[SOLVED] Cannot get a VPN connection working -

FrizzledOldButt · 06-15-2019, 12:59 AM

This relates to Ubuntu 18.04 LTS and may be specific to it.

The XFCE4 GUI desktop environment is installed.

After the upgrade from 16.04 LTS to 18.04 LTS, my VPN connections, previously working, no longer work. I have set up PPTP and OpenVPN connections.

The netplan configuration is

Quote:

# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
ethernets:
enp1s0:
addresses: []
dhcp4: true
version: 2

Please note that I have pretty much exhausted everything I can find on the internet about the topic, but my knowledge & expertise in networking at this level is limited.

Using the desktop nm-applet the VPN connection items are greyed out. Starting nm-applet with sudo the items seem active but don't respond.

I have resorted to nmcli.

nmcli con gives me

Code:

myOpenVPN      9439b05e-bc7e-419b-8679-95aa84394af2  vpn       --

I note the device column is empty. Should it be?

Attempting

Code:

 sudo nmcli c up myOpenVPN

gives me

Code:

Error: Connection activation failed: Could not find source connection.

/var/log/openvpn is empty

grep VPN /var/log/syslog gives me

Quote:

/etc/NetworkManager/system-connections/myOpenVPN (9439b05e-bc7e-419b-8679-95aa84394af2,"myOpenVPN")
Jun 15 14:55:21 mythserver02 NetworkManager[1961]: <info> [1560576321.7239] audit: op="connection-activate" uuid="9439b05e-bc7e-419b-8679-95aa84394af2" name="myOpenVPN" pid=19429 uid=0 result="fail" reason="Could not find source connection."

journalctl -u NetworkManager.service

Quote:

Jun 15 14:51:44 mythserver02 NetworkManager[1961]: <warn> [1560576104.9623] error requesting auth for org.freedesktop.NetworkManager.reload: Authorization check failed: Failed to open file “/proc/19299/status”: No such file or directory
Jun 15 14:51:44 mythserver02 NetworkManager[1961]: <warn> [1560576104.9629] error requesting auth for org.freedesktop.NetworkManager.checkpoint-rollback: Authorization check failed: Failed to open file “/proc/19299/status”: No such file or directory
Jun 15 14:51:44 mythserver02 NetworkManager[1961]: <warn> [1560576104.9635] error requesting auth for org.freedesktop.NetworkManager.enable-disable-statistics: Authorization check failed: Failed to open file “/proc/19299/status”: No such file or directory
Jun 15 14:51:44 mythserver02 NetworkManager[1961]: <warn> [1560576104.9640] error requesting auth for org.freedesktop.NetworkManager.enable-disable-connectivity-check: Authorization check failed: Failed to open file “/proc/19299/status”: No such file or directory
Jun 15 14:55:21 mythserver02 NetworkManager[1961]: <info> [1560576321.7239] audit: op="connection-activate" uuid="9439b05e-bc7e-419b-8679-95aa84394af2" name="myOPenVPN" pid=19429 uid=0 result="fail" reason="Could not find source connection."

There is no /proc/19222 - what is that?

Any help. anyone?

Thanks

ferrari · 06-15-2019, 11:46 PM

I don't have a definitive answer here, but perhaps start by checking that the relevant network interfaces are managed by NM....

Code:

 nmcli device status

ferrari · 06-16-2019, 12:04 AM

I know little about Netplan (not used in openSUSE Leap), but had a quick read of this page to get a handle on it's support with NetworkManager and systemd-networkd frameworks. I assume that Netplan is configured to use NetworkManager as the renderer in /etc/netplan/config.yaml?

I've seen examples such as described here that show the necessary specified like this

Code:

network:
  version: 2
  renderer: NetworkManager

Other references:
https://netplan.io/reference
https://www.linux.com/learn/intro-to...ion-tool-linux

ferrari · 06-16-2019, 12:09 AM

Perhaps for completeness, show the output of the following services...

Code:

sudo systemctl status NetworkManager

Code:

sudo systemctl status systemd-networkd

FrizzledOldButt · 06-16-2019, 01:07 AM

Quote:

Originally Posted by ferrari

I assume that Netplan is configured to use NetworkManager as the renderer in /etc/netplan/config.yaml?

I've seen examples such as described here that show the necessary specified like this

Code:

network:
  version: 2
  renderer: NetworkManager

Other references:
https://netplan.io/reference
https://www.linux.com/learn/intro-to...ion-tool-linux

Yes, the renderer is NetworkManager.

Thanks

FrizzledOldButt · 06-16-2019, 01:12 AM

Quote:

Originally Posted by ferrari

I don't have a definitive answer here, but perhaps start by checking that the relevant network interfaces are managed by NM....

Code:

 nmcli device status

I get

Code:

nmcli device status
DEVICE  TYPE      STATE      CONNECTION            
enp1s0  ethernet  connected  Ethernet connection 1 
lo      loopback  unmanaged  --

FrizzledOldButt · 06-16-2019, 01:18 AM

Quote:

Originally Posted by ferrari

Perhaps for completeness, show the output of the following services...

