http://bugzilla.opensuse.org/show_bug.cgi?id=1044785 Bug ID: 1044785 Summary: openvpn with NetworkManager crashes on renegotiation Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: banderson19com@san.rr.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Running Tumbleweed updated current as of 6-14-2017. Created an openvpn connection using the NetworkManager KDE applet. The connection starts properly and runs for an hour or so until a renegotiation occurs at which time openvpn crashes with the error: ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1) The command NetworkManager issues to start openvpn is: /usr/sbin/openvpn --remote us-ca.mullvad.net 1197 udp --comp-lzo yes --nobind --dev tun --cipher AES-256-CBC --auth-nocache --remote-cert-tls server --reneg-sec 0 --verb 1 --syslog nm-openvpn --script-security 2 --up /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 3261 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_4 --tun -- --up-restart --persist-key --persist-tun --management /var/run/NetworkManager/nm-openvpn-ff470881-4027-4585-97df-197b5e83b16d unix --management-client-user root --management-client-group root --management-query-passwords --auth-retry interact --route-noexec --ifconfig-noexec --client --ca /etc/openvpn/ca.crt --cert /etc/openvpn/client.crt --key /etc/openvpn/client.key --user nm-openvpn --group nm-openvpn Hacking nm-openvpn-service to remove the --user and --group command line arguments sent to openvpn causes the link to be maintained across the renegotiation process but then it runs as root. /dev/net/tun is owned by root with read/write permission for everyone. I have tried changing ownership of it before starting the vpn link but it is reset to root ownership when NetworkManager starts the service. -- You are receiving this mail because: You are on the CC list for the bug.