VPN issues on Manjaro

If your system hibernated during VPN session - always assume your VPN connection is broken. To avoid re-connection issues and DNS leaks - disconnect and reconnect your VPN session before resuming internet activities.

NordVPN is reported having these issues on Arch based distributions.

The firewall issue can be solved by using firewalld which is a nftables based firewall.

One of the issues with NordVPN I have been able reproduce is the issue of hibernation.

When resuming from hibernation there is no resolvers defined in /etc/resolv.conf and you need to disconnect/reconnect to NordVPN.

From the sources below it appears that NordVPN assumes the resolver to systemd-resolvd so systems using openresolv suffers.

It is not an entirely bad suffering as it breaks your connection making it impossible to connect to access the internet - you could call it a killswitch.

Sources


https://aur.archlinux.org/packages/nordvpn-bin#comment-722176
https://aur.archlinux.org/packages/nordvpn-bin#comment-722165

11 Likes

I just disable and enable network and it works then.

another alternative for those that have the opportunity is to setup openvpn on your router so all connected devices use the VPN - you can do this with the DD-WRT firmware, among others

2 Likes

something like this also works granted you edit the commands appropriately, i use this to reconnect to vpn after waking from suspend, hibernation.target could also be added

#/etc/systemd/system/restartwg.service
[Unit]
Description=Restart wireguard vpn
After=sleep.target

[Service]
Type=simple
ExecStartPre=/usr/bin/sleep 3
ExecStart=/usr/bin/systemctl restart wg-quick@mullvad-ca3 
Restart=on-failure

[Install]
WantedBy=sleep.target
2 Likes

Weird. I always just assumed that if I accidentally put my computer to sleep while still connected to NordVPN, that I would be timed-out, and have to reconnect. :man_shrugging: But then I rarely use a VPN, so I guess Iā€™m used to disconnecting from it.

1 Like

I always figured hibernation would be an issue for VPNs regardless of OS. The fact that it's become this contained is amazing to me.

Exactly. I use ProtonVPN and I have used both the (old) CLI and in the meantime been developing a tool myself in python (only to later know that they had been developing a CLIv2 which is also written in python). Either way, when you close the lid/suspend/hibernate it will always timeout the connection, with the only exception that if the company itself provides some sort of own developed feature that somehow "auto-corrects" itself. Most of the time, because the connection will timeout you will not need to worry about any data leakage, since you also mentioned about the fact that it creates a sort of killswitch (@linux-aarhus). So even if the connectioned does not drop, previous DNS configurations are still in place (supposed that you always change to your VPN provider DNS configurations) which will automatically cut any connections.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by