I have been trying to use OpenVPN to connect to my work network. Using it via the command line works fine:
openvpn user.conf
I haven't bothered to set it up with DNS properly though, and it looks to be a bit of a pain. I'd much rather use it through the network manager like my other VPNs. The problem is this: I store my user.crt, along with ca.crt and user.key in ~/.openvpn/ (which seems like a reasonable place to keep such things. When I try to connect via NetworkManager, it just tells me that the connection has failed. Inspection of /var/logs/messages reveals the reason: SELinux is enforcing some policy somewhere that stops openvpn from reading my certificates. I tried following all the instructions given by the SELinux troubleshooter, but to no avail.
I then, foolishly indeed deleted the openvpn policy from my SELinux config (using the SELinux Management gui, available from the fedora repos). All sorts of hell broke loose (it wouldn't even let it bind a named port anymore).
The problem was pretty urgent, so I've ended up just disabling SELinux for the session (everything works fine with that out of the way). But I'll have to turn it back on again at some point, so my question is this:
How can I first restore my original policy file for openvpn in SELinux, and then second grant openvpn access to certificates in my home directory?
I have also tried the SE Policy Generator tool, but to no apparent avail (it gets stuck on the dialogue where I give the policy a name).
