[openvpn] 2.5.0 has some connection regressions

Can post log(s) at verb 4?

Not sure what you mean with “verb 4”.

Here the relevant log entries (anonymized) from NetworkManager:

Okt 30 15:51:32 T14s nm-openvpn[37480]: TUN/TAP device tun0 opened
Okt 30 15:51:32 T14s nm-openvpn[37480]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 37473 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_12 --tun -- tun0 1500 1552 x.x.x.x 255.255.255.0 init
Okt 30 15:51:32 T14s NetworkManager[671]: <info>  [1604069492.9975] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/13)
Okt 30 15:51:33 T14s NetworkManager[671]: <info>  [1604069493.0108] vpn-connection[0x5601eded40e0,ac4b75f6-cef5-4e06-b4ab-832d42ee9436,"VPN Connection",0]: VPN connection: (IP Config Get) reply received.
Okt 30 15:51:33 T14s NetworkManager[671]: <info>  [1604069493.0138] vpn-connection[0x5601eded40e0,ac4b75f6-cef5-4e06-b4ab-832d42ee9436,"VPN Connection",12:(tun0)]: VPN connection: (IP4 Config Get) reply received
Okt 30 15:51:33 T14s NetworkManager[671]: <info>  [1604069493.0159] vpn-connection[0x5601eded40e0,ac4b75f6-cef5-4e06-b4ab-832d42ee9436,"VPN Connection",12:(tun0)]: VPN connection: (IP6 Config Get) reply received
Okt 30 15:51:33 T14s NetworkManager[671]: <warn>  [1604069493.0160] vpn-connection[0x5601eded40e0,ac4b75f6-cef5-4e06-b4ab-832d42ee9436,"VPN Connection",12:(tun0)]: invalid IP6 config received!
Okt 30 15:51:33 T14s NetworkManager[671]: <warn>  [1604069493.0162] vpn-connection[0x5601eded40e0,ac4b75f6-cef5-4e06-b4ab-832d42ee9436,"VPN Connection",12:(tun0)]: VPN connection: did not receive valid IP config information
Okt 30 15:51:33 T14s nm-openvpn[37480]: GID set to nm-openvpn
Okt 30 15:51:33 T14s nm-openvpn[37480]: UID set to nm-openvpn
Okt 30 15:51:33 T14s nm-openvpn[37480]: Initialization Sequence Completed
Okt 30 15:51:33 T14s NetworkManager[671]: <info>  [1604069493.0195] vpn-connection[0x5601eded40e0,ac4b75f6-cef5-4e06-b4ab-832d42ee9436,"VPN Connection",0]: VPN plugin: state changed: started (4)
Okt 30 15:51:33 T14s nm-openvpn[37480]: event_wait : Interrupted system call (code=4)
Okt 30 15:51:33 T14s nm-openvpn[37480]: net_addr_v4_del: x.x.x.x dev tun0
Okt 30 15:51:33 T14s nm-openvpn[37480]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Okt 30 15:51:33 T14s nm-openvpn[37480]: Linux can't del IP from iface tun0
Okt 30 15:51:33 T14s NetworkManager[671]: <info>  [1604069493.0248] vpn-connection[0x5601eded40e0,ac4b75f6-cef5-4e06-b4ab-832d42ee9436,"VPN Connection",0]: VPN plugin: state changed: stopping (5)
Okt 30 15:51:33 T14s NetworkManager[671]: <info>  [1604069493.0249] vpn-connection[0x5601eded40e0,ac4b75f6-cef5-4e06-b4ab-832d42ee9436,"VPN Connection",0]: VPN plugin: state changed: stopped (6)
Okt 30 15:51:33 T14s nm-openvpn[37480]: SIGTERM[hard,] received, process exiting

Did you reboot? I always have to reboot for VPN to work after an update.

Yeah me too. I did reboot though.

Is it still working ok for you?

Maybe check with 2.4.9 again, to see on which point it fails. This is what I see:

Okt 30 15:51:33 T14s nm-openvpn[37480]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Okt 30 15:51:33 T14s nm-openvpn[37480]: Linux can’t del IP from iface tun0

1 Like

Yes, the OpenVPN client 2.5.0-1 is working for me using my server.

Seems there is something wrong getting the IP config settings.

After VPN connection: (IP4 Config Get) reply received it’s different.

Since it is working for @mithrial I assume it is some config issue / incompatibility at my VPN provider side.
I’ll see and play around with some settings and check with the provider.

