I have an openVPN I can connect to just fine from the command line. For example - the following works just fine.
openvpn --client --pull --comp-lzo --nobind --dev tap0 --ca /path/to/vpn.cacert.pem --auth-user-pass --remote 1.1.1.1
Text is fine for me - but I’d like to setup some other OpenSuse users who prefer KNetworkManager and it doesn’t work there.
This the error I get
Aug 9 15:26:03 linux-vlpo nm-openvpn[10477]: LZO compression initialized
Aug 9 15:26:05 linux-vlpo nm-openvpn[10477]: UDPv4 link local: [undef]
Aug 9 15:26:05 linux-vlpo nm-openvpn[10477]: UDPv4 link remote: 1.1.1.1:1194
Aug 9 15:26:06 linux-vlpo nm-openvpn[10477]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Aug 9 15:26:06 linux-vlpo nm-openvpn[10477]: TLS Error: TLS object -> incoming plaintext read error
Aug 9 15:26:06 linux-vlpo nm-openvpn[10477]: TLS Error: TLS handshake failed
Aug 9 15:26:06 linux-vlpo nm-openvpn[10477]: SIGUSR1[soft,tls-error] received, process restarting
Aug 9 15:26:08 linux-vlpo nm-openvpn[10477]: Re-using SSL/TLS context
I’m using the same pem certificate for both the command line and the NetworkManager interface. This is what NetworkManager is doing (ran ps while it was trying to connect)
/usr/sbin/openvpn --remote 1.1.1.1 --comp-lzo --nobind --dev tap --proto udp --port 1194 --syslog nm-openvpn --up /usr/bin/nm-openvpn-service-openvpn-helper --up-restart --persist-key --persist-tun --management 127.0.0.1 1194 --management-query-passwords --route-noexec --client --ns-cert-type server --auth-user-pass --ca /path/to/vpn.cacert.pem
I have found that it is the “–ns-cert-type server” which causes the problem. Question. What checkbox do I click to get rid of that “feature.” Or what gpg tool is need for users to get nm-openvpn to “trust” that certificate
Help?