Files not loading after reboot when protected with fscrypt
Running Ubuntu disco (19.04) and using fscrypt to encrypt my home directory I've found an issue with openvpn loading keys and certificates. With the initial setup the VPN connects just fine, but after a reboot I find this.
Aug 20 11:15:09 chris-thinkpad NetworkManager[1079]: [1566317709.2430] audit: op="connection-activate" uuid="5511cf34-326e-4173-b00c-cd223bc37933" name="xxxx" pid=4436 uid=1000 result="success" Aug 20 11:15:09 chris-thinkpad nm-openvpn[32505]: OpenSSL: error:0200107E:system library:fopen:Required key not available Aug 20 11:15:09 chris-thinkpad nm-openvpn[32505]: OpenSSL: error:2006D002:BIO routines:BIO_new_file:system lib Aug 20 11:15:09 chris-thinkpad nm-openvpn[32505]: OpenSSL: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib Aug 20 11:15:09 chris-thinkpad nm-openvpn[32505]: Cannot load certificate file /home/chris/.sesame/canonical-csanders@is@2.crt Aug 20 11:15:09 chris-thinkpad nm-openvpn[32505]: Exiting due to fatal error
After some testing I found that CA certificate, User certificate, User private key, and The TLS-Auth Key File when moved out of the fscrypt directory fixes this. Additionally, selecting a different file and then setting it back to the ones in the fscrypt home directory will also work until you log out again. Simply re-selecting the same file doesn't appear to help you have to pick a different file and then switch back to the one that was already configured.
I suppose this has something to do with trying to load the files before the directory is unencrypted (it decrypts when I log in). I don't really know enough about when/how this files are accessed, but I would expect them to get loaded when I start the VPN and that is always well after I've logged in.