On Dec 21, 2021, at 14:03, Kevin Becker <kevin(a)kevinbecker.org> wrote:
Probably selinux. I have these notes for configuring a commercial VPN provider to work.
sudo ausearch -c 'openvpn' --raw | audit2allow -M my-openvpn
sudo semodule -X 300 -i my-openvpn.pp
Ack! That’s not good advice. That’s basically saying: “whatever broken settings you have
currently, let it be allowed” blindly. Is it set so open on can read all files on your
file system now? Who knows! Maybe now it’s allowed to sniff your network traffic? You
can’t tell! It is the selinux equivalent of just “chmod 777” you see people suggest for
file permission problems.
The appropriate first step is to use “restorecon” to relabel the files in /etc. Most
likely that would have fixed it.
The “audit2why” command might have mentioned a selinux Boolean or missing setting.
--
Jonathan Billings