sudo openvpn --config (VPN-NAME).ovpn
: works
NetworkManager configuration: doesn’t work (while being the same, copypasted config)
(VPN-NAME).ovpn
:
dev tun
persist-tun
persist-key
ncp-disable
cipher AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote (hostname) 1194 udp
setenv opt block-outside-dns
lport 0
verify-x509-name "(hostname)" name
auth-user-pass
remote-cert-tls server
<ca>
(CA CERTIFICATE)
</ca>
<cert>
(CERT CERTIFICATE)
</cert>
<key>
(CERT KEY)
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
(TLS-KEY)
</tls-auth>
Network Manager configuration:
- Copypasted certificates and key from
.ovpn
into descrete files
- Selected “Connection type”, value “Password with Certificates (TLS)”
- Copypasted gateway and file path(s)
- Went to “Advanced…”
- Copypasted (VPN-NAME) in tab “TLS Settings” and selected “Verify name exactly”
- Selected mode “TLS-Auth”, copypasted
tls-auth.key
path, key direction “Client (1)”
tail -f /var/log/syslog
:
debian NetworkManager(648): <info> (1609951704.7482) audit: op="statistics" arg="refresh-rate-ms" pid=2126 uid=1000 result="success"
debian NetworkManager(648): <info> (1609951706.1485) audit: op="connection-activate" uuid="1afd25e7-f3cd-472d-9a3b-31f1ad390479" name="VPN-NAME" pid=2126 uid=1000 result="success"
debian NetworkManager(648): <info> (1609951706.1505) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): Started the VPN service, PID 6763
debian NetworkManager(648): <info> (1609951706.1554) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): Saw the service appear; activating connection
debian NetworkManager(648): <info> (1609951706.1591) audit: op="statistics" arg="refresh-rate-ms" pid=2126 uid=1000 result="success"
debian NetworkManager(648): <info> (1609951706.2483) audit: op="statistics" arg="refresh-rate-ms" pid=2126 uid=1000 result="success"
debian NetworkManager(648): <info> (1609951711.8373) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): VPN plugin: state changed: starting (3)
debian nm-openvpn(6766): OpenVPN 2.4.7 x86_64-pc-linux-gnu (SSL (OpenSSL)) (LZO) (LZ4) (EPOLL) (PKCS11) (MH/PKTINFO) (AEAD) built on Feb 20 2019
debian nm-openvpn(6766): library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
debian nm-openvpn(6766): NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
debian nm-openvpn(6766): TCP/UDP: Preserving recently used remote address: (AF_INET)A.B.C.D:1194
debian nm-openvpn(6766): UDP link local: (not bound)
debian nm-openvpn(6766): UDP link remote: (AF_INET)A.B.C.D:1194
debian nm-openvpn(6766): NOTE: chroot will be delayed because of --client, --pull, or --up-delay
debian nm-openvpn(6766): NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
debian NetworkManager(648): <warn> (1609951772.4259) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): VPN connection: connect timeout exceeded.
debian nm-openvpn-serv(6763): Connect timer expired, disconnecting.
debian NetworkManager(648): <warn> (1609951772.4316) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): VPN plugin: failed: connect-failed (1)
debian nm-openvpn(6766): TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
debian NetworkManager(648): <info> (1609951772.4317) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): VPN plugin: state changed: stopping (5)
debian nm-openvpn(6766): TLS Error: TLS handshake failed
debian NetworkManager(648): <info> (1609951772.4317) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): VPN plugin: state changed: stopped (6)
debian nm-openvpn(6766): SIGTERM(hard,tls-error) received, process exiting
OS Environment:
Debian 10 (buster)
Kernel Linux debian 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux
Network Manager: network-manager/stable,now 1.14.6-2+deb10u1 amd64
OpenVPN Plugin: network-manager-openvpn/stable,now 1.8.10-1 amd64
OpenVPN standalone client (openvpn
command):
OpenVPN 2.4.7 x86_64-pc-linux-gnu (SSL (OpenSSL)) (LZO) (LZ4) (EPOLL) (PKCS11) (MH/PKTINFO) (AEAD) built on Feb 20 2019
library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
From the syslog
it seems the OpenVPN plugin for Network Manager either uses the underlying openvpn
already installed, or has a standalone client it brings with the installation of the plugin itself, which has the same features/capabilities and even version of the standalone openvpn
.
Then, it doesn’t work (but only from Network Manager, standalone does)…