I’ve been going through a saga trying to get ProtonVPN working on my Manjaro installation. The starting point of my installation is the minimal Manjaro i3 install. I make mostly cosmetic modifications to this, for the purposes of this conversation the biggest difference may be that I completely replace the deafult i3 config with my own.
I am experiencing a problem in which the CLI utility that opens the connection hangs when trying to establish it. NetworkManager logs reveal the following:
<error> vpn-connection[-----]: Failed to request VPN secrets #3: No agents were available for this request.
Now, the way that ProtonVPN works is that it stashes a bunch of password in gnome-keyring during an initialization step. Then, when establishing a connection, it fetches a password. I have confirmed that gnome-keyring is working properly on my installation and that ProtonVPN has successfully stashed its passwords, both because I can fetch them with secret-tool and because I can see them in the seahorse GUI front-end for gnome-keyring
This leads me to speculate that, while I am able to fetch the passwords as my user, for whatever reason NetworkManager cannot. This may be due to some kind of misconfiguration of the NetworkManager polkit or gnome-keyring itself but, if this is the case, I have no clue how to fix it.
Before it bites the bullet, ProtonVPN is successful in creating a NetworkManager connection instance which I can then connect to with
nmcli conn up --ask connection_name
and entering the password (that was stored in the gnome-keyring) manually. This successfully establishes the connection (but of course is nowhere near a viable solution to this problem).
I have seen some threads on the internet that hint that it might work if I can set the gnome-keyring passwords to be accessible to all users, but I cannot seem to figure out how to do this either.
Yeah, but for one it seemed like there were too many layers between me and the developers, and for another the support dude kind of just gave up on me by saying they “don’t support i3”. I think I stumped them when I got to the point of confirming that the keyring is working properly.
Yeah, not that I’m happy with the proton guys just kind of blowing off non-GNOME, non-KDE, but at the same time it’s becoming increasingly clear that the real issue is the NetworkManager is not able to talk to the keyring, which is maybe not really their fault, and as of now looks like it’s probably not even happening in their program. Figured by now it’s more-or-less in the purview of “general linux issue” so it would make sense to ask about here.
I’ve been looking for stuff like that, but so far nowhere to be seen… where are you seeing this? I’ve been using nmcli.
Btw, while I will certainly try this, it now seems very likely that the best solution will come from the gnome-keyring side rather than the NetworkManager side. The reason for this is that protonvpn creates the connection instance automatically, so to get it to do it for all users will require changing the source code (which is a possibility, but I don’t know if they’ll accept the PR as I suspect just about everything will be seen as a security risk). Probably what I’m really looking for is a big button that says “Make all gnome-keyring items available to `NetworkManager”
I should have clarified, I think what you are referring to is their old shell script. This is deprecated, so I’m operating on the assumption it will not always work. But yeah, giving up here may mean switching providers, or it may just mean rolling my own solution
Hm, so protonvpn-cli-ng works for me, only issue is that I have to run it as sudo which isn’t quite ideal.
I guess I should ask them for clarification on whether I should expect this to keep working, though it’ll probably just depend on community involvement. Kind of unsettling that it asks me to use the other one every single time I connect lol.
Somebody from proton told me how to solve this! See here. It was something incredibly simple nm-applet needs to be running for NetworkManager to use this feature. Definitely seems to be a case of some really lousy logging on NetworkManagers part.
Anyway, if anyone else encounters this, you just need:
gnome-keyring installed and started with gnome-keyring-daemon --start somewhere in your i3 config.
The nm-applet running, again, put an exec in your i3 config.
I use them for mail, VPN, the services that come with it like calendar and contacts, and I’m looking forward to drive. For the most part I’m pretty happy with them, but I would say that in general their development seems pretty slow. Took them a very long time to release the latest web GUI for mail, though I’d been using the beta for much of that time.
I’m really banking a lot on proton drive, because I don’t see many great alternatives for cloud storage. What they have so far seems nice, but until it has a sync feature it’s mostly unusable. They have not been fast, at all, in the development of this, though I don’t see much of what’s happening on the back-end. I have a lot of plans for how to use it, but I’m starting to get to the point where I’m probably just going to have to encrypt a bunch of stuff on an S3 or whatever. The music and video streaming services are total scumbags, so the main thing I’m looking to do is store a bunch of media.