ProtonVPN connection fails due to failure to get secrets

I’ve been going through a saga trying to get ProtonVPN working on my Manjaro installation. The starting point of my installation is the minimal Manjaro i3 install. I make mostly cosmetic modifications to this, for the purposes of this conversation the biggest difference may be that I completely replace the deafult i3 config with my own.

I am experiencing a problem in which the CLI utility that opens the connection hangs when trying to establish it. NetworkManager logs reveal the following:

<error>  vpn-connection[-----]: Failed to request VPN secrets #3: No agents were available for this request.

Now, the way that ProtonVPN works is that it stashes a bunch of password in gnome-keyring during an initialization step. Then, when establishing a connection, it fetches a password. I have confirmed that gnome-keyring is working properly on my installation and that ProtonVPN has successfully stashed its passwords, both because I can fetch them with secret-tool and because I can see them in the seahorse GUI front-end for gnome-keyring

This leads me to speculate that, while I am able to fetch the passwords as my user, for whatever reason NetworkManager cannot. This may be due to some kind of misconfiguration of the NetworkManager polkit or gnome-keyring itself but, if this is the case, I have no clue how to fix it.

Before it bites the bullet, ProtonVPN is successful in creating a NetworkManager connection instance which I can then connect to with

nmcli conn up --ask connection_name

and entering the password (that was stored in the gnome-keyring) manually. This successfully establishes the connection (but of course is nowhere near a viable solution to this problem).

I have seen some threads on the internet that hint that it might work if I can set the gnome-keyring passwords to be accessible to all users, but I cannot seem to figure out how to do this either.

Anyone have any ideas?

is commercial software, so have you tried reaching out to their support yet?


Yeah, but for one it seemed like there were too many layers between me and the developers, and for another the support dude kind of just gave up on me by saying they “don’t support i3”. I think I stumped them when I got to the point of confirming that the keyring is working properly.

Also opened an issue here.

1 Like

I can’t help you any further, so let’s keep this open and see if anyone else using I3 is using ProtonVPN and got it to work!


Yeah, not that I’m happy with the proton guys just kind of blowing off non-GNOME, non-KDE, but at the same time it’s becoming increasingly clear that the real issue is the NetworkManager is not able to talk to the keyring, which is maybe not really their fault, and as of now looks like it’s probably not even happening in their program. Figured by now it’s more-or-less in the purview of “general linux issue” so it would make sense to ask about here.

1 Like

I’m on KDE, but that uses NetworkManager too and you did click the Make available to other users too, right?


I’ve been looking for stuff like that, but so far nowhere to be seen… where are you seeing this? I’ve been using nmcli.

Btw, while I will certainly try this, it now seems very likely that the best solution will come from the gnome-keyring side rather than the NetworkManager side. The reason for this is that protonvpn creates the connection instance automatically, so to get it to do it for all users will require changing the source code (which is a possibility, but I don’t know if they’ll accept the PR as I suspect just about everything will be seen as a security risk). Probably what I’m really looking for is a big button that says “Make all gnome-keyring items available to `NetworkManager” :laughing:

I have been using proton vpn for a long time - it works when you use the proton cli client.

What you are trying to do is to setup network manager and openvpn and to my knowledge that doesn’t work well.

1 Like

I should have clarified, I think what you are referring to is their old shell script. This is deprecated, so I’m operating on the assumption it will not always work. But yeah, giving up here may mean switching providers, or it may just mean rolling my own solution :man_shrugging:

no not shell script - python application

pamac build protonvpn-cli-ng
1 Like

Ah! Can you share any details about your setup? Which WM/desktop are you using?

Openbox and network manager

But a comment is advising to use protenvpn-cli which is new to me.


Oh… so you are using this… now I’m a bit confused about the status of this vs their new one. Not sure whether to expect this to be maintained or not…

They say they recommend “upgrading” to the other one but… uh yeah, this is confusing. Well, gives me an alternative at least.

I’m kind of still convincing myself that if I spend enough time reading the arch wiki I’ll just get the other one working :laughing:

1 Like

Hm, so protonvpn-cli-ng works for me, only issue is that I have to run it as sudo which isn’t quite ideal.

I guess I should ask them for clarification on whether I should expect this to keep working, though it’ll probably just depend on community involvement. Kind of unsettling that it asks me to use the other one every single time I connect lol.

Somebody from proton told me how to solve this! See here. It was something incredibly simple nm-applet needs to be running for NetworkManager to use this feature. Definitely seems to be a case of some really lousy logging on NetworkManagers part.

Anyway, if anyone else encounters this, you just need:

  • gnome-keyring installed and started with gnome-keyring-daemon --start somewhere in your i3 config.
  • The nm-applet running, again, put an exec in your i3 config.

Thanks all!


The paid version?
I have the free version (Dutch…) and it cuts down the speed a lot.
120/120 becomes 20/20

Yup - I also use the mailsevice with one of my domains - I am seriously considering to switch to the visionary but as it is an awful lot of money I working my family to chip in.

I use them for mail, VPN, the services that come with it like calendar and contacts, and I’m looking forward to drive. For the most part I’m pretty happy with them, but I would say that in general their development seems pretty slow. Took them a very long time to release the latest web GUI for mail, though I’d been using the beta for much of that time.

I’m really banking a lot on proton drive, because I don’t see many great alternatives for cloud storage. What they have so far seems nice, but until it has a sync feature it’s mostly unusable. They have not been fast, at all, in the development of this, though I don’t see much of what’s happening on the back-end. I have a lot of plans for how to use it, but I’m starting to get to the point where I’m probably just going to have to encrypt a bunch of stuff on an S3 or whatever. The music and video streaming services are total scumbags, so the main thing I’m looking to do is store a bunch of media.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.