The officially official Devuan Forum!

You are not logged in.

#1 2019-01-17 12:42:09

SHOOK3R
Member
From: Italy
Registered: 2019-01-17
Posts: 2  

VPN with networkmanger on KDE (openrc)

Hi,
first of all, sorry for my badly english

Packages installed:
network-manager
network-manager-openconnect
network-manager-openvpn
network-manager-vpnc
openvpn
plasma-nm

i import the .opvn file with the username & password copied on graphical KDE network but not work
i do the same thing with openvpn on terminal but same thing (ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1))

but with sudo openvpn work fine, so maybe some permission/polkit is wrong ?

Please help me, i need the vpn i use it very frequently for my job, thanks a lot for all possible answer

Last edited by SHOOK3R (2019-01-17 12:50:48)

Offline

#2 2019-01-17 18:47:01

amesser
Member
From: Germany
Registered: 2018-07-15
Posts: 6  
Website

Re: VPN with networkmanger on KDE (openrc)

On terminal it won't work as normal user because modifying network settings usually requires root permissions. By gui it should work indeed, since network-manger daemon itself runs with root permission and the gui should forward all requests through d-bus to the daemon. Can you please provide the exact error message or problem with KDE gui?

In the meanwhile, please check that elogind, libpolkit*elogind and polkit is installed. (Re-login if you had to install one of these) Then please run:

$ loginctl

should show a list of session (one probably). From that list get session number and run

$ loginctl show-session <session number here>

and post output of that command here.

If you had to install one of the packages above, please try again configuring the vpn through gui. (After re-login!)

Offline

#3 2019-01-18 00:22:29

SHOOK3R
Member
From: Italy
Registered: 2019-01-17
Posts: 2  

Re: VPN with networkmanger on KDE (openrc)

Thanks for help smile)  sry if something miss or wrong but im newbie

dpkg --list |grep libpolkit
ii  libpolkit-agent-1-0:amd64
ii  libpolkit-backend-1-0
ii  libpolkit-backend-elogind-1-0:amd64
ii  libpolkit-gobject-1-0
ii  libpolkit-gobject-elogind-1-0:amd64
ii  libpolkit-qt-1-1:amd64
ii  libpolkit-qt5-1-1:amd64


loginctl show-session 2
Id=2
User=1000                                                                                                                               
Name=matteol                                                                                                                           
Timestamp=Fri 2019-01-18 00:25:00 CET                                                                                                   
TimestampMonotonic=13969528                                                                                                       
VTNr=7                                                                                                                               
Seat=seat0
Display=:0
Remote=no
Service=sddm
Leader=2654
Audit=2
Type=x11
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
LockedHint=no


the graphical popup on KDE notification tell me "The connection attempt to the VPN service timed out.
The service providing the VPN connection was stopped"

& i found this daemon.conf

Jan 18 01:02:48 shook3r NetworkManager[2336]: <info>  [1547769768.4113] audit: op="connection-activate" uuid="d5e36906-c70a-43d5-b23b-759c76f3decc" name="it.protonvpn.com.udp" pid=2829 uid=1000 result="success"
Jan 18 01:02:48 shook3r NetworkManager[2336]: <info>  [1547769768.4159] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: Started the VPN service, PID 3635
Jan 18 01:02:48 shook3r NetworkManager[2336]: <info>  [1547769768.4299] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: Saw the service appear; activating connection
Jan 18 01:02:48 shook3r NetworkManager[2336]: <info>  [1547769768.4415] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN plugin: state changed: starting (3)
Jan 18 01:02:48 shook3r nm-openvpn[3642]: WARNING: file '/home/matteol/.local/share/networkmanagement/certificates/it.protonvpn.com.udp/tls_auth.key' is group or others accessible
Jan 18 01:02:48 shook3r nm-openvpn[3642]: OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Jan 18 01:02:48 shook3r nm-openvpn[3642]: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.08
Jan 18 01:02:48 shook3r nm-openvpn[3642]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan 18 01:02:48 shook3r nm-openvpn[3642]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 18 01:02:48 shook3r nm-openvpn[3642]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.128.27.100:5060
Jan 18 01:02:48 shook3r nm-openvpn[3642]: UDP link local: (not bound)
Jan 18 01:02:48 shook3r nm-openvpn[3642]: UDP link remote: [AF_INET]185.128.27.100:5060
Jan 18 01:02:48 shook3r nm-openvpn[3642]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Jan 18 01:02:48 shook3r nm-openvpn[3642]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jan 18 01:02:48 shook3r ModemManager[2454]: <info>  Creating modem with plugin 'Generic' and '1' ports
Jan 18 01:02:48 shook3r ModemManager[2454]: <warn>  Could not grab port (tty/ttyACM0): 'Cannot add port 'tty/ttyACM0', unhandled serial type'
Jan 18 01:02:48 shook3r ModemManager[2454]: <warn>  Couldn't create modem for device at '/sys/devices/pci0000:00/0000:00:14.0/usb1/1-8': Failed to find primary AT port
Jan 18 01:03:48 shook3r nm-openvpn[3642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 18 01:03:48 shook3r nm-openvpn[3642]: TLS Error: TLS handshake failed
Jan 18 01:03:48 shook3r nm-openvpn[3642]: SIGUSR1[soft,tls-error] received, process restarting
Jan 18 01:03:48 shook3r nm-openvpn[3642]: SIGTERM[hard,init_instance] received, process exiting
Jan 18 01:03:48 shook3r NetworkManager[2336]: <warn>  [1547769828.7206] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN connection: connect timeout exceeded.
Jan 18 01:03:48 shook3r NetworkManager[2336]: <warn>  [1547769828.7231] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN plugin: failed: connect-failed (1)
Jan 18 01:03:48 shook3r NetworkManager[2336]: <info>  [1547769828.7231] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN plugin: state changed: stopping (5)
Jan 18 01:03:48 shook3r NetworkManager[2336]: <info>  [1547769828.7233] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN plugin: state changed: stopped (6)
Jan 18 01:03:48 shook3r NetworkManager[2336]: <info>  [1547769828.7245] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN service disappeared
Jan 18 01:03:49 shook3r PackageKit: get-updates transaction /65_ebecebec from uid 1000 finished with success after 384ms

Last edited by SHOOK3R (2019-01-18 00:24:27)

Offline

#4 2019-01-18 06:00:53

amesser
Member
From: Germany
Registered: 2018-07-15
Posts: 6  
Website

Re: VPN with networkmanger on KDE (openrc)

Ok, session permissions seems to be OK. Im stumbling across

Jan 18 01:02:48 shook3r nm-openvpn[3642]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

and later

Jan 18 01:03:48 shook3r nm-openvpn[3642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

I think the permissions of /home/matteol/.local/share/networkmanagement/certificates/it.protonvpn.com.udp/tls_auth.key need to be 0600. (You can change that using chmod). Also it might be required to manually copy tls_auth.key to /home/matteol/.cert/. See

https://ask.fedoraproject.org/en/questi … pn-server/

If you have selinux installed, maybe this applies too. (But please check other things first)
https://unix.stackexchange.com/question … es-on-cert

Last edited by amesser (2019-01-18 06:01:20)

Offline

Board footer