Nordvpn-bin and steamclient

relefat · 8 November 2023 12:50

I have installed the AUR package nordvpn-bin, when connected to any VPN server I have noticed that Steam client is persistently showing “Error Code: -7 Unable to connect to server. Server may be offline or you may not be connected to the internet.”
I can access steam website through my browser, pinging steamcommunity and steampowered results in no packages lost while VPN is on (so no IP block there).
What is even stranger, spamming the steam (Runtime) icon to restart steam (while steam itself is still running) seems to temporarily fix the issue and Steam client is managing a connection. this however fails at some point within a minute or so.

Tried disabling ip6 in dhcpcd.conf, did not fix the issue.

At this point I am unsure if it is an issue with nordvpn or Steam but Steam client runs just fine if I am not connected to VPN.

I’m using Cloudflare DNS 1.1.1.1 and 1.0.0.1 while connected to NordVPN

Mirdarthos · 8 November 2023 12:59

Hi @relefat, and welcome!

Please provide the output of:

route

…as below, both when disconnected as well as when connected to the VPN.

Providing terminal output

Tip:

When posting terminal output, copy the output and paste it here, wrapped in three (3) backticks, before AND after the pasted text. Like this:

```
pasted text
```

Or three (3) tilde signs, like this:

~~~
pasted text
~~~

This will just cause it to be rendered like this:

Sed
sollicitudin dolor
eget nisl elit id
condimentum
arcu erat varius
cursus sem quis eros.

Instead of like this:

Sed sollicitudin dolor eget nisl elit id condimentum arcu erat varius cursus sem quis eros.

Alternatively, paste the text you wish to format as terminal output, select all pasted text, and click the </> button on the taskbar. This will indent the whole pasted section with one TAB, causing it to render the same way as described above.

Thereby increasing legibility thus making it easier for those trying to provide assistance.

For more information, please see:

Additionally

If your language isn’t English, please prepend any and all terminal commands with LC_ALL=C. For example:

LC_ALL=C bluetoothctl

This will just cause the terminal output to be in English, making it easier to understand and debug.

Also, please see below:

Please also note and heed: Forum Rules - Manjaro

Hope you manage!

Tip:

To provide terminal output, copy the text you wish to share, and paste it here, surrounded by three (3) backticks, a.k.a grave accents. Like this:

```
pasted text
```

Or three (3) tilde signs, like this:

~~~
pasted text
~~~

This will just cause it to be rendered like this:

Portaest sed
elementum
cursus nisl nisi
hendrerit ac quis
sit
adipiscing
tortor sit leo commodo.

Instead of like this:

Portaest sed elementum cursus nisl nisi hendrerit ac quis sit adipiscing tortor sit leo commodo.

Alternatively, paste the text you wish to format as terminal output, select all pasted text, and click the </> button on the taskbar. This will indent the whole pasted section with one TAB, causing it to render the same way as described above.

Thereby improving legibility and making it much easier for those trying to be of assistance.

Additionally

If your language isn’t English, please prepend any and all terminal commands with LC_ALL=C. For example:

LC_ALL=C bluetoothctl

This will just cause the terminal output to be in English, making it easier to understand and debug.

While it might not be me providing assistance, this information would also assist the reest of the people trying to help.

Hope you manage!

relefat · 8 November 2023 13:16

No VPN:

Dst             Gateway         Prefsrc         Protocol Scope   Dev              Table
default         192.168.0.1     192.168.0.4     dhcp             enp0s31f6        
default         192.168.0.1     192.168.0.4     dhcp             enp0s31f6        
192.0.0.0/8                     192.168.0.4     kernel   link    enp0s31f6        
192.0.0.0/8                     192.168.0.4     dhcp     link    enp0s31f6        
127.0.0.0/8                     127.0.0.1       kernel   host    lo               local
127.0.0.1                       127.0.0.1       kernel   host    lo               local
127.255.255.255                 127.0.0.1       kernel   link    lo               local
192.168.0.4                     192.168.0.4     kernel   host    enp0s31f6        local
192.255.255.255                 192.168.0.4     kernel   link    enp0s31f6        local

VPN on:

