Imported .opvn does not work, openvpn directly does
I am not an openvpn expert so I might be doing something really stupid. I am on a Fedora 36 Workstation machine with Gnome 42. I described this issue first on reddit.
I want to connect to an openvpn server with the following configuration
client
dev tun
proto udp
remote XXXXXXXXXXXXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert sebastian_laptop.crt
key sebastian_laptop.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-GCM
verb 5
The certificates and keys are in the same folder as the configuration file. This works with openvpn on the command line
$ sudo openvpn sebastian_laptop.ovpn
...
Initialization Sequence Completed
However, I cannot get it to work with the Network Manager:
$ nmcli connection import type openvpn file sebastian_laptop.ovpn
$ sudo nmcli general logging level DEBUG
$ nmcli connection up sebastian_laptop
Sie müssen sich legitimieren, um auf das Virtuelle Private Netz »sebastian_laptop« zuzugreifen.
Warnung: Das Passwort für »vpn.secrets.cert-pass« ist nicht in »passwd-file« definiert. nmcli darf nicht ohne die Option »--ask« fragen.
Fehler: Aktivierung der Verbindung ist gescheitert: Der VPN-Dienst wurde unerwartet gestoppt
Hint: use 'journalctl -xe NM_CONNECTION=5a3afb22-25be-4458-a2a2-2a9840bb25e0 + NM_DEVICE=wlp4s0' to get more details
It asks for the password of my personal key (good) and tells me that the VPN service was stopped unexpectedly. The debug information is, unfortunately, not very helpful (for me):
<debug> [1661431036.1261] device[695b1f33e3b0abb7] (wlp4s0): add_pending_action (1): 'activation-19'
<debug> [1661431036.1263] active-connection[0x55f28e62a200]: constructed (NMVpnConnection, version-id 19, type managed)
<info> [1661431036.1403] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: starting openvpn
<debug> [1661431036.1403] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: starting: watch D-Bus service org.freedesktop.NetworkManager.openvpn.Connection_19
<debug> [1661431036.1406] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: set state: prepare (was waiting)
<debug> [1661431036.1406] active-connection[0x55f28e62a200]: set state activating (was unknown)
<debug> [1661431036.1408] active-connection[0x55f28e62a200]: check-master-ready: not signalling (state activating, no master)
<debug> [1661431036.1446] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: starting: VPN service has PID 12774
<debug> [1661431036.1523] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: set state: need-auth (was prepare)
<debug> [1661431036.1526] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: secrets: requesting VPN secrets pass #1
<debug> [1661431036.1530] settings-connection[0a3e1ef4a96a3398,c5e74be8-28d1-4a22-b244-222f767f803f]: (vpn:0x55f28e5f8c00) secrets requested flags 0x80000004 hints '(none)'
<debug> [1661431036.1536] settings-connection[0a3e1ef4a96a3398,c5e74be8-28d1-4a22-b244-222f767f803f]: (vpn:0x7f26a4007140) existing secrets returned
<debug> [1661431036.1536] settings-connection[0a3e1ef4a96a3398,c5e74be8-28d1-4a22-b244-222f767f803f]: (vpn:0x7f26a4007140) secrets request completed
<debug> [1661431036.1538] settings-connection[0a3e1ef4a96a3398,c5e74be8-28d1-4a22-b244-222f767f803f]: (vpn:0x7f26a4007140) new agent secrets processed
<debug> [1661431036.1545] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: secrets: asking service if additional secrets are required
<debug> [1661431036.1574] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: service indicated additional secrets required
<debug> [1661431036.1575] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: secrets: requesting VPN secrets pass #2
<debug> [1661431036.1579] settings-connection[0a3e1ef4a96a3398,c5e74be8-28d1-4a22-b244-222f767f803f]: (vpn:0x55f28e5f8a20) secrets requested flags 0x4 hints '(none)'
<debug> [1661431036.2294] settings-connection[0a3e1ef4a96a3398,c5e74be8-28d1-4a22-b244-222f767f803f]: (vpn:0x55f28e5aed40) secrets request error: No agents were available for this request.
<debug> [1661431036.2296] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: secrets: asking service if additional secrets are required
<debug> [1661431036.2306] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: service indicated additional secrets required
<debug> [1661431036.2307] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: secrets: requesting VPN secrets pass #3
<debug> [1661431036.2311] settings-connection[0a3e1ef4a96a3398,c5e74be8-28d1-4a22-b244-222f767f803f]: (vpn:0x55f28e593dd0) secrets requested flags 0x5 hints '(none)'
<debug> [1661431039.2532] settings-connection[0a3e1ef4a96a3398,c5e74be8-28d1-4a22-b244-222f767f803f]: (vpn:0x55f28e5ae990) secrets returned from agent :1.84
<debug> [1661431039.2534] settings-connection[0a3e1ef4a96a3398,c5e74be8-28d1-4a22-b244-222f767f803f]: (vpn:0x55f28e5ae990) secrets request completed
<debug> [1661431039.2542] settings-connection[0a3e1ef4a96a3398,c5e74be8-28d1-4a22-b244-222f767f803f]: (vpn:0x55f28e5ae990) new agent secrets processed
<debug> [1661431039.2598] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: secrets: asking service if additional secrets are required
<debug> [1661431039.2651] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: service indicated no additional secrets required
<debug> [1661431039.2656] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: connect: allowing interactive secrets as all agents have that capability
<debug> [1661431039.2658] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: set state: connect (was need-auth)
<debug> [1661431039.2745] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: dbus: state changed: starting (3)
<debug> [1661431039.2747] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: connect: success from ConnectInteractive
<warn> [1661431039.2825] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: dbus: failure: connect-failed (1)
<warn> [1661431039.2826] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: dbus: failure: connect-failed (1)
<debug> [1661431039.2826] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: dbus: state changed: stopping (5)
<debug> [1661431039.2826] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: dbus: state changed: stopped (6)
<debug> [1661431039.2826] vpn[0x55f28e62a200,c5e74be8-28d1-4a22-b244-222f767f803f,"sebastian_laptop"]: set state: failed (was connect)
<debug> [1661431039.2826] active-connection[0x55f28e62a200]: set state deactivated (was activating)
<debug> [1661431039.2828] active-connection[0x55f28e62a200]: check-master-ready: not signalling (state deactivated, no master)
<debug> [1661431039.2828] device[695b1f33e3b0abb7] (wlp4s0): remove_pending_action (0): 'activation-19'
<debug> [1661431039.2843] active-connection[0x55f28e62a200]: disposing
Note that there is an error: secrets request error: No agents were available for this request.
Does this mean the networkmanager did not get the password? That would be strange because the password is available when I have a look at configuration in the Gnome Network Manger VPN configuration. I tried make the password available for all users for testing purposes because this was mentioned as a workaround but it did not work. I also tried the folder ~/.certs
for the certificates and it did not work either.
Any idea?