Manual .ovpn settings trouble with VPN -> tun/tap permission denied as nemo [not relevant]
Hi, I interested to try beta VPN with my CyberGhost Premium VPN service provider. I have Jolla phone with 2.0.1.11. First I tried to establish a connection with Settings VPN UI but my try immediately failed. Did manually set cert, client, key and ovpn paths to correct locations. I do have username and password configuration which does not work from UI. Nevertheless what settings I change, "ask password if needed" / "read from file", I don't get a credentials prompt.
So I looked what happens under the openvpn hood. Here is openvpn command line as a regular nemo user:
openvpn --config path to .ovpn file username: password:
Sun May 7 13:42:26 2017 us=861415 SENT CONTROL [CyberGhost VPN Server Bucharest-S14-I02]: 'PUSH_REQUEST' (status=1)
Sun May 7 13:42:27 2017 us=111902 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 185.156.172.178,dhcp-option DNS 185.93.180.131,dhcp-option DNS 83.143.245.42,comp-lzo yes,route 10.130.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.130.0.110 10.130.0.109'
Sun May 7 13:42:27 2017 us=112909 OPTIONS IMPORT: timers and/or timeouts modified
Sun May 7 13:42:27 2017 us=113123 OPTIONS IMPORT: LZO parms modified
Sun May 7 13:42:27 2017 us=113337 OPTIONS IMPORT: --ifconfig/up options modified
Sun May 7 13:42:27 2017 us=113520 OPTIONS IMPORT: route options modified
Sun May 7 13:42:27 2017 us=113733 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun May 7 13:42:27 2017 us=115107 ROUTE_GATEWAY 10.24.214.41/255.0.0.0 IFACE=rmnet0 HWADDR=00:00:00:00:00:00
Sun May 7 13:42:27 2017 us=115656 ERROR: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Sun May 7 13:42:27 2017 us=115839 Exiting due to fatal error
[nemo@Sailfish CyberGhost]$ ls -la /dev/net
total 0
drwxr-xr-x 2 root root 60 Jan 1 1970 .
drwxr-xr-x 16 root root 6220 May 7 03:58 ..
crw-rw---- 1 system vpn 10, 200 May 7 03:45 tun
Unless if you try as root user the connection from command line will establish!
Has my /dev/net/tun file permission (chmod 640) correct values?
My tun file is chmod 660 with a working connection. Don't know if that is correct though.
eson ( 2017-05-07 16:40:58 +0200 )editI can confirm the same as @DarkWite with proxy.sh. Running `openvpn /path/to/file.ovpn as nemo will fail (and my IP is not changed), while running it as root works (and result on an IP check website is different). Is there any risk to run this as root? I guess I'll just chmod /dev/net/tun if this works.
Also, I'm prompted to enter my credentials when running the command from the terminal, but not from the GUI in 2.1.1.24.
Kabouik ( 2017-07-31 05:03:17 +0200 )editSailfish OS: Mer release 0.2011 (Mer) BUILD: Jolla-2.0.2.43-l500d-eu-armv7hl
I could established openvpn connection as user nemo using sudo openvpn /path/to/file.ovpn. My tun file permission is 660.
# stat -c "%a %n" /dev/net/tun 660 /dev/net/tun. If I run openvpn /path/to/file.ovpn without sudo then I get ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1).
I've also got the same error if I changed file permission of /dev/net/tun to chmod 777.
Corvinux ( 2017-08-11 15:33:16 +0200 )edit