Dst             Gateway         Prefsrc         Protocol Scope   Dev              Table
default                                                  link    nordlynx         205
default         192.168.0.1     192.168.0.4     dhcp             enp0s31f6        
default         192.168.0.1     192.168.0.4     dhcp             enp0s31f6        
192.0.0.0/8                     192.168.0.4     kernel   link    enp0s31f6        
192.0.0.0/8                     192.168.0.4     dhcp     link    enp0s31f6        
10.5.0.2                        10.5.0.2        kernel   host    nordlynx         local
127.0.0.0/8                     127.0.0.1       kernel   host    lo               local
127.0.0.1                       127.0.0.1       kernel   host    lo               local
127.255.255.255                 127.0.0.1       kernel   link    lo               local
192.168.0.4                     192.168.0.4     kernel   host    enp0s31f6        local
192.255.255.255                 192.168.0.4     kernel   link    enp0s31f6        local

Mirdarthos · 8 November 2023 13:26

I do not have the faintest idea how to fix it, so perhaps someone else can help. but just as I thought, at least to me, it looks like your routing table is out-of-wack.

Perhaps this can give you a better clue as to how to set it up:

https://wiki.archlinux.org/title/NordVPN

I don’t know if I should do this or not, so let me take a chance. I believe @linux-aarhus has, or had Nord VPN.

relefat · 8 November 2023 13:29

I have also noticed that NordVPN changes resolv.conf to whatever DNS I have set, but on disconnect Network manager does not revert resolv.conf to what it was, but to

nameserver 192.168.0.1
nameserver fe80::1%enp0s31f6

relefat · 8 November 2023 13:38

hmm I had accidentally ran routel instead of route!
this is what route shows:
no VPN:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         dsldevice.lan   0.0.0.0         UG    100    0        0 enp0s31f6
default         dsldevice.lan   0.0.0.0         UG    1002   0        0 enp0s31f6
192.0.0.0       0.0.0.0         255.0.0.0       U     100    0        0 enp0s31f6
192.0.0.0       0.0.0.0         255.0.0.0       U     1002   0        0 enp0s31f6

with VPN on, it is just empty, that is the command hangs until I ctrl+c it.

If I run route -n, I get:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    1002   0        0 enp0s31f6
0.0.0.0         192.168.0.1     0.0.0.0         UG    20100  0        0 enp0s31f6
192.0.0.0       0.0.0.0         255.0.0.0       U     100    0        0 enp0s31f6
192.0.0.0       0.0.0.0         255.0.0.0       U     1002   0        0 enp0s31f6

Mirdarthos · 8 November 2023 13:49

Hmmm, it is weird/not right that the command hangs with the VPN connected…

Try the following:

ip route

…both with the VPN connected and not, the same as before.

relefat · 8 November 2023 13:53

both with VPN on and off I get the same:

default via 192.168.0.1 dev enp0s31f6 proto dhcp src 192.168.0.4 metric 1002 
default via 192.168.0.1 dev enp0s31f6 proto dhcp src 192.168.0.4 metric 20100 
192.0.0.0/8 dev enp0s31f6 proto kernel scope link src 192.168.0.4 metric 100 
192.0.0.0/8 dev enp0s31f6 proto dhcp scope link src 192.168.0.4 metric 1002

Mirdarthos · 8 November 2023 14:02

If you get the same both times it means your traffic isn’t being routed through the VPN when it’s connected. But let’s confirm it with a last test:

Run, and return the output of, the following both with and without the VPN being connected, same as before:

dig +short txt ch whoami.cloudflare @1.0.0.1

This will just give the public-facing IP address, which should be different when using to the VPN than not.

linux-aarhus · 8 November 2023 14:03

That is a known issue - discovered long time ago and documented more than 2 years ago - the following topic is from September 2021.

[root tip] [How To] NordVPN on Manjaro

TLDR:

sudo pacman -R openresolv
sudo systemctl enable --now systemd-resolved
sudo mv /etc/resolv.conf /etc/resolv.conf.bak
sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Mirdarthos · 8 November 2023 14:04

Can see I don’t use it.

relefat · 8 November 2023 14:18

I definitely get a different IP address when connected to the VPN.

As a matter of fact, I believe this problem began when I hadn’t used Manjaro for like 3 months, after I booted up and updated what had to be, this is when the problem appeared (at least if memory serves me right because I do not recall having this issue prior to the mass-update) Bulk update is never a good idea I guess.