Working_Log
Okt 30 16:21:59 T14s nm-openvpn[11026]: TUN/TAP device tun0 opened
Okt 30 16:21:59 T14s nm-openvpn[11026]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 11018 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_9 --tun -- tun0 1500 1552 x.x.x.x 255.255.255.0 init
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8701] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/12)
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8822] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",0]: VPN connection: (IP Config Get) reply received.
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8836] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: VPN connection: (IP4 Config Get) reply received
Okt 30 16:21:59 T14s nm-openvpn[11026]: GID set to nm-openvpn
Okt 30 16:21:59 T14s nm-openvpn[11026]: UID set to nm-openvpn
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8843] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data: VPN Gateway: x.x.x.x
Okt 30 16:21:59 T14s nm-openvpn[11026]: Initialization Sequence Completed
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8844] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data: Tunnel Device: "tun0"
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8844] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data: IPv4 configuration:
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8844] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data:   Internal Gateway: x.x.x.x
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8845] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data:   Internal Address: x.x.x.x
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8845] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data:   Internal Prefix: 24
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8845] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data:   Internal Point-to-Point Address: x.x.x.x
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8845] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data:   Static Route: 0.0.0.0/0   Next Hop: x.x.x.x
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8845] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data:   Static Route: x.x.x.x/32   Next Hop: 0.0.0.0
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8846] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data:   Static Route: x.x.x.x/24   Next Hop: 0.0.0.0
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8846] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data:   Internal DNS: x.x.x.x
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8846] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data:   DNS Domain: '(none)'
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8846] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: Data: No IPv6 configuration
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8847] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: VPN plugin: state changed: started (4)
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8914] vpn-connection[0x55980e1d8330,8941fede-bb8f-43da-b66e-f6eb6f72e2bc,"openvpn",11:(tun0)]: VPN connection: (IP Config Get) complete
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8938] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8973] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.8986] device (tun0): Activation: starting connection 'tun0' (c91bcf15-fd29-486c-8cfb-c72ed3ff3606)
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.9051] policy: set 'openvpn' (tun0) as default for IPv4 routing and DNS
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.9093] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.9097] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.9105] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.9106] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.9145] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.9147] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Okt 30 16:21:59 T14s NetworkManager[707]: <info>  [1604071319.9155] device (tun0): Activation: successful, device activated.

thanks,
MO

I’m on the stable branch using openvpn 2.4.9-2 and I’ve not been able to use it for about 4 weeks now.
It asks for a password repeatedly.

Errors in the journal just say it failed.

I’ve simply switched to wireguard, if that’s an option.

I’ve had that issue too in the past. No clue what caused it in the first place.
I think I’ve just deleted and set up the connection again and then it was working again.

Yup, I tried that. I tried to re-install openvpn and changed kernels but nothing helped.

Who’s your vpn client? I’m using a gui to configure nordvpn in openvpn and its working in latest 2.5.0-1

I’d rather not say, but it’s entirely possible they will fix the problem eventually if it’s on their end.

It’s definitely an issue with my (former :laughing:) VPN provider.

NordVPN is working ok. I guess I’ll switch to that one instead and use wireguard then. I guess that’s lower on resources compared to openvpn from what I’ve heared?

Wireguard feels so much lighter and snappier than openvpn it’s actually a joke.

1 Like

To see if it works without Network Manager and to see a log that I’m familiar with, add

log /etc/openvpn/client/connect1.log
verb 4

to the configuration file from the provider.

Lets say the name of the configuration file is connect1.conf.
Place it in,

/etc/openvpn/client/

Start with,

systemctl start openvpn-client@connect1

Wait a bit.

cat /etc/openvpn/client/connect1.log

That works indeed. Interesting.
Maybe it’s some issue with the NetworkManager plugin in combination with the new openvpn. Weird that it is working with NordVPN though.

Year NordVPN is using wireguard, so it’s not using openvpn at all.

I also have issues getting my openvpn config to connect using networkmanager 1.26.4.

Nope, only when you use their client software and explicitly set it to wireguard. However i configured it with openvpn in networkmanager.

Not sure if your problem is the same, but my openvpn links stopped working with the 2.5.0 client upgrade. The problem for me was 2.5.0 apparently isn’t configured to use BF-CBC as a defalt cipher anymore. Specifying a cipher under Advanced->Security, rather than leaving it as “default” got it working again.