Configure OpenVPN on Fedora

Configuring OpenVPN on Fedora is supposedly straightforward. If you have the configuration file and certificates, easily import it using the Network Manager and provide the necessary credentials.

However, when I tried connecting, I got an error: Connection failed. Activation of network connection failed.

System logs showed some interesting entries:

nm-openvpn[5715]: OpenSSL: error:0200100D:system library:fopen:Permission denied
nm-openvpn[5715]: OpenSSL: error:2006D002:BIO routines:BIO_new_file:system lib
nm-openvpn[5715]: OpenSSL: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
nm-openvpn[5715]: Cannot load certificate file /home/user/openvpn-config/openvpn-user.crt
nm-openvpn[5715]: Exiting due to fatal error

As it seems that there was a permissions issue, the initial reaction was to set the certificate file permission to 644. However, the issue still persisted, with the same errors in the logs.

It seems that SELinux expects the certificates to be in a particular directory, i.e. ~/.cert and it prevents OpenVPN to access certificates outside of that directory. This is a typical behavior of Red Hat derivatives (Fedora, Centos, RHEL) with SELinux enabled by default.

So to fix, create a .cert folder in the home directory.

$ mkdir ~/.cert

Copy OpenVPN configuration file and certificates to ~/.cert directory and run restorecon to modify the labels and allow OpenVPN to have access.

$ restorecon -R -v ~/.cert

I tried to add the VPN again, and this time it was able to connect successfully.