RHEL 7 with OpenVPN in NetworkManager

Standard

OK, put simply there are issues immediately due to SELinux in getting NetworkManager to connect up to your VPN properly.  If you setup your connection and certificates as follows you will have no issues whatsoever connecting as any user.

1)Copy all your certificate files into ~/.cert

2)Check your SELinux context and validate it is appropriate:

unconfined_u:object_r:home_cert_t:s0

You need to have something like this:

[andrew@big-red-wireless .cert]$ pwd
/home/andrew/.cert
[andrew@big-red-wireless .cert]$ ls -Z
-rw-r–r–. andrew andrew unconfined_u:object_r:home_cert_t:s0 andrew.crt
-rw——-. andrew andrew unconfined_u:object_r:home_cert_t:s0 andrew.key
-rw-r–r–. andrew andrew unconfined_u:object_r:home_cert_t:s0 ca.crt
[andrew@big-red-wireless .cert]$

3)If you need to reset the contexts, issue the following command as root:

restorecon -R -v /home/$USERNAME/.cert

4)Create a NetworkManager VPN entry with your cert files from the ~/.cert folder.

5)Connect!

Took me a few minutes to understand why the connection was barfing out.  Once I noticed some SELinux alerts it dawned on me — I never set the contexts.  A quick Google showed me also, that there is a convenient location to dump all certificates into.  Double win!

Leave a Reply