Can't activate VPN for whatever reason

If you run

journalctl -fu NetworkManager

in a terminal and watch the output as you try to connect to the VPN it should give a little more information about what’s going on.

(Also, make sure you have networkmanager-openvpn installed)

The conf file specifies the filename and location of the vpn-key. Is it there?

Well, there is a bunch of information but I am not sure what is useful for you. Sadly I don’t understand anything of it.

Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.2749] audit: op="connection-activate" uuid="b12cf178-3340-40d3-80f0-4c530c5046e0" name="openvpn" pid=21693 uid=1000 result="success"
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.2848] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",0]: Started the VPN service, PID 21733
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.2930] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",0]: Saw the service appear; activating connection
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.2983] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",0]: VPN plugin: state changed: starting (3)
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.2984] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",0]: VPN connection: (ConnectInteractive) reply received
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: WARNING: file '/home/amr0d/Downloads/openvpn-package/vpn-key' is group or others accessible
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: library versions: OpenSSL 1.1.1a  20 Nov 2018, LZO 2.10
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: TUN/TAP device tap0 opened
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 21733 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_15 --tap -- tap0 1500 1577 172.16.0.2 255.255.255.252 init
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3078] manager: (tap0): new Tun device (/org/freedesktop/NetworkManager/Devices/17)
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3227] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",0]: VPN connection: (IP Config Get) reply received.
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3246] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: VPN connection: (IP4 Config Get) reply received
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3251] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: Data: VPN Gateway: (server IP was here)
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3251] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: Data: Tunnel Device: "tap0"
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3251] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: Data: IPv4 configuration:
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3251] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: Data:   Internal Address: 172.16.0.2
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3251] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: Data:   Internal Prefix: 30
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3252] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: Data:   Internal Point-to-Point Address: 172.16.0.2
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3252] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: Data:   Static Route: 0.0.0.0/0   Next Hop: 0.0.0.0
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3252] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: Data:   Static Route: 172.16.0.0/30   Next Hop: 0.0.0.0
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3252] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: Data:   DNS Domain: '(none)'
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: TCP/UDP: Preserving recently used remote address: [AF_INET](server IP was here):1194
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3252] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: Data: No IPv6 configuration
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: --mtu-disc is not supported on this OS
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3253] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: VPN plugin: state changed: started (4)
Dez 18 00:01:36 amr0d-pc nm-openvpn[21736]: Exiting due to fatal error
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <warn>  [1545087696.3280] platform-linux: do-add-ip4-address[16: 172.16.0.2/30]: failure 19 (Kein passendes Gerät gefunden)
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3285] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: VPN connection: (IP Config Get) complete
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3366] policy: set 'openvpn' (tap0) as default for IPv4 routing and DNS
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <warn>  [1545087696.3523] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: VPN plugin: failed: connect-failed (1)
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3524] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: VPN plugin: state changed: stopping (5)
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3525] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",16:(tap0)]: VPN plugin: state changed: stopped (6)
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3589] policy: set 'Kabelgebundene Verbindung 1' (enp2s0f0) as default for IPv4 routing and DNS
Dez 18 00:01:36 amr0d-pc NetworkManager[457]: <info>  [1545087696.3603] vpn-connection[0x56513ca2e700,b12cf178-3340-40d3-80f0-4c530c5046e0,"openvpn",0]: VPN service disappeared


1 Like

This looks like the relevant line…

To Google Translate!

Hmm. Do you have the tun device available?

$ lsmod | grep tun
tun                    45056  2

Yes, although it has a 0 instead of a 2 at the end.

tun                    45056  0

Ah. tap mode shouldn’t be needed unless you want your client machine to appear on the same network as the host (which isn’t normally what you want).

Check your VPN settings manually to disable TAP mode or switch to TUN mode:

I changed the checkbox from checked with TAP to checked with TUN and unchecked like on your picture but nothing changed.

Does the journalctl output still mention tap0 ?

Sorry, my bad. That has indeed changed to tun0

I think the problem is this line. Normally the option --mtu-disc is supported on Linux but only if the protocol (udp4/udp6/…) is known.

https://community.openvpn.net/openvpn/ticket/909

It might be a good idea to disable --mtu-disc . You can find this option in VPN -> Advanced -> Misc . You can try to disable “Path mtu discovery” or choose “No”.

2 Likes

That helped being able to activate the VPN. Although I have no Internet after activating the VPN but I am already one step closer :smiley: Now I have to find out why I dont’t have Internet.

First check again the journal. Disconnect then start in a Terminal

sudo journalctl -fu NetworkManager

and reconnect your VPN. Maybe you will see this time some other error.

You can also test

ping -c3 8.8.8.8

and

ping -c3 google.com

If the first one works, check your DNS settings. cat /etc/resolv.conf

1 Like

This time I just got only 4 errors which are at the end of the journalctl output and are occuring after I am connected for a few seconds.

Dez 18 22:26:26 amr0d-pc nm-openvpn[4827]: WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
Dez 18 22:26:26 amr0d-pc nm-openvpn[4827]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1545', remote='link-mtu 1577'
Dez 18 22:26:26 amr0d-pc nm-openvpn[4827]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Dez 18 22:26:26 amr0d-pc nm-openvpn[4827]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 172.16.0.2 255.255.255.252', remote='ifconfig 172.16.0.0 255.255.255.252'
1 Like

This warnings are not that important. You might want go back to a tap device. But the other warnings can be ignored. The IP/Route config and the DNS config are more important for you to look into.

2 Likes

I actually did test it with tap and didn’t get the warnings I posted earlier. My IPv4, DNS and Route settings are by default set to “Automatic”

The Openvpn server sends the IP/Route and often a DNS config to your Openvpn client. The client and NM will apply these to your system.

Please try first the ping commands form above. Does no one work or only one of them? If one works, which one.

These commands also might help to find the problem.

ip a s
ip r

and

ip r g 8.8.8.8

and the dns settings in

cat /etc/resolv.conf

The ping didn’t work. With tap I get 3 errors and 100% packet loss which are 3x Destination Host Unreachable. With tun I get 100% packet loss and no pings at all.

I tried the other commands but not sure how to interpret them.

May I ask what I should look for? I can of course copy/paste everything but I really would like to understand some of the things you trying to help me with. Oh and thank you for being so patient with me.

The first command shows your IP config for all devices. The next two commands show the route config and which route a connection to 8.8.8.8 would go. The last one shows which DNS server your system would use.

This means the IP/Route config your are getting form the Openvpn server does not work/is wrong or your Openvpn server can not forward the packages to the internet.
At this point, I normally would suggest you connecting your VPN provider and asking for help. But in your first post, you write you are using a self hosted server. I suggest you start debugging the server and client.

1 Like

Have you tried using other VPN services? Basically, I’ve never faced such a problem but maybe it’s the key. At least there’s no harm in checking this aspect. You can read reviews on different VPN clients and pick any. Test it and after this, we’ll consider what to do next.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by