[opensuse] user-level GUI for openVPN
![](https://seccdn.libravatar.org/avatar/2b1eb030e03bd91bb4f8e20da0671232.jpg?s=120&d=mm&r=g)
Hi, My department switched last week to openVPN at the firewall and it is closing the SSH port. I can connect to the server as root running "openvpn --config client.ovpn" (with the config file provided by the department) and everything seems to work, even NX, as long as I keep that connection open. But I would like to use a GUI tool to make the connection more convenient for the students in my lab. I tried KNetworkManager, but it failed with: 'ConnectFailed', with message 'The VPN login failed because the VPN program could not connect to the VPN server.'. VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 3 -> 5. VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 5 -> 6. VPN Service org.freedesktop.NetworkManager.openvpn: could not stop connection 'MECE' because service was 6. Kvpnc had the advantage of being able to read the "client.ovpn" file in the setup wizard and it seemed to go a little further, but then also broke: success: Connection established. info: Successful disconnected. info: Connection duration was 00 hours, 00 minutes, 03 seconds info: Reconnect after connection lost enabled, reconnecting... error: The management port cant bind, please try again later. info: Successful connect try canceled. In addition, Kvpnc requires the root password to start, which is what I wanted to avoid, if possible. Does anyone know what the error messages above mean? Is there another GUI, like KnetworkManager, that starts an openVPN connection without requiring root password? -- Carlos FL Who is General Failure, and why is he reading my disk? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
![](https://seccdn.libravatar.org/avatar/7aeddadc5c752bf9574e61e0750f1315.jpg?s=120&d=mm&r=g)
Sun, 04 Nov 2007, by carlos.lange@ualberta.ca:
Hi,
My department switched last week to openVPN at the firewall and it is closing the SSH port. I can connect to the server as root running "openvpn --config client.ovpn" (with the config file provided by the department) and everything seems to work, even NX, as long as I keep that connection open.
But I would like to use a GUI tool to make the connection more convenient for the students in my lab. [..]
Is there another GUI, like KnetworkManager, that starts an openVPN connection without requiring root password?
Add the user to sudoers User_Alias VPNusers = user1, user2 VPNusers ALL (ALL) /usr/sbin/rcopenvpn Then make a desktop link to a short script and make sure you check 'run in a terminal': #!/bin/sh if ! /sbin/checkproc /usr/sbin/openvpn; then /usr/bin/sudo /usr/sbin/rcopenvpn start elif /sbin/checkproc /usr/sbin/openvpn; then /usr/bin/sudo /usr/sbin/rcopenvpn stop fi Put your config file in /etc/openvpn/ and it will be used by the init script. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.20 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
![](https://seccdn.libravatar.org/avatar/2b1eb030e03bd91bb4f8e20da0671232.jpg?s=120&d=mm&r=g)
On Sun November 4 2007 16:33, Theo v. Werkhoven wrote:
Sun, 04 Nov 2007, by carlos.lange@ualberta.ca:
Hi,
My department switched last week to openVPN at the firewall and it is closing the SSH port. I can connect to the server as root running "openvpn --config client.ovpn" (with the config file provided by the department) and everything seems to work, even NX, as long as I keep that connection open.
But I would like to use a GUI tool to make the connection more convenient for the students in my lab.
[..]
Is there another GUI, like KnetworkManager, that starts an openVPN connection without requiring root password?
Add the user to sudoers
User_Alias VPNusers = user1, user2 VPNusers ALL (ALL) /usr/sbin/rcopenvpn
Then make a desktop link to a short script and make sure you check 'run in a terminal':
#!/bin/sh if ! /sbin/checkproc /usr/sbin/openvpn; then /usr/bin/sudo /usr/sbin/rcopenvpn start elif /sbin/checkproc /usr/sbin/openvpn; then /usr/bin/sudo /usr/sbin/rcopenvpn stop fi
Put your config file in /etc/openvpn/ and it will be used by the init script.
Thanks for the detailed instructions. I was thinking of trying something like that if I don't get a GUI tool that works, but I didn't know about rcopenvpn. I notice that it requires the configuration file in /etc/openvpn to be called *.conf, which I changed in my file. This may be the way to go. -- Carlos FL Who is General Failure, and why is he reading my disk? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
![](https://seccdn.libravatar.org/avatar/240a7b4357112ffcfe23d7d75d888e04.jpg?s=120&d=mm&r=g)
On Nov 5, 2007 6:37 AM, Carlos F Lange
Hi, info: Successful disconnected. info: Connection duration was 00 hours, 00 minutes, 03 seconds info: Reconnect after connection lost enabled, reconnecting... error: The management port cant bind, please try again later.
>From this error, the port maybe already be used by itself or other
program(ipsec-tools's racoon also use the same port), so just check
who use the port like this:
lsof -i :500
--
Sincerely Yours,
Charles Li
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org
![](https://seccdn.libravatar.org/avatar/2b1eb030e03bd91bb4f8e20da0671232.jpg?s=120&d=mm&r=g)
On Sun November 4 2007 19:21, you wrote:
On Nov 5, 2007 6:37 AM, Carlos F Lange
wrote: Hi, info: Successful disconnected. info: Connection duration was 00 hours, 00 minutes, 03 seconds info: Reconnect after connection lost enabled, reconnecting... error: The management port cant bind, please try again later.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From this error, the port maybe already be used by itself or other program(ipsec-tools's racoon also use the same port), so just check who use the port like this:
lsof -i :500
Thanks. It appears that it is kvpnc itself that keeps it bound. After a reboot I managed to run kvpnc and establish a connection, though the connection was hanging somehow, despite kvpnc claiming it was connected. After killing and restarting I got the same error as above. I tried "lsof -i :1194", according to the port I am using, but the result was empty. Anyway, kvpnc still requires root password. Ideally I would like to get KNetworkManager to work. -- Carlos FL Who is General Failure, and why is he reading my disk? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos F Lange
-
Charles Li
-
Theo v. Werkhoven