Cannot connect to VPN via Network Manager

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
Saffron
Level 1
Level 1
Posts: 23
Joined: Tue Sep 29, 2015 9:59 pm

Cannot connect to VPN via Network Manager

Post by Saffron » Sat Nov 10, 2018 6:19 am

I'm running 18.2 on a laptop. I used PIA for years with no issues, but decided to switch over to NordVPN. I check all of my OpenVPN installs, and made sure everything was up to date.

But, when I go through and add a connection manually via the Network Manager, it tells me that it is connected, but I can't actively connect to anything online. I can't ping anything online. I've tried this with both UDP and TCP. I also attempted with ProtonVPN (the free version, just as a test to see if it was an issue with Nord servers being down), and had the exact same result.

If I connect to Nord via terminal it works, but usually drops connection within the hour if I'm running KTorrent (with no activity). It will stay connected for simple web browsing. The issue is clearly on my end, but I have no idea what it is.

I would prefer to connect via Network Manager for ease of use, and an icon telling me when I am/am not connected. What's going on with my system, and does anyone have any clue how to fix it?
I said to stand back, I never said I knew what I was doing.

redlined
Level 4
Level 4
Posts: 408
Joined: Wed Jun 06, 2018 8:12 pm
Location: Mile High, Green State (Denver, CO:)

Re: Cannot connect to VPN via Network Manager

Post by redlined » Sat Nov 10, 2018 12:30 pm

hi Saffron!

I'm very new to linux, but have used VPNs for years, so please consider my input as conversation vs advice. This sounds like a DNS or firewall issue to help sort that (and info the Linux experienced helpers hereabouts prefer to see) please run the following commands in terminal and paste the results into code boxes in reply.

Code: Select all

inxi -Fxz
and

Code: Select all

ifconfig
and I believe this will help troubleshoot as well

Code: Select all

sudo ufw status verbose
(edit to add ufw status info request)
Moem kōan 42: Should tool manufacturers be required to fix their products so that you cannot use their saws to cut the tree branch that you're sitting on?

(The answer to the ultimate question of life, the universe and everything is... 42!!;)

Saffron
Level 1
Level 1
Posts: 23
Joined: Tue Sep 29, 2015 9:59 pm

Re: Cannot connect to VPN via Network Manager

Post by Saffron » Sat Nov 10, 2018 12:36 pm

Code: Select all

System:    Host: Donna Kernel: 4.15.0-38-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: Cinnamon 3.4.6 (Gtk 3.18.9) Distro: Linux Mint 18.2 Sonya
Machine:   System: Dell (portable) product: Latitude E5420 v: 01
           Mobo: Dell model: 0H5TG2 v: A03 Bios: Dell v: A05 date: 11/30/2011
CPU:       Dual core Intel Core i5-2520M (-HT-MCP-) cache: 3072 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 9978
           clock speeds: max: 3200 MHz 1: 798 MHz 2: 798 MHz 3: 803 MHz
           4: 800 MHz
Graphics:  Card: Intel 2nd Generation Core Processor Family Integrated Graphics Controller
           bus-ID: 00:02.0
           Display Server: X.Org 1.18.4 drivers: intel (unloaded: fbdev,vesa)
           Resolution: 1600x900@60.04hz
           GLX Renderer: Mesa DRI Intel Sandybridge Mobile
           GLX Version: 3.0 Mesa 18.0.5 Direct Rendering: Yes
Audio:     Card Intel 6 Series/C200 Series Family High Definition Audio Controller
           driver: snd_hda_intel bus-ID: 00:1b.0
           Sound: Advanced Linux Sound Architecture v: k4.15.0-38-generic
Network:   Card-1: Broadcom BCM43228 802.11a/b/g/n driver: wl bus-ID: 02:00.0
           IF: wlp2s0 state: up mac: <filter>
           Card-2: Broadcom NetXtreme BCM5761 Gigabit Ethernet PCIe
           driver: tg3 v: 3.137 bus-ID: 0a:00.0
           IF: enp10s0 state: down mac: <filter>
Drives:    HDD Total Size: 500.1GB (50.0% used)
           ID-1: /dev/sda model: HITACHI_HTS72505 size: 500.1GB
Partition: ID-1: / size: 451G used: 226G (53%) fs: ext4 dev: /dev/sda1
           ID-2: swap-1 size: 8.48GB used: 0.00GB (0%) fs: swap dev: /dev/sda5
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 55.0C mobo: N/A
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 259 Uptime: 2 days Memory: 4788.0/7871.8MB
           Init: systemd runlevel: 5 Gcc sys: 5.4.0
           Client: Shell (bash 4.3.481) inxi: 2.2.35 

Code: Select all

enp10s0   Link encap:Ethernet  HWaddr d0:67:e5:4f:8f:86  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:18 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:20657 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20657 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:6880461 (6.8 MB)  TX bytes:6880461 (6.8 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.8.31  P-t-P:10.8.8.31  Mask:255.255.255.0
          inet6 addr: fe80::6ef1:3690:304e:5192/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:544790 errors:0 dropped:0 overruns:0 frame:0
          TX packets:293371 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:602290219 (602.2 MB)  TX bytes:29645008 (29.6 MB)

wlp2s0    Link encap:Ethernet  HWaddr e0:06:e6:6b:67:84  
          inet addr:192.168.0.111  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::4fe6:4485:51db:2101/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3682223 errors:0 dropped:0 overruns:0 frame:2255436
          TX packets:2397215 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:257926010 (257.9 MB)  TX bytes:374150847 (374.1 MB)
          Interrupt:17 