Anyway, after removing resolv.conf, still no luck. I think that resolv.conf.bak had wrong DNS as well so if that command replaces resolv.conf with resolv.conf.bak, then essentially it does nothing.

how do I revert it back as now it is a symlink and I cannot edit it?

Mirdarthos · 8 November 2023 14:32

You should always stay updated with Manjaro. I susspect it’s what you consider “bulk update” is a normal update for Manjaro, and perhaps something changed so that the Nord VPN client doesn’t work like it did…

Anyway, the link provided by @linux-aarhus should sort you:

relefat · 8 November 2023 14:38

welp, I did run the commands but now I get 192.168.0.1 as DNS servers
I want to edit resolv.conf but can’t since it is a symlink now.


Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
  Current DNS Server: 192.168.0.1
         DNS Servers: 192.168.0.1
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google

Link 2 (enp0s31f6)
    Current Scopes: DNS LLMNR/IPv4 mDNS/IPv4
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
       DNS Servers: 192.168.0.1

Link 3 (wlp4s0)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 10 (nordlynx)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported
Current DNS Server: 1.0.0.1
       DNS Servers: 1.0.0.1 1.1.1.1
        DNS Domain: ~.

Besides, the problem with Steam persists.

relefat · 8 November 2023 16:02

Right, so after I restarted the PC, I am fairly confident the problem is gone. I had to also disable IP6, not sure if this contributed but I got a lot of errors when running journalctl -xeu NetworkManager.service prior to disabling IP6. I think NordVPN just does not support IP6, so there’s that. Anyway, thanks for the help, I am marking the problem as solved!

relefat · 8 November 2023 16:28

One problem persists which is when I use NordVPN recommended DNS servers 103.86.96.100 103.86.99.100, google-dot-com does not work and when I ping google-dot-com it goes to 192.0.0.88…
What is even stranger, when I run:

nslookup google.com

I get:

Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   google.com
Address: 192.0.0.88
Name:   google.com
Address: 2a00:1450:4009:820::200e

Why is the DNS server showing as 127.0.0.53?

EDIT: aaaand the issue with Steam is back…

there is obviously something that happens when connecting or disconnecting to the VPN which messes up the system in a very specific way but I am not sure what. Another symptom is I sometimes get notification messages in the tray saying limited connectivity (though still having internet access)

bedna · 8 November 2023 16:48

This is what you get when you use DoH config for pihole. Is this a DoH problem maybe?
I won’t intervene, there are ppl way better at this than me in this thread, but the port 53 made me react.

relefat · 8 November 2023 17:00

I think it has more to do the way systemd-resolved works. But then again, I have a laptop running Ubuntu 22.04, using NordDNS on it I can open Google-com without issues.
running nslookup google.com I still get the same result as on Manjaro however, with the same weird IP 192.0.0.88
I am honestly baffled.

soundofthunder · 8 November 2023 23:14

The general consensus seems to be to reinstall the Steam client:

Internet searches reveal there have been random discussions on this topic for many years. I doubt there is much more that the Manjaro community can add.

Additionally, I seem to recall reading that Steam discourages the use of a VPN. Perhaps that’s a point worth consideration.

relefat · 8 November 2023 23:28

i’ve delved into things I do not understand completely and I somehow managed to shaft my internet connection.
Is there a way I can restore the configurations to default?
What is happening right now is every time after reboot I have internet connection for 2 minutes, it appears that after systemd-networkd-wait-online.service kicks in 2 minutes after the OS starts, the internet connection completely disappears.
I have tried resetting the ip tables
I think the issue has something to do with the symlinks
I do not know how to revert the configuration back to the original.
I even went as far as deleting systemd, dhcpcd and networkmanager, then reinstalling them through chroot from a live usb.
Please help.
I just dont understand why it is so hard to revert the configs back to their default. I can literally brick my entire OS but cannot edit some config files manually.

To be perfectly honest, there isn’t really a lot that I changed, I remember deleting the resolv.conf and stub-resolv.conf files in /etc and in /run/systemd/resolve/ and the symlinks but they reappread anyway after I reinstalled systemd-resolved.

Prior to that I ran this command:

rm -f /etc/resolv.conf
ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

I think I somehow made two separate symlinks for resolv.conf and stub-resolv.conf?

Currently when I open resolve.conf, it redirects to /run/systemd/resolve/resolv.conf which is managed by systemd-resolved and the content is

nameserver 192.168.0.1
search .