You are not logged in.
I want to set up CyberGhost VPN via OpenVPN through NetworkManager. If I run the OPVN file (provided by CyberGhost) with
# openvpn --config /path/to/openvpn.opvn
, it runs completely fine. However, if I import the file using the NetworkManager GUI and turn on the VPN, I get the following log output:
Nov 07 18:32:31 archlinux NetworkManager[475]: <info> [1604770351.0486] audit: op="connection-activate" uuid="REDACTED" name="cyberghost" pid=1032 uid=1000 result="success"
Nov 07 18:32:31 archlinux NetworkManager[475]: <info> [1604770351.0522] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",0]: Started the VPN service, PID 1545
Nov 07 18:32:31 archlinux NetworkManager[475]: <info> [1604770351.0739] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",0]: Saw the service appear; activating connection
Nov 07 18:32:31 archlinux NetworkManager[475]: <info> [1604770351.1259] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",0]: VPN plugin: state changed: starting (3)
Nov 07 18:32:31 archlinux NetworkManager[475]: <info> [1604770351.1261] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",0]: VPN connection: (ConnectInteractive) reply received
Nov 07 18:32:31 archlinux nm-openvpn[1556]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Nov 07 18:32:31 archlinux nm-openvpn[1556]: WARNING: file 'REDACTED/client.key' is group or others accessible
Nov 07 18:32:31 archlinux nm-openvpn[1556]: OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 27 2020
Nov 07 18:32:31 archlinux nm-openvpn[1556]: library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Nov 07 18:32:31 archlinux nm-openvpn[1556]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 07 18:32:31 archlinux nm-openvpn[1556]: TCP/UDP: Preserving recently used remote address: [AF_INET]REDACTED
Nov 07 18:32:31 archlinux nm-openvpn[1556]: UDP link local: (not bound)
Nov 07 18:32:31 archlinux nm-openvpn[1556]: UDP link remote: [AF_INET]REDACTED
Nov 07 18:32:31 archlinux nm-openvpn[1556]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Nov 07 18:32:31 archlinux nm-openvpn[1556]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1549'
Nov 07 18:32:31 archlinux nm-openvpn[1556]: WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth [null-digest]'
Nov 07 18:32:31 archlinux nm-openvpn[1556]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Nov 07 18:32:31 archlinux nm-openvpn[1556]: [bucharest-rack408.nodes.gen4.ninja] Peer Connection Initiated with [AF_INET]REDACTED
Nov 07 18:32:32 archlinux nm-openvpn[1556]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Nov 07 18:32:32 archlinux nm-openvpn[1556]: TUN/TAP device tun0 opened
Nov 07 18:32:32 archlinux nm-openvpn[1556]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 1545 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_2 --tun -- tun0 1500 1552 REDACTED 255.255.255.0 init
Nov 07 18:32:32 archlinux NetworkManager[475]: <info> [1604770352.8020] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/3)
Nov 07 18:32:32 archlinux NetworkManager[475]: <info> [1604770352.8134] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",0]: VPN connection: (IP Config Get) reply received.
Nov 07 18:32:32 archlinux NetworkManager[475]: <info> [1604770352.8154] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",3:(tun0)]: VPN connection: (IP4 Config Get) reply received
Nov 07 18:32:32 archlinux NetworkManager[475]: <info> [1604770352.8161] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",3:(tun0)]: VPN connection: (IP6 Config Get) reply received
Nov 07 18:32:32 archlinux NetworkManager[475]: <warn> [1604770352.8161] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",3:(tun0)]: invalid IP6 config received!
