Manual .ovpn settings trouble with VPN -> tun/tap permission denied as nemo

asked 2017-05-07 14:37:35 +0300

DarkWhite gravatar image

updated 2017-08-20 16:12:56 +0300

Hi, I interested to try beta VPN with my CyberGhost Premium VPN service provider. I have Jolla phone with 2.0.1.11. First I tried to establish a connection with Settings VPN UI but my try immediately failed. Did manually set cert, client, key and ovpn paths to correct locations. I do have username and password configuration which does not work from UI. Nevertheless what settings I change, "ask password if needed" / "read from file", I don't get a credentials prompt.

So I looked what happens under the openvpn hood. Here is openvpn command line as a regular nemo user:

openvpn --config path to .ovpn file username: password:

Sun May  7 13:42:26 2017 us=861415 SENT CONTROL [CyberGhost VPN Server Bucharest-S14-I02]: 'PUSH_REQUEST' (status=1)
    Sun May  7 13:42:27 2017 us=111902 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 185.156.172.178,dhcp-option DNS 185.93.180.131,dhcp-option DNS 83.143.245.42,comp-lzo yes,route 10.130.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.130.0.110 10.130.0.109'
    Sun May  7 13:42:27 2017 us=112909 OPTIONS IMPORT: timers and/or timeouts modified
    Sun May  7 13:42:27 2017 us=113123 OPTIONS IMPORT: LZO parms modified
    Sun May  7 13:42:27 2017 us=113337 OPTIONS IMPORT: --ifconfig/up options modified
    Sun May  7 13:42:27 2017 us=113520 OPTIONS IMPORT: route options modified
    Sun May  7 13:42:27 2017 us=113733 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Sun May  7 13:42:27 2017 us=115107 ROUTE_GATEWAY 10.24.214.41/255.0.0.0 IFACE=rmnet0 HWADDR=00:00:00:00:00:00
    Sun May  7 13:42:27 2017 us=115656 ERROR: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
    Sun May  7 13:42:27 2017 us=115839 Exiting due to fatal error
    [nemo@Sailfish CyberGhost]$ ls -la /dev/net
    total 0
    drwxr-xr-x  2 root   root      60 Jan  1  1970 .
    drwxr-xr-x 16 root   root    6220 May  7 03:58 ..
    crw-rw----  1 system vpn  10, 200 May  7 03:45 tun

Unless if you try as root user the connection from command line will establish!

Has my /dev/net/tun file permission (chmod 640) correct values?

edit retag flag offensive close delete

Comments

My tun file is chmod 660 with a working connection. Don't know if that is correct though.

eson ( 2017-05-07 16:40:58 +0300 )edit

I can confirm the same as @DarkWite with proxy.sh. Running `openvpn /path/to/file.ovpn as nemo will fail (and my IP is not changed), while running it as root works (and result on an IP check website is different). Is there any risk to run this as root? I guess I'll just chmod /dev/net/tun if this works.

Also, I'm prompted to enter my credentials when running the command from the terminal, but not from the GUI in 2.1.1.24.

Kabouik ( 2017-07-31 05:03:17 +0300 )edit

Sailfish OS: Mer release 0.2011 (Mer) BUILD: Jolla-2.0.2.43-l500d-eu-armv7hl

I could established openvpn connection as user nemo using sudo openvpn /path/to/file.ovpn. My tun file permission is 660.

# stat -c "%a %n" /dev/net/tun 660 /dev/net/tun. If I run openvpn /path/to/file.ovpn without sudo then I get ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1).

I've also got the same error if I changed file permission of /dev/net/tun to chmod 777.

Corvinux ( 2017-08-11 15:33:16 +0300 )edit