Code:

sudo systemctl status NetworkManager

Code:

sudo systemctl status systemd-networkd

Code:

● NetworkManager.service - Network Manager
   Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-06-16 15:40:15 ACST; 2min 51s ago
     Docs: man:NetworkManager(8)
 Main PID: 21042 (NetworkManager)
    Tasks: 5 (limit: 4915)
   CGroup: /system.slice/NetworkManager.service
           ├─21042 /usr/sbin/NetworkManager --no-daemon
           ├─21058 /sbin/dhclient -d -q -sf /usr/lib/NetworkManager/nm-dhcp-helper -pf /run/dhclient-enp1s0.pid -lf /var/lib/NetworkManager/dhclient-48216e16-3
           └─21154 /sbin/dhclient -d -q -6 -N -sf /usr/lib/NetworkManager/nm-dhcp-helper -pf /run/dhclient6-enp1s0.pid -lf /var/lib/NetworkManager/dhclient6-48

Jun 16 15:41:39 mythserver01 NetworkManager[21042]: <warn>  [1560665499.2930] error requesting auth for org.freedesktop.NetworkManager.wifi.share.open: Authori
Jun 16 15:41:39 mythserver01 NetworkManager[21042]: <warn>  [1560665499.2934] error requesting auth for org.freedesktop.NetworkManager.settings.modify.system: 
Jun 16 15:41:39 mythserver01 NetworkManager[21042]: <warn>  [1560665499.2939] error requesting auth for org.freedesktop.NetworkManager.settings.modify.own: Aut
Jun 16 15:41:39 mythserver01 NetworkManager[21042]: <warn>  [1560665499.2942] error requesting auth for org.freedesktop.NetworkManager.settings.modify.hostname
Jun 16 15:41:39 mythserver01 NetworkManager[21042]: <warn>  [1560665499.2945] error requesting auth for org.freedesktop.NetworkManager.settings.modify.global-d
Jun 16 15:41:39 mythserver01 NetworkManager[21042]: <warn>  [1560665499.2949] error requesting auth for org.freedesktop.NetworkManager.reload: Authorization ch
Jun 16 15:41:39 mythserver01 NetworkManager[21042]: <warn>  [1560665499.2953] error requesting auth for org.freedesktop.NetworkManager.checkpoint-rollback: Aut
Jun 16 15:41:39 mythserver01 NetworkManager[21042]: <warn>  [1560665499.2957] error requesting auth for org.freedesktop.NetworkManager.enable-disable-statistic
Jun 16 15:41:39 mythserver01 NetworkManager[21042]: <warn>  [1560665499.2961] error requesting auth for org.freedesktop.NetworkManager.enable-disable-connectiv
Jun 16 15:42:43 mythserver01 dhclient[21154]: XMT: Solicit on enp1s0, interval 112860ms.

sudo systemctl status systemd-networkd
● systemd-networkd.service - Network Service
   Loaded: loaded (/lib/systemd/system/systemd-networkd.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:systemd-networkd.service(8)

My head is starting hurt, but thank you for your patience ;-)

FrizzledOldButt · 06-16-2019, 01:58 AM

Arghhhhhh, my very bad.

It appears to be a firewall issue. sudo ufw disable lets the VPN connect :-(

Working on it...

ferrari · 06-16-2019, 02:17 AM

Quote:

Yes, the renderer is NetworkManager.

Ok, thanks for clarifying. The output posted looks as expected.

Quote:

Arghhhhhh, my very bad.

It appears to be a firewall issue. sudo ufw disable lets the VPN connect :-(

Working on it...

I'm surprised that your firewall would be blocking a VPN client. Anyway, keep us posted.

FrizzledOldButt · 06-16-2019, 02:56 AM

Quote:

Originally Posted by ferrari

Ok, thanks for clarifying. The output posted looks as expected.

I'm surprised that your firewall would be blocking a VPN client. Anyway, keep us posted.

Background; when I disabled to firewall (ufw) the PPTP VPN connections worked.

I added the VPN server address to the ALLOWs in ufw, but that made no difference; connection failed if the uwf was enabled. I did get a different error though, indicating "timed out"

I called on the google beast and found a snippet from a few years ago:

https://ubuntuforums.org/showthread.php?t=1113911

This bit did the trick (for PPTP):

Code:

sudo nano /etc/ufw/before.rules

and add

Code:

-A ufw-before-input -p 47 -j ACCEPT
-A ufw-before-output -p 47 -j ACCEPT

I rebooted and the VPN connection worked.

Not sure if this is the right solution, but a kludge may be as good as a fix, right?

I haven't sorted out the OpenVPN connection yet, but now suspect the issue will also be ufw related.

Thanks for all the feedback, and I'll mark this as solved.

ferrari · 06-16-2019, 03:25 AM

Well done. Just in case this firewall "how to" helps regarding the OpenVPN connectivity
https://ubuntu-mate.community/t/vpn-...ate-15-04/1452

ferrari · 06-16-2019, 03:37 AM

BTW, I do recall connection tracking being a potential issue...whereby 'nf_conntrack_pptp' needs to be loaded to allow established PPTP traffic...

https://askubuntu.com/questions/5724...th-kernel-3-18

FrizzledOldButt · 06-16-2019, 03:57 AM

Quote:

Originally Posted by ferrari

BTW, I do recall connection tracking being a potential issue...whereby 'nf_conntrack_pptp' needs to be loaded to allow established PPTP traffic...

https://askubuntu.com/questions/5724...th-kernel-3-18

Thanks. I had implemented that earlier on in this journey. It didn't make a difference at the time, but maybe it's still needed now (?).

FrizzledOldButt · 06-16-2019, 03:59 AM

Quote:

Originally Posted by ferrari

Well done. Just in case this firewall "how to" helps regarding the OpenVPN connectivity
https://ubuntu-mate.community/t/vpn-...ate-15-04/1452

Thanks. I've bookmarked it for my next journey into darkness. ;-)