Network-manager policy kit security policies preventing OpenVPN to connect

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
klonbcn
Level 1
Level 1
Posts: 1
Joined: Sun May 06, 2018 5:22 am

Network-manager policy kit security policies preventing OpenVPN to connect

Post by klonbcn » Sun May 06, 2018 5:44 am

Hi all! I've been trying to configure an OpenVPN connection to a QNAP NAS. I've configured successfully a PPTP VPN (successful at least for wired connections) but I'm having a weird problem with network-manager.

My server generates an ovpn certificate that I use to create my connection in network-manager. I can successfully create it but, when I try to activate it, it activates for few seconds and then stops. When I check my logs at syslog I see

Code: Select all

May  6 11:23:56 Mercury NetworkManager[1176]: <info>  [1525598636.8096] audit: op="connection-activate" uuid="ac57d5fc-a043-4e61-9ace-4b4cd27ed111" name="OpenVPN QNAP Server" pid=3026 uid=1000 result="success"
May  6 11:23:56 Mercury NetworkManager[1176]: <info>  [1525598636.8157] vpn-connection[0xfa4210,ac57d5fc-a043-4e61-9ace-4b4cd27ed111,"OpenVPN QNAP Server",0]: Started the VPN service, PID 8025
May  6 11:23:56 Mercury NetworkManager[1176]: (nm-openvpn-service:8025): nm-openvpn-WARNING **: Failed to initialize a plugin instance: Connection ":1.97" is not allowed to own the service "org.freedesktop.NetworkManager.openvpn.Connection_4" due to security policies in the configuration file
May  6 11:24:01 Mercury NetworkManager[1176]: <warn>  [1525598641.8998] vpn-connection[0xfa4210,ac57d5fc-a043-4e61-9ace-4b4cd27ed111,"OpenVPN QNAP Server",0]: Timed out waiting for the service to start
I've been googling and looking for possible reasons for this message and it seems that the problem must be caused by the policies defined in network-manager for dbus. If checked the config file for network-manager in /etc/dbus-1/system.d/nm-openvpn-service.conf (below the contents of the file)

Code: Select all

<!DOCTYPE busconfig PUBLIC
“-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN”
“http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd”&gt;
    <busconfig>
        <policy user=”root”>
            <allow own=”org.freedesktop.NetworkManager.openvpn”/>
            <allow send_destination=”org.freedesktop.NetworkManager.openvpn”/>
        </policy>
        <policy user=”at_console”>
            <allow own=”org.freedesktop.NetworkManager.vpnc”/>
            <allow send_destination=”org.freedesktop.NetworkManager.vpnc”/>
        </policy>
        <policy context=”default”>
            <deny own=”org.freedesktop.NetworkManager.openvpn”/>
            <deny send_destination=”org.freedesktop.NetworkManager.openvpn”/>
        </policy>
</busconfig>
ta
I've tried several things but I'm not finding good documentation neither on this configuration for network manager in the network manager site neither how this relates to policy kit. Takin a look to the file I saw this .vpnc lines that looked a bit weird for me. I tried to add lines in this file with my user (I'm doing this with my admin user) following the pattern of other lines of the file, adding my user to network and netdev groups with no sucess.

If I change the file, either the file has incorrect format of changes have no effect on my configuration.

Does someone know how to configure properly this policies ?

Cheers!
Helio

Post Reply

Return to “Other networking topics”