OpenVPN / network-manager not working, also leaks DNS

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
jitze
Level 1
Level 1
Posts: 4
Joined: Sat Sep 29, 2018 11:02 am

OpenVPN / network-manager not working, also leaks DNS

Post by jitze »

Dear all,

I have some problems to connect to ProtonVPN. The first step was to import the .ovpn file into the network-manager ("import a saved vpn configuration"). I entered my openvpn credentials and so far so good.

Then it also gives a notification that the connection was succesful, but when I check my ip adress, 9 out of 10 times it still shows my ISP IP. Sometimes the ProtonVPN IP is displayed, but then my DNS is leaking.

But also something strange is happening, when the VPN connection is inactive / disabled the icon of the systray network manager is showing a vpn icon. When I hover my mouse it says "connected to the vpn".

So I tried a different approach: to connect via the terminal. Sometimes the output ends at sequence completed (which is ok). Sometimes the output is as follows:

Code: Select all

Sat Sep 29 17:33:19 2018 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018
Sat Sep 29 17:33:19 2018 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Enter Auth Username: qIEaThN9vI4qIVCVZQqi7IOq
Enter Auth Password: **************
Sat Sep 29 17:33:30 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Sep 29 17:33:30 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Sep 29 17:33:30 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]89.39.107.204:1194
Sat Sep 29 17:33:30 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Sep 29 17:33:30 2018 UDP link local: (not bound)
Sat Sep 29 17:33:30 2018 UDP link remote: [AF_INET]89.39.107.204:1194
Sat Sep 29 17:33:30 2018 TLS: Initial packet from [AF_INET]89.39.107.204:1194, sid=e27589ab 59af357f
Sat Sep 29 17:33:30 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Sep 29 17:33:30 2018 VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
Sat Sep 29 17:33:30 2018 VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
Sat Sep 29 17:33:30 2018 VERIFY KU OK
Sat Sep 29 17:33:30 2018 Validating certificate extended key usage
Sat Sep 29 17:33:30 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Sep 29 17:33:30 2018 VERIFY EKU OK
Sat Sep 29 17:33:30 2018 VERIFY OK: depth=0, CN=nl-107.protonvpn.com
Sat Sep 29 17:33:30 2018 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sat Sep 29 17:33:30 2018 [nl-107.protonvpn.com] Peer Connection Initiated with [AF_INET]89.39.107.204:1194
Sat Sep 29 17:33:32 2018 SENT CONTROL [nl-107.protonvpn.com]: 'PUSH_REQUEST' (status=1)
Sat Sep 29 17:33:32 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.8.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.8.9 255.255.255.0,peer-id 55,cipher AES-256-GCM'
Sat Sep 29 17:33:32 2018 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks 
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: compression parms modified
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sat Sep 29 17:33:32 2018 Socket Buffers: R=[212992->425984] S=[212992->425984]
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: route options modified
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: route-related options modified
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: peer-id set
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: adjusting link_mtu to 1657
Sat Sep 29 17:33:32 2018 OPTIONS IMPORT: data channel crypto options modified
Sat Sep 29 17:33:32 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Sep 29 17:33:32 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Sep 29 17:33:32 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Sep 29 17:33:32 2018 ROUTE_GATEWAY 10.8.8.1/255.255.255.0 IFACE=tun0 HWADDR=00:00:00:00:00:00
Sat Sep 29 17:33:32 2018 TUN/TAP device tun1 opened
Sat Sep 29 17:33:32 2018 TUN/TAP TX queue length set to 100
Sat Sep 29 17:33:32 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Sep 29 17:33:32 2018 /sbin/ip link set dev tun1 up mtu 1500
Sat Sep 29 17:33:32 2018 /sbin/ip addr add dev tun1 10.8.8.9/24 broadcast 10.8.8.255
Sat Sep 29 17:33:32 2018 /sbin/ip route add 89.39.107.204/32 via 10.8.8.1
Sat Sep 29 17:33:32 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
Sat Sep 29 17:33:32 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
Sat Sep 29 17:33:32 2018 Initialization Sequence Completed
Sat Sep 29 17:34:32 2018 [nl-107.protonvpn.com] Inactivity timeout (--ping-restart), restarting
Sat Sep 29 17:34:32 2018 SIGUSR1[soft,ping-restart] received, process restarting
Sat Sep 29 17:34:32 2018 Restart pause, 5 second(s)
Sat Sep 29 17:34:37 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]89.39.107.204:1194
Sat Sep 29 17:34:37 2018 Socket Buffers: R=[212992->425984] S=[212992->425984]
Sat Sep 29 17:34:37 2018 UDP link local: (not bound)
Sat Sep 29 17:34:37 2018 UDP link remote: [AF_INET]89.39.107.204:1194
Sat Sep 29 17:35:37 2018 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sat Sep 29 17:35:37 2018 SIGUSR1[soft,ping-restart] received, process restarting
Sat Sep 29 17:35:37 2018 Restart pause, 5 second(s)
Sat Sep 29 17:35:42 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]89.39.107.204:1194
Sat Sep 29 17:35:42 2018 Socket Buffers: R=[212992->425984] S=[212992->425984]
Sat Sep 29 17:35:42 2018 UDP link local: (not bound)
Sat Sep 29 17:35:42 2018 UDP link remote: [AF_INET]89.39.107.204:1194
^CSat Sep 29 17:35:57 2018 event_wait : Interrupted system call (code=4)
Sat Sep 29 17:35:57 2018 /sbin/ip route del 89.39.107.204/32
Sat Sep 29 17:35:57 2018 /sbin/ip route del 0.0.0.0/1
Sat Sep 29 17:35:57 2018 /sbin/ip route del 128.0.0.0/1
Sat Sep 29 17:35:57 2018 Closing TUN/TAP interface
Sat Sep 29 17:35:57 2018 /sbin/ip addr del dev tun1 10.8.8.9/24
Sat Sep 29 17:35:57 2018 SIGINT[hard,] received, process exiting
This is the info of my system:

Code: Select all

System:    Host: Envy Kernel: 4.15.0-34-generic x86_64 bits: 64 gcc: 7.3.0
           Desktop: Cinnamon 3.8.9 (Gtk 3.22.30-1ubuntu1)
           Distro: Linux Mint 19 Tara
Machine:   Device: laptop System: HP product: HP ENVY Laptop 13-ad1xx v: Type1ProductConfigId serial: N/A
           Mobo: HP model: 83A7 v: KBC Version 39.33 serial: N/A
           UEFI: Insyde v: F.18 date: 11/02/2017
Battery    BAT0: charge: 51.8 Wh 100.0% condition: 51.8/51.8 Wh (100%)
           model: HP Primary status: Full
CPU:       Quad core Intel Core i5-8250U (-MT-MCP-) 
           arch: Kaby Lake rev.10 cache: 6144 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 14400
           clock speeds: max: 3400 MHz 1: 3025 MHz 2: 3050 MHz 3: 3042 MHz
           4: 3041 MHz 5: 3006 MHz 6: 3000 MHz 7: 3039 MHz 8: 3019 MHz
Graphics:  Card: Intel UHD Graphics 620 bus-ID: 00:02.0
           Display Server: x11 (X.Org 1.19.6 )
           drivers: modesetting (unloaded: fbdev,vesa)
           Resolution: 2560x1440@59.95hz
           OpenGL: renderer: Mesa DRI Intel UHD Graphics 620 (Kabylake GT2)
           version: 4.5 Mesa 18.0.5 Direct Render: Yes
Audio:     Card Intel Sunrise Point-LP HD Audio
           driver: snd_hda_intel bus-ID: 00:1f.3
           Sound: Advanced Linux Sound Architecture v: k4.15.0-34-generic
Network:   Card: Intel Wireless 7265 driver: iwlwifi bus-ID: 02:00.0
           IF: wlp2s0 state: up mac: <filter>
Drives:    HDD Total Size: 512.1GB (41.9% used)
           ID-1: /dev/nvme0n1 model: KXG50ZNV512G_TOSHIBA size: 512.1GB
Partition: ID-1: / size: 363G used: 200G (59%) fs: ext4 dev: /dev/nvme0n1p6
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 56.5C mobo: 0.0C
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 246 Uptime: 9 min Memory: 4318.6/7735.8MB
           Init: systemd runlevel: 5 Gcc sys: 7.3.0
           Client: Shell (bash 4.4.191) inxi: 2.3.56 
Does anyone have some ideas? At the Wifi & Openvpn settings I disabled the IPV6 (read it at a similar topic).

Any help is much appreciated!
User avatar
phd21
Level 19
Level 19
Posts: 9739
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: OpenVPN / network-manager not working, also leaks DNS

Post by phd21 »

Hi jitze,

There is the possibility that your VPN provider and or their openVPN configuration files (somewhere.ovpn) are the problem. In some cases, you can edit the configuration files (somewhere.ovpn) to fix these issues, see link below. Have you tried another VPN provider's servers to see if they work like the free "vpnbook"?

[SOLVED]How to fix dns leaks? - Linux Mint Forums
viewtopic.php?f=157&t=270477&hilit=openvpn


Hope this helps ...
Phd21: Mint 20 and 19.2 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
fabien85
Level 7
Level 7
Posts: 1791
Joined: Tue Mar 11, 2014 4:30 pm

Re: OpenVPN / network-manager not working, also leaks DNS

Post by fabien85 »

I can confirm there are bugs with the handling of openvpn by Mint 19.
I have a .ovpn file that works perfectly under Mint 18.3, I can import it with the network manager, then connect to the vpn and it works perfectly. When I try the same with Mint 19, first the network manager doesnt want to import it through its GUI : I get a message that the file contains a Client line blabla something not good (when I first installed Mint 19, it didnt want to import either, but the message was different). I managed to import the profile via command line with nmcli. The VPN now appears in the network manager, but nothing happens when I click to connect.
For the moment I dont use Mint 19 as my main OS (this bug being one of the reasons), so I didnt test further. I think its a bug in the ubuntu base (bionic, 18.04). I'm using Mint 18.3 as my main OS until these kind of bugs are fixed.
Post Reply

Return to “Newbie Questions”