Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8347] audit: op="connection-activate" uuid="7fb70da3-8aab-49fd-8432-f5bebe36459b" name="VPN 1" pid=9846 uid=1000 result="success"
Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8412] vpn-connection[0x5621d4eac4d0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: Started the VPN service, PID 10582
Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8503] vpn-connection[0x5621d4eac4d0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: Saw the service appear; activating connection
Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8541] vpn-connection[0x5621d4eac4d0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
Oct 11 20:23:38 localhost.localdomain audit[10587]: AVC avc: denied { execute } for pid=10587 comm="sh" name="ifconfig" dev="dm-0" ino=2637124 scontext=system_u:system_r:NetworkManager_ssh_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0
Oct 11 20:23:38 localhost.localdomain audit[10587]: AVC avc: denied { getattr } for pid=10587 comm="sh" path="/usr/sbin/ifconfig" dev="dm-0" ino=2637124 scontext=system_u:system_r:NetworkManager_ssh_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0
Oct 11 20:23:38 localhost.localdomain audit[10587]: AVC avc: denied { getattr } for pid=10587 comm="sh" path="/usr/sbin/ifconfig" dev="dm-0" ino=2637124 scontext=system_u:system_r:NetworkManager_ssh_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0
Oct 11 20:23:38 localhost.localdomain audit[10588]: AVC avc: denied { execute_no_trans } for pid=10588 comm="nm-ssh-service" path="/usr/bin/ssh" dev="dm-0" ino=2629201 scontext=system_u:system_r:NetworkManager_ssh_t:s0 tcontext=system_u:object_r:ssh_exec_t:s0 tclass=file permissive=0
Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8583] vpn-connection[0x5621d4eac4d0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: VPN connection: failed to connect: 'Failed to spawn child process “/usr/bin/ssh” (Permission denied)'
Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8599] vpn-connection[0x5621d4eac4d0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: VPN plugin: state changed: stopped (6)
I can ssh as root into the remote
I am using "Key Authentication".
If I set "SSH Agent" I get a different error:
Oct 11 20:25:20 localhost.localdomain NetworkManager[1184]: [1570821920.6207] vpn-connection[0x5621d4eac2c0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: final secrets request failed to provide sufficient secrets
It seems that I have selinux error around /usr/bin/ssh.
The remote is running CentOS 7.
After disabling selinux to permissive (locally), it works.
Here is F30 bugreport
https://bugzilla.redhat.com/show_bug.cgi?id=1761071
As a side question: is it possible to see all the command issued? There is a good example in the homepage, but I don't think it is complete.
According to the downstream report linked above, it seems to have been fixed, so this ticket should be closed?
danfruehauf
