LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-06-2015, 12:28 AM   #1
Kimbundubobo
LQ Newbie
 
Registered: Sep 2014
Posts: 5

Rep: Reputation: Disabled
NetworkManager - Openvpn - Firewall Zone - Crash Issues


Openvpn connect issues where cert and key files are all placed in either ~/.cert OR in /etc/openvpn. NetworkManager shows "connecting", but does not complete the connection to the server. It does not seem to matter whether the firewall zone is set to home. work, dmz etc, the connection never completes. All config, cert and key files are correct and work on other machines except the current one.

I went through the selinux troubleshooting alerts in an attempt to fix the problem, but the cert file/s are simply moved to root to create a folder with the moved file's attributes, which did not fix the problem.

In addition the 'firewall zone' drop down box within NetworkManager resets itself from to a square (shape) with several ones and zeros inside. NetworkManager crashes repeatedly when clicking on the settings (gear-like shape) icon from certain connections.

I am out of ideas, so if ANYONE has experience with, or has ideas that could possibly relieve ANY of the issues above, I am all ears. Help!
 
Old 03-08-2015, 11:31 AM   #2
dijetlo
Senior Member
 
Registered: Jan 2009
Location: RHELtopia....
Distribution: Solaris 11.2/Slackware/RHEL/
Posts: 1,491
Blog Entries: 2

Rep: Reputation: Disabled
A quick review of the FM (technically, this is just the FFAQ) answers our first question which is, what ports does this beasty need open on the firewall...
Quote:
Short answer: TCP 443, TCP 943, UDP 1194
EDIT: BE ADVISED. TCP 443 is the default ssl port so if the OpenVPN server is "live" i.e. already in PROD, folks might get real interested in what you're up to when you latch onto it.

In the following example, solomon is the server, workbench is the client and willie. He's just the Enterprises Digital Janitor. HE lives in a bit bucket behind the CDW (Customer Data Warehouse) so he's always handy for menial tasks like this one.

from the servers command line:
Code:
willie@solomon:~$ nc -lu 1194
The 'l' switch is for listen and the 'u' specifies udp protocal (the default is tcp so when you test the rest of the ports for connectivity, omit the 'u'.).
That skips down and hangs on the following line. Let it.
From clients command line:
Code:
willie@workbench:~$ nc -u solomon 1194
Again, when testing tcp ports, omit the 'u'. This command line also assumes you have the servers ip and alias in your /etc/hosts file so nc can internally translate it, if not, use the ip of the OpenVPN server in place of the name.
After you do that, the client will seem to hang as well. That's good, just type
Code:
...Can you hear me now?...
and press enter. If you have connectivity, when you look on the server terminal where you set up the listening port you'll see...
Code:
willie@solomon:~$ nc -lu 1194
... Can you hear me now? ...
now hit control +c on both those terminals before you give the security Gestapo an embolism.

Yeah, it's just that easy. That's why I'm not a huge fan of tools like Network-Manager which apparently
Quote:
...crashes repeatedly when clicking on the settings (gear-like shape) icon from certain connections.
Clickin' huh?... nothin' good ever comes of that.

Validate your ports and post back if one or more of them bale on you (you might want to mention it to whoever is managing the firewalls as well). Otherwise we should start looking at cert placement and the OpenVPN configuration or maybe just puzzling out how to do a manual run on the OVPN box from the client command line.

Last edited by dijetlo; 03-08-2015 at 12:34 PM. Reason: Depth and clarity and of course, spelling
 
Old 03-15-2015, 09:47 PM   #3
Kimbundubobo
LQ Newbie
 
Registered: Sep 2014
Posts: 5

Original Poster
Rep: Reputation: Disabled
Sir, I really appreciate your reply to my question. Your reply seems to be directed at using a server, so correct me if I am wrong about that. Your response if a bit technical, and I am not so advanced in the use of openvpn. I have been attempting to fix the problem over the past week, and have recently upgraded. Upgrading corrected most of the connectivity issue. Still am unable to link a vpn connection to the ethernet connection within Networkmanager, though.. and I still get NM crashes after the firewall zone called 'Block' is selected.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Networkmanager + OpenVPN : timeout problem (Fedora 10) jonaskellens Linux - Networking 5 11-02-2011 09:30 AM
[SOLVED] F14 NetworkManager to autoconnect OpenVPN at startup sergani Linux - Networking 4 07-06-2011 12:39 PM
[SOLVED] NetworkManager OpenVpn issue mrmnemo Linux - Networking 3 02-27-2011 12:04 PM
openvpn client and firewall issues on debian etch chil326 Linux - Networking 0 10-21-2007 09:27 AM
linux firewall with internet zone, dmz and trusted zone ikhwan98 Linux - Security 1 11-27-2001 04:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration