subj=system_u:system_r:openvpn_t:s0 key=(null) Hash: openvpn,openvpn_t,unreserved_port_t,tcp_socket,name_connect
So did you setup this port?
no its actually Open Vpn who wants to create a new port to set up a connection here are th steps to reproduce 1. go to http://vpngate.net 2. select any one serverand sownload its ovpn file 3. go to network and setup vpn connection by selection "import a saved vpn connection" 4. fill all fields and select user name as vpn and password vpn with ca crt of the server 5. Save the connection and connect to vpn -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Created attachment 788035 [details] video
Created attachment 788040 [details] Policy
commit e8e5f939773d6dde1e2200a4c8d339584650e4e6 Author: Miroslav Grepl <mgrepl> Date: Tue Aug 20 11:09:06 2013 +0200 Add openvpn_can_network_connect() boolean
Created attachment 789441 [details] added openvpn_can_network_connect boolean Does this sound ok ??
selinux-policy-3.12.1-73.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-73.fc19
Package selinux-policy-3.12.1-73.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-73.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-15219/selinux-policy-3.12.1-73.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-73.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.