| View previous topic :: View next topic |
| Author |
Message |
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
 Posted: Sun Sep 18, 2022 9:04 am Post subject: [ CLOSED ] Very strange network link behaviour |
 |
|
HIYA,
I have 2 network cards:
1st is integrated r8169
2nd is USB attached dm9601
| Code: | 4.559903] dm9601 1-4:1.0 enp0s20u4: link up, 100Mbps, full-duplex, lpa 0xFFFF
[ 4.603710] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s20u4: link becomes ready
[ 4.672113] Loading firmware: rtl_nic/rtl8168h-2.fw
[ 4.694239] Generic FE-GE Realtek PHY r8169-0-400:00: attached PHY driver (mii_bus:phy_addr=r8169-0-400:00, irq=MAC)
[ 4.858332] r8169 0000:04:00.0 enp4s0: Link is Down
[ 5.021160] dm9601 1-4:1.0 enp0s20u4: link up, 100Mbps, full-duplex, lpa 0xFFFF
[ 7.881520] elogind-daemon[3593]: New seat seat0.
[ 7.882539] elogind-daemon[3593]: Watching system buttons on /dev/input/event1 (Power Button)
[ 7.882578] elogind-daemon[3593]: Watching system buttons on /dev/input/event0 (Power Button)
[ 7.883006] elogind-daemon[3593]: Watching system buttons on /dev/input/event13 (COMPANY USB Device )
[ 7.883071] elogind-daemon[3593]: Watching system buttons on /dev/input/event15 (COMPANY USB Device Keyboard)
[ 7.883137] elogind-daemon[3593]: Watching system buttons on /dev/input/event17 (SONiX USB Keyboard)
[ 7.883198] elogind-daemon[3593]: Watching system buttons on /dev/input/event18 (SONiX USB Keyboard Consumer Control)
[ 7.883264] elogind-daemon[3593]: Watching system buttons on /dev/input/event19 (SONiX USB Keyboard System Control)
[ 7.884707] elogind-daemon[3593]: New session c1 of user sddm.
[ 7.956383] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 7.956393] IPv6: ADDRCONF(NETDEV_CHANGE): enp4s0: link becomes ready
[ 7.958944] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 9.978876] tun: Universal TUN/TAP device driver, 1.6
[ 9.999508] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 10.002173] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 10.037428] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 10.039746] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 10.075331] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 10.101416] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 11.274448] dm9601 1-4:1.0 enp0s20u4: link up, 100Mbps, full-duplex, lpa 0xFFFF
[ 310.104500] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 310.144209] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 310.146555] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 310.179879] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 310.206148] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 310.207730] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 310.237151] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 362.444948] elogind-daemon[3593]: New session 2 of user su.
[ 362.467767] elogind-daemon[3593]: Removed session c1.
[ 375.248584] r8169 0000:04:00.0 enp4s0: Link is Up - 1Gbps/Full - flow control off
[ 377.050264] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
|
The problem is in connection as u can see in log.
Its not a cable or hw net port problem, i changed cable and port.(at least at router =) ) Also there is no connection issues after connection is established.
I guess its some kind of NetworkManager or kernel module|firmware issue .
As u can see, there is also VPN connection. It is OpenVPN, on r8169 (enp4s0). r8169 (enp4s0) connection to router, auto connecting with priority 777 via NetworkManager. It provides wan (internet) connectivity.
Other dm9601(enp0s20u4) is used for network sharing with auto connection priority -5 .
THE ISSUE