Nov 07 18:32:32 archlinux NetworkManager[475]: <warn> [1604770352.8162] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",3:(tun0)]: VPN connection: did not receive valid IP config information
Nov 07 18:32:32 archlinux nm-openvpn[1556]: GID set to nm-openvpn
Nov 07 18:32:32 archlinux nm-openvpn[1556]: UID set to nm-openvpn
Nov 07 18:32:32 archlinux nm-openvpn[1556]: Initialization Sequence Completed
Nov 07 18:32:32 archlinux nm-openvpn[1556]: event_wait : Interrupted system call (code=4)
Nov 07 18:32:32 archlinux nm-openvpn[1556]: net_addr_v4_del: REDACTED dev tun0
Nov 07 18:32:32 archlinux nm-openvpn[1556]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Nov 07 18:32:32 archlinux nm-openvpn[1556]: Linux can't del IP from iface tun0
Nov 07 18:32:32 archlinux NetworkManager[475]: <info> [1604770352.8190] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",0]: VPN plugin: state changed: started (4)
Nov 07 18:32:32 archlinux NetworkManager[475]: <info> [1604770352.8190] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",0]: VPN plugin: state changed: stopping (5)
Nov 07 18:32:32 archlinux NetworkManager[475]: <info> [1604770352.8191] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",0]: VPN plugin: state changed: stopped (6)
Nov 07 18:32:32 archlinux nm-openvpn[1556]: SIGTERM[hard,] received, process exiting
Any server I use, I get "event_wait : Interrupted system call (code=4)". This is running on my desktop computer; my laptop computer has almost the same configuration and works out of the box. There's something wrong with NetworkManager in this machine, I think.
I've tried importing the OPVN file via `nmcli` then running the VPN using the GUI but that doesn't work either.
Last edited by aumars (2020-11-07 20:43:24)
Offline
You aren't alone. I'm having the exact issue with PIA VPN + nm-openvpn. It does work, however with ProtonVPN
edit: I think this may apply https://bugs.archlinux.org/task/68480
I downgraded the openvpn package to 2.4.9-2 & my problems went away. Is your laptop updated to 2.5* as well?
Last edited by drdrewdown (2020-11-08 00:36:36)
Offline
I downgraded openvpn as well and it worked, thank you. The new 2.5.0-3 release should fix this though.
Offline
Downgrading helped me too! Thank you!!!
But 2.5.0-3 did not do the trick.
Offline
Same
$ sudo pacman -U https://archive.archlinux.org/packages/o/openvpn/openvpn-2.4.9-2-x86_64.pkg.tar.zst
did the trick. I had 2.5.0-3 also which works on another machine with same vpn config but not this one
Last edited by prince_archine (2020-11-19 14:54:24)
Offline
Downgrading to 2.4.9-2 did help, thanks all. But is there a better solution than having old package installed?
Last edited by Demon (2020-12-16 17:10:55)
Offline
This should be fixed upstream in the distro. Just did a huge upgrade to my system and again had to downgrade the vpn package. This error still isn't fixed.
Offline
Vyprvpn also does not work with latest openvpn but I cannot find any open bugs, all were closed...
Offline
Nov 07 18:32:32 archlinux NetworkManager[475]: <warn> [1604770352.8161] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",3:(tun0)]: invalid IP6 config received!
Nov 07 18:32:32 archlinux NetworkManager[475]: <warn> [1604770352.8162] vpn-connection[0x55b63bfc80b0,REDACTED,"cyberghost",3:(tun0)]: VPN connection: did not receive valid IP config information
See https://bugs.archlinux.org/task/68567#comment194596
Nov 07 18:32:32 archlinux nm-openvpn[1556]: GID set to nm-openvpn
Nov 07 18:32:32 archlinux nm-openvpn[1556]: UID set to nm-openvpn
Nov 07 18:32:32 archlinux nm-openvpn[1556]: Initialization Sequence Completed
Nov 07 18:32:32 archlinux nm-openvpn[1556]: event_wait : Interrupted system call (code=4)
Nov 07 18:32:32 archlinux nm-openvpn[1556]: net_addr_v4_del: REDACTED dev tun0
Nov 07 18:32:32 archlinux nm-openvpn[1556]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Nov 07 18:32:32 archlinux nm-openvpn[1556]: Linux can't del IP from iface tun0
To get rid of this permission error you should figure out how to stop NetworkManager from making OpenVPN change its UID and GID as noted in the upgrade notice[0] because OpenVPN will lose the capabilities granted in its .service file if it calls setuid().
[0] https://github.com/archlinux/svntogit-p … all#L7-L11
Offline
Still not fixed. I have set IPv6 in Network Connections for the VPN to Disable or Ignore. Neither works.
Offline
You guys might want to upvote the issue in the GNOME bug tracker to get it noticed by the developers.
Offline
Thanks, just commented there. Again on latest upgrade, the issue still persists.
Offline