Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

There is a conflict between SELinux and openVPN connection!

openVPN does not work when selinux is enable; Gnome responds: Activation of network connection failed!? When I click to connect via openVPN, Instantly, Gnome shows above error at the bottom of the desktop.

If I run 'setenforce 0' as root, then I can connect via openVPN. How should I solve this conflict between openVPN and SELinux?

There is a conflict between SELinux and openVPN connection!

openVPN does not work when selinux is enable; Gnome responds: Activation of network connection failed!? When I click to connect via openVPN, Instantly, Gnome shows above error at the bottom of the desktop.

If I run 'setenforce 0' setenforce 0 as root, then I can connect via openVPN. How should I solve this conflict between openVPN and SELinux?

There is a conflict between SELinux and openVPN connection!

openVPN does not work when selinux is enable; Gnome responds: Activation of network connection failed!? When I click to connect via openVPN, Instantly, Gnome shows above error at the bottom of the desktop.

If I run setenforce 0 as root, then I can connect via openVPN. How should I solve this conflict between openVPN and SELinux?SELinux permanently?

There is a conflict between SELinux and openVPN connection!

openVPN does not work when selinux is enable; Gnome responds: Activation of network connection failed!? When I click to connect via openVPN, Instantly, Gnome shows above error at the bottom of the desktop.

If I run setenforce 0 as root, then I can connect via openVPN. How should I solve this conflict between openVPN and SELinux permanently?

There is a conflict between SELinux and openVPN connection!

openVPN does not work when selinux is enable; Gnome responds: Activation of network connection failed!? When I click to connect via openVPN, Instantly, Gnome shows above error at the bottom of the desktop.

If I run setenforce 0 as root, then I can connect via openVPN. How should I solve this conflict between openVPN and SELinux permanently?


EDIT: open this image in your browser

There is five buttons: Troubleshoot, NotifyAdmin, Details, Ignore, Delete. Here is its details:

SELinux is preventing /usr/sbin/openvpn from open access on the file ~/openvpn_folder/client.crt.
*****  Plugin openvpn (47.5 confidence) suggests  ****************************
If you want to mv client.crt to standard location so that openvpn can have open access. Then you must move the cert file to the ~/.cert directory
Do
# mv ~/openvpn_folder/client.crt ~/.cert
# restorecon -R -v ~/.cert
*****  Plugin openvpn (47.5 confidence) suggests  ****************************
If you want to modify the label on client.crt so that openvpn can have open access on it. Then you must fix it.
Do
# semanage fcontext -a -t home_cert_t ~/openvpn_folder/client.crt
# restorecon -R -v ~/openvpn_folder/client.crt
*****  Plugin catchall (6.38 confidence) suggests  ***************************
If you believe that openvpn should be allowed open access on the client.crt file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep openvpn /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context                system_u:system_r:openvpn_t:s0
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                ~/openvpn_folder/client.crt [ file ]
Source                        openvpn
Source Path                   /usr/sbin/openvpn
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           openvpn-2.3.2-1.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-74.1.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 3.9.8-300.fc19.x86_64
                              #1 SMP Thu Jun 27 19:24:23 UTC 2013 x86_64 x86_64
Alert Count                   29
First Seen                    2013-09-09 11:50:50 IRDT
Last Seen                     2013-09-10 08:59:38 IRDT

There is a conflict between SELinux and openVPN connection!

openVPN does not work when selinux is enable; Gnome responds: Activation of network connection failed!? When I click to connect via openVPN, Instantly, Gnome shows above error at the bottom of the desktop.

If I run setenforce 0 as root, then I can connect via openVPN. How should I solve this conflict between openVPN and SELinux permanently?


EDIT: open this image in your browser

There is five buttons: Troubleshoot, NotifyAdmin, Details, Ignore, Delete. Here is its details:

SELinux is preventing /usr/sbin/openvpn from open access on the file ~/openvpn_folder/client.crt.
*****  Plugin openvpn (47.5 confidence) suggests  ****************************
If you want to mv client.crt to standard location so that openvpn can have open access. Then you must move the cert file to the ~/.cert directory
Do
# mv ~/openvpn_folder/client.crt ~/.cert
# restorecon -R -v ~/.cert
*****  Plugin openvpn (47.5 confidence) suggests  ****************************
If you want to modify the label on client.crt so that openvpn can have open access on it. Then you must fix it.
Do
# semanage fcontext -a -t home_cert_t ~/openvpn_folder/client.crt
# restorecon -R -v ~/openvpn_folder/client.crt
*****  Plugin catchall (6.38 confidence) suggests  ***************************
If you believe that openvpn should be allowed open access on the client.crt file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep openvpn /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context                system_u:system_r:openvpn_t:s0
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                ~/openvpn_folder/client.crt [ file ]
Source                        openvpn
Source Path                   /usr/sbin/openvpn
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           openvpn-2.3.2-1.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-74.1.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 3.9.8-300.fc19.x86_64
                              #1 SMP Thu Jun 27 19:24:23 UTC 2013 x86_64 x86_64
Alert Count                   29
First Seen                    2013-09-09 11:50:50 IRDT
Last Seen                     2013-09-10 08:59:38 IRDT