Code: Select all

Status: inactive
I have discovered that if I connect to Nord directly through sudo config in terminal, not through their app or Network Manager, that there is no dropping issues. Lots of reply warnings (I haven't muted them so I can monitor the connection. And I'm not sure how to mute them to be honest), but a steady connection.
I said to stand back, I never said I knew what I was doing.

redlined
Level 4
Level 4
Posts: 408
Joined: Wed Jun 06, 2018 8:12 pm
Location: Mile High, Green State (Denver, CO:)

Re: Cannot connect to VPN via Network Manager

Post by redlined » Sat Nov 10, 2018 1:42 pm

I'm comparing your results with mine on those commands but don't have the knowledge to determine what may be missing, for example I see on my ifconfig results there is destination info on tun0 (the ovpn virtual adapter) also see a huge difference in frame results (RX line of wlp2s0) yours is 2255436 whereas mine shows 0 on all adapters listed. Not even sure if either or both of those factors are relevent... but do believe the info will help the troubleshooters in forum.

ufw isn't a factor ("inactive" which to me says all going out will be allowed and unsolicited incoming connections will be dropped).

When you look at NM connection information what do you see for DNS servers under TUN and WIfi? (IPv4&v6)

is power saving turned off for your wifi adapter?

Please paste in some of the terminal "reply warnings" you are seeing when connected that way, perhaps something in config will be evident from that.

There is check connection and reconnect VPN in NM settings we can try in effort to get NM managing this connection for you as well. Open NM "edit connections", select the connection name of VPN you imported config for, hit the gear box (edit), VPN tab, open advanced (lower right), you want to enable (checkmarked) the "Specify ping interval:" and set that to 10

also enable the very bottom option "Specify exit or restart ping:" select "ping-restart" from the drop down and set 60 in the timer box.

click "OK"

before "Save" (since we have VPN open) what do you see under IPv4 and v6 tabs "method"? is set to Automatic (or Auto addresses only and manual info typed in for DNS)?

make sure to click "Save" to exit out of VPN edit. The try to connect VPN via NM and lets see if it's any better~
Moem kōan 42: Should tool manufacturers be required to fix their products so that you cannot use their saws to cut the tree branch that you're sitting on?

(The answer to the ultimate question of life, the universe and everything is... 42!!;)

Saffron
Level 1
Level 1
Posts: 23
Joined: Tue Sep 29, 2015 9:59 pm

Re: Cannot connect to VPN via Network Manager

Post by Saffron » Sat Nov 10, 2018 2:10 pm

Altered the NM connections and still nothing. I can't ping out, and everything is stuck on a forever case of 'loading'.

The replay warning message I'm getting is this:

Code: Select all

Sun Nov 11 03:03:08 2018 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #81445 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
It's not a major issue, it's a good way to monitor the connection in Terminal. I switched to a tcp from a ucp connection, and it has eliminated the bad packet issue. But, as going through Terminal to connect works, I'm going to be sticking with that for now. It's not an inconvenience for me, it just takes a few seconds more. But direct connecting that way has eliminated the connection drops as well, which was the main issue via the NordVPN app.
I said to stand back, I never said I knew what I was doing.

redlined
Level 4
Level 4
Posts: 408
Joined: Wed Jun 06, 2018 8:12 pm
Location: Mile High, Green State (Denver, CO:)

Re: Cannot connect to VPN via Network Manager

Post by redlined » Sat Nov 10, 2018 3:06 pm

hi Saffron,

I looked around at NordVPN site and do see one thing you may want to adjust, according to their faqs Nord does not support IPv6 (yet), note says due in 2018 and manual methods (not using their client) say to disable IPv6 altogether (and I concur, for privacy/anti-leak measures, especially if they don't support it)

If you disable IPv6 using NM I recommend do it for all adapters (wifi and tun) by entering NM edit connections, select connection, hit the gear box (edit), IPv6 setting tab, Method: Ignore. and see if this helps when using NM to connect VPN. It would explain the timeouts I think we're seeing.
Moem kōan 42: Should tool manufacturers be required to fix their products so that you cannot use their saws to cut the tree branch that you're sitting on?

(The answer to the ultimate question of life, the universe and everything is... 42!!;)

redlined
Level 4
Level 4
Posts: 408
Joined: Wed Jun 06, 2018 8:12 pm
Location: Mile High, Green State (Denver, CO:)

Re: Cannot connect to VPN via Network Manager

Post by redlined » Sat Nov 10, 2018 3:29 pm

more info on disable IPv6, I have done four methods locally, via NM, in sysctl.conf, in etc/hosts and in Grub menu. NordVPN's guide to disable is what I have done (sysctl method) and can be found here (under debian based)
https://nanorep.nordvpn.com/Connectivit ... -Linux.htm

the Grub method, also requiring reboot, can be found here: Security flaw found in systemd

and see if NM is managing the VPN better. If not I have run out of ideas and ask you please continue to monitor thread for the Linux experienced to help you troubleshoot the issue further.
Moem kōan 42: Should tool manufacturers be required to fix their products so that you cannot use their saws to cut the tree branch that you're sitting on?

(The answer to the ultimate question of life, the universe and everything is... 42!!;)

Post Reply

Return to “Other networking topics”