SELinux prevents my VPN-klient from running

DJViking · January 6, 2026, 9:41am

I have been using the Edge-IP VPN Linux client before on OpenSUSE Leap 15.6, but now on OpenSUSE Tumbleweed it will not work.

I suspect the problem is SELinux. Leap was using AppArmour, and OpenSUSE has now moved to use SELinux.

I am not familiar with either AppArmour or SELinux.

This is the error I get in /var/log/audit/audit.log when running the f5vpn executable:

type=AVC msg=audit(1767691735.307:730): avc: denied { execstack } for pid=15657 comm=“f5vpn” scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0

sudo grep 'f5vpn' /var/log/audit/audit.log | audit2allow

#============= unconfined_t ==============

#!!! This avc can be allowed using the boolean ‘selinuxuser_execstack’
allow unconfined_t self:process execstack;

After some research I got it working after running this command

sudo setsebool -P selinuxuser_execstack on

What I want to know: Is this the right way to get it working with SELinux?
I do not want to make my system less secure - but still allow for this VPN client.

phil524 · January 6, 2026, 12:38pm

Hello,

For an explanation of SELinux boolean see https://en.opensuse.org/Portal:SELinux/Common_issues

You can open a bug report in opensuse bugzilla https://bugzilla.opensuse.org/index.cgi and follow this guide to provide the correct information:
Selinux report problem but not sure that they can do something if it is a non supported product

You can also report this problem to the VPN authors

Regards
Philippe

system · February 5, 2026, 12:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.