Cannot Connect to VPN

Hello,

I am using Fedora 31 with KDE Plasma. I have been using this particular configuration for about 6 months. I started at Fedora 29 and upgraded to 30 and then 31.

I am having trouble connecting to my VPN. I have been using this VPN very regularly and have never had this issue the entire time.

The VPN is confirmed as working as I can connect successfully to it from Windows and my co-worker can also connect successfully from his Ubuntu system.

When ever I click on the Network icon and under available connections click Connect next to the VPN it says

The service providing the VPN connection was stopped.

I have had the VPN configured on this machine since fc29 (currently on fc31) and have never had this issue until recently.

I tried restarting the system and it had no effect on the problem.
I double-checked all of my configuration settings for the VPN and they are correct.

I have tried modifying /etc/sysctl.conf adding:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

(as per https://forums.linuxmint.com/viewtopic.php?t=273130)

However this had no effect either…

Any one have any ideas? It happened out of nowhere…

I hadn’t connected for 2-3 weeks previously.

Cheers

OK, I have an update.

I also run fc31 on my laptop. The VPN was connecting fine this morning.

However, after running

dnf update

And updating kernel, kernel-core, kernel-devel, kernel-modules, kernel-modules-extra to 5.5.7-200.fc31 … the VPN no longer connects on the laptop, either!

What do I do? How do I get around this? I tried restarting the computer and selecting the previous kernel but I am experiencing the same problem (cannot connect).

HELP!

  Try scan this topic?  Not sure if it'll help.

I don’t have that particular folder they mention … it has never existed on my system.

Do I need to create it? Why do I suddenly need do this?

I am so confused.

Thank you for the link, however there is nothing there that seems to help me.

  Did you had a look at the topic where the post linked above is residing?  The post is must have reading, but the target is the another topic's "Solution" (where openVPN was broken bekause of some SELinux stuff).

  Possible that is SELinux glitches.

OpenSUSE two-posts thread from 2016:

  I solved it by removing the vpn connection then adding it again. I don't know what the problem was but at least it's fixed now.

I do not recall setting up SELinux - would this be automatically setup and configured unbeknownst to me?

I attempted to run

setenforce Permissive

but it seemed to have zero effect on the problem.

Looking at the journal:

Mar 04 09:38:25 jsxfed NetworkManager[1275]: [1583336305.7774] audit: op=“statistics” arg=“refresh-rate-ms” pid=3037 uid=1000 result=“success”
Mar 04 09:38:25 jsxfed NetworkManager[1275]: [1583336305.3281] vpn-connection[0x5616f2758370,7787f3c4-d97c-4634-a83e-34d44e262352,“Labs”,0]: VPN connection: failed to connect: ‘Remote peer disconnected’
Mar 04 09:38:25 jsxfed NetworkManager[1275]: [1583336305.3270] vpn-connection[0x5616f2758370,7787f3c4-d97c-4634-a83e-34d44e262352,“Labs”,0]: VPN service disappeared
Mar 04 09:38:25 jsxfed NetworkManager[1275]: [1583336305.3240] vpn-connection[0x5616f2758370,7787f3c4-d97c-4634-a83e-34d44e262352,“Labs”,0]: VPN plugin: state changed: stopped (6)
Mar 04 09:38:25 jsxfed nm-l2tp-service[96350]: g_dbus_method_invocation_take_error: assertion ‘error != NULL’ failed

First, thank you very much for doing this research and checking out posts from other forums. I sincerely appreciate it.

I have tried removing this VPN connection and adding it with the same settings, however it had no effect. I get the same errors. :sweat:

  As i'm understood, this error came from a GUI app.  What about a console app -- openvpn?  It may bring more details.

Alright, I could give that a shot…

My configuration seems to be stored in /etc/NetworkManager/system-connections/connection_name.nmconnection

Is there a way to convert this nmconnection file into a .ovpn file that I can load using command-line?

  IDK.  Aren't the VPN-service crowd distribute them?  

  An big page didecated to VPN (Arch Wiki).
  Some command-line examples for openvpn.

1 Like

Sorry, I am not sure what you mean by this.

OK - this is now getting extremely complicated. Previously, I just had to enter a gateway, username, password, pre-shared key and click connect. Now, I have to generate certificates, read a large manual, and spend hours of attempts in configuring correctly on command-line.

I will dive into it… but this sucks, it just worked before the “upgrades”…

1 Like

  Some another example (scrollable),
proton-example.ovpn:

# ==============================================================================
# Copyright (c) 2016-2017 ProtonVPN A.G. (Switzerland)
# Email: contact@protonvpn.com
#
# The MIT License (MIT)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR # OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# ==============================================================================

client
dev tun
proto udp

remote nl-free-02.protonvpn.com 80
remote nl-free-02.protonvpn.com 443
remote nl-free-02.protonvpn.com 4569
remote nl-free-02.protonvpn.com 1194
remote nl-free-02.protonvpn.com 5060

remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
comp-lzo no
verb 3

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun

reneg-sec 0

remote-cert-tls server
auth-user-pass
pull
fast-io

# anti-DNS-leaks-stuff; idk about this matter.
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

<ca>
-----BEGIN CERTIFICATE-----
  ## cut by vits95 ##
-----END CERTIFICATE-----
</ca>

key-direction 1
<tls-auth>
# 2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
  ## cut by vits95 ##
-----END OpenVPN Static key V1-----
</tls-auth>

Again, this doesn’t seem to correspond at all to how my nmconnection file is configured

How do I convert it to an ovpn? They seem like different concepts.

