Ubuntu
openvpn package

Unable to connect to VPN as a non-admin user

Bug #908824 reported by Brandon Ingalls
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Invalid
Low
Unassigned

Bug Description

The user I use on my desktop is a normal desktop user no extra rights. Now I want to connect to my VPN and when I do the network-manager app tells me that I am connected but I am not. When I run openvpn in a terminal I get...

me@BrandonsDesktop:~/Desktop/Keep$ openvpn vpn.ovpn
Mon Dec 26 12:24:44 2011 OpenVPN 2.2.0 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011
Enter Auth Username:*
Enter Auth Password:
Mon Dec 26 12:24:59 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Dec 26 12:24:59 2011 RESOLVE: NOTE: * resolves to 2 addresses
Mon Dec 26 12:24:59 2011 Attempting to establish TCP connection with [AF_INET]* [nonblock]
Mon Dec 26 12:25:00 2011 TCP connection established with [AF_INET]*
Mon Dec 26 12:25:00 2011 TCPv4_CLIENT link local: [undef]
Mon Dec 26 12:25:00 2011 TCPv4_CLIENT link remote: [AF_INET]*
Mon Dec 26 12:25:00 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Dec 26 12:25:04 2011 [server] Peer Connection Initiated with [AF_INET]*
Mon Dec 26 12:25:07 2011 Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Mon Dec 26 12:25:07 2011 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Mon Dec 26 12:25:07 2011 Cannot allocate TUN/TAP dev dynamically
Mon Dec 26 12:25:07 2011 Exiting

Shouldn't a non-admin user be able to connect to a VPN?
This is almost as annoying as how the Available to All Users button is checked by default now. Making it so if a non-admin user wants to connect to a new network you need to enter in the admin users password. Not very user friendly when you can't give the user your admin password.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: openvpn 2.2.0-2ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-14.23-generic 3.0.9
Uname: Linux 3.0.0-14-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
Date: Mon Dec 26 12:19:48 2011
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openvpn
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Brandon Ingalls (brandoningalls) wrote :
Revision history for this message
Antonio Rosales (arosales) wrote :

@Brandon, thanks for filing the bug report. To better understand the issue you are seeing could you please confirm you have enabled VPN for VPS by following docs such as:
http://wiki.vpslink.com/TUN/TAP_device_with_OpenVPN_or_Hamachi

Also page 69 on http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf may be helpful.

Additional VPN information specific to Ubuntu can be found at:
https://help.ubuntu.com/community/OpenVPN

If these links don't help can you detail how you set up your VPN environment and how your config file (vpn.ovpn) looks.

-Thanks.

Changed in openvpn (Ubuntu):
importance: Undecided → Low
Revision history for this message
Brandon Ingalls (brandoningalls) wrote :

I already have a tun device.
When I connect to the OpenVPN server I can see it receives an I.P.
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:*.94.*.52 P-t-P:*.94.*.52 Mask:255.255.255.128
          UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
          RX packets:70 errors:0 dropped:0 overruns:0 frame:0
          TX packets:139 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:39496 (39.4 KB) TX bytes:22557 (22.5 KB)
If I try to load a site like ipchicken as soon as I get the connected message it will load but within seconds if I even try to ping google it will just hang there and do nothing. If I try to go to any website firefox will just sit "loading" the page.
I know this is not a problem within my network because if I use openVPN within a XP virtual machine on my desktop (Same computer) It works just fine within the vm for as long as the vm is on.

Revision history for this message
Simon Déziel (sdeziel) wrote :

Brandon, you could probably workaround that limitation in 2 different ways. First would be to install the "network-manager-openvpn" package if not already done and use it to import and connect to your VPN. Second would be to make sure the VPN is marked for autostart in /etc/default/openvpn.

Marking as Invalid as OpenVPN requires privileges when it starts (to create a network device, assign an IP to it and add routes). The network-manager-openvpn package is a good way to connect to your VPN with a regular user.

Changed in openvpn (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.