VPN problems under Manjaro Plasma

    OS: Manjaro Linux x86_64
    Kernel: Linux 6.12.4-1-MANJARO
    Packages: 1413 (pacman)[stable]
    Shell: zsh 5.9
    DE: KDE Plasma 6.2.4
    WM: KWin (X11)
    WM Theme: Breeze
    Terminal: konsole 24.8.3
    CPU: AMD Ryzen 5 3600 (12) @ 4.21 GHz
    GPU: NVIDIA GeForce GTX 1650 [Discrete]
    Memory: 2.93 GiB / 15.54 GiB (19%)
    Swap: Disabled
    Disk (/): 84.27 GiB / 589.97 GiB (14%) - btrfs
    Locale: it_IT.UTF-8

Hello, I currently have a computer with the specifications listed above.
Upon activating an institutional VPN (OpenVPN UDP), I mounted a Hetzner
network storage using the CIFS protocol (mounted via systemd). At that
point, it becomes unreachable both through the File Manager (Dolphin)
and from the terminal. This issue persists as long as the VPN connection
is active; naturally, once the connection ends, everything returns to
normal. I’m encountering the same situation on a relative’s computer
running Fedora 41 (KDE Wayland). Are there any ready-made solutions that
you’re aware of?

Hi @Frank62,

It sounds like a routing problem, when the VPN is active, the IP address you use changes, and you’re probably not allowed to access the NAS from that IP range.

I’ve never done this, perhaps someone here has, but I think you’ll have to specify a second gateway, one that bypassed the VPN and use that for the NAS conneection.

I assume the VPN is required to mount the network storage?

No. The two things are indipendent

From my understand, this is not a bug… it is a feature.

In my VPN Software in the GUI, it called Network Lock that prevent traffic leak while using the VPN client to leak outside.

And under advanced option under Network Lock i can allow Lan Connection and other connection options.

Then you have the explanation.

When activating the vpn your existing route becomes void. This is by design. When you disconnect your vpn your route goes back to ‘normal’.

Let me clarify, I need the institutional VPN to access work services; however, the mounted resources are independent of it and I need them whether the VPN is active or not.

As per your suggestion I checked the gateways and indeed when I activate vpn another default gateway is added. But when I unmount the resource with umount , connect to the vpn and then re-mount it , the latter operation happens successfully.
After doing this, if I try to access the resource via terminal or file manager in either case the system hangs and only after I disconnect the vpn does the system respond again.

Are you using OpenVPN CLI or GUI?

In the GUI you can make rules for Route inside and outside the VPN.
You can also enable/disable the network lock.

I probably not a big help here, because i use a modified version from OpenVPN.

Then you’ll have to setup your routing to route all traffic for the IP through the first gateway and everything else will then go through the VPN gateway.

No, I’ve never done this, I only know because I spent quite some time researching VPNs and how they’d work for this type of situation.

You’ll have to use a custom Routing Table. See

https://wiki.archlinux.org/title/Network_configuration#Routing_table

https://unix.stackexchange.com/a/22794

https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html

You can use the Network Manager GUI to add a custom route that will be available whether you have VPN active or not.

Use the Routes section to define a custom route to the remote IP hosting your network storage.

Screenshot

image

Address Netmask Gateway Metric
<remote wan ip> 255.255.255.255 <local router ip> 1

Be sure to tick the box Ignore automatically obtained routes

1 Like