Here is my My_Connection.nmconnection file

[connection]
id=__________
uuid=___________
type=vpn
permissions=user::_____;

[vpn]
gateway=____________
ipsec-enabled=yes
ipsec-esp=aes128-sha1,3des-sha1
ipsec-forceencaps=yes
ipsec-gateway-id=_________
ipsec-ike=aes128-sha1-modp2048,3des-sha1-modp1536,3des-sha1-modp1024
ipsec-psk=_____________
password-flags=0
user=______________
service-type=org.freedesktop.NetworkManager.l2tp

[vpn-secrets]
password=__________

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

[proxy]

I have ______ out all information that is secret. They are not actually _______.

I am looking at the example file you have posted and it seems like a totally different paradigm - I don’t know how to correspond/translate from one to another.

1 Like

  Also your config has ipsec.  Pity i know nothing about the VPN's.

1 Like

[Fedora31 Server KDE User]

I’m really happy with using openvpn client on F31.
I’m not sure why it’s such a problem, but it’s really useful for server and client use and management if you don’t have a problem with the environment configuration and key setting parts.

1 Like

It is pretty basic L2TP VPN connection that I use to connect to a network I use for work purposes.
The IPSec part should be irrelevant… as I said, it worked perfectly for many months and then after a recent upgrade to the kernel (and to some other NetworkManager related stuff, I would assume) it stopped working…

One thought is maybe one of these protocols

ipsec-ike=aes128-sha1-modp2048,3des-sha1-modp1536,3des-sha1-modp1024

is causing an issue.

I turned on DEBUG mode

sudo nmcli general logging level DEBUG

Try to connect. Same thing. But what does the journal say?

Mar 04 11:48:03 jsxfed nm-l2tp-service[17373]: g_dbus_method_invocation_take_error: assertion ‘error != NULL’ failed
Mar 04 11:48:03 jsxfed NetworkManager[1417]: [1583344083.8165] vpn-connection[0x55ff62296710,d0f1f569-3294-4e5d-ab83-108342f60cfd,“My Connection”,0]: VPN plugin: state changed: stopped (6)
Mar 04 11:48:03 jsxfed NetworkManager[1417]: [1583344083.8178] ++ connection ‘update connection’ (0x55ff62275ca0/NMSimpleConnection/“vpn” < 0x55ff62259c60/NMSimpleConnection/“vpn”) [/org/freedesktop/NetworkManager/Settings/2]:
Mar 04 11:48:03 jsxfed NetworkManager[1417]: [1583344083.8178] ++ vpn [ 0x55ff62273d00 < 0x55ff6221d9c0 ]
Mar 04 11:48:03 jsxfed NetworkManager[1417]: [1583344083.8178] ++ vpn.secrets = ((GHashTable) 0x55ff62213300) < ((GHashTable) 0x55ff6224e6a0)
Mar 04 11:48:03 jsxfed NetworkManager[1417]: [1583344083.8191] active-connection[0x55ff62296710]: set state deactivated (was activating)
Mar 04 11:48:03 jsxfed NetworkManager[1417]: [1583344083.8193] active-connection[0x55ff62296710]: check-master-ready: not signalling (state deactivated, no master)
Mar 04 11:48:03 jsxfed NetworkManager[1417]: [1583344083.8193] device[0x55ff62224bd0] (enp37s0): remove_pending_action (0): ‘activation-0x55ff62296710’
Mar 04 11:48:03 jsxfed NetworkManager[1417]: [1583344083.8207] vpn-connection[0x55ff62296710,d0f1f569-3294-4e5d-ab83-108342f60cfd,“My Connection”,0]: VPN service disappeared
Mar 04 11:48:03 jsxfed NetworkManager[1417]: [1583344083.8217] vpn-connection[0x55ff62296710,d0f1f569-3294-4e5d-ab83-108342f60cfd,“My Connection”,0]: VPN connection: failed to connect: ‘Remote peer disconnected’
Mar 04 11:48:03 jsxfed NetworkManager[1417]: [1583344083.8257] active-connection[0x55ff62296710]: disposing
Mar 04 11:48:04 jsxfed NetworkManager[1417]: [1583344084.2061] platform-linux: do-request-link: 2
Mar 04 11:48:04 jsxfed NetworkManager[1417]: [1583344084.2064] platform: (enp37s0) signal: link changed: 2: enp37s0 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1 ethernet? init addrgenmode none addr 88:D7:F>
Mar 04 11:48:04 jsxfed NetworkManager[1417]: [1583344084.2064] device[0x55ff62224bd0] (enp37s0): queued link change for ifindex 2
Mar 04 11:48:04 jsxfed NetworkManager[1417]: [1583344084.4037] device[0x55ff62224bd0] (enp37s0): stats: set refresh to 0 ms
Mar 04 11:48:04 jsxfed NetworkManager[1417]: [1583344084.4040] audit: op=“statistics” arg=“refresh-rate-ms” pid=5434 uid=1000 result=“success”

I still do not have a clue. Does this log help anybody? (Please do not hack me using this information!)

I guess I’ll have to try and figure it out…
Weird that I suddenly am forced to avoid using NetworkManager and nmconnection

1 Like

There is no problem with the NetworkManager service, but please refer to the installed status below. You need to specify the port opening for the VPN configuration and firewall configuration. Have a nice day.

OK I have almost the exact same output for status NetworkManager and nearly the same packages installed related to openvpn

I am unclear what you mean by which port… I believe there are several ports we would be using since there are several services that we use over the VPN. I know the IP ranges that I would like the VPN to use - but the ports list is a bit more difficult to obtain… only because previously I did not have to worry at all about ports, it was all automatic.

This seems like a huge downgrade and step backwards from something that configured itself to something I now have to specify manually. My lab partners are asking me WTF is wrong with my OS that I have to specify ports for the VPN connection.

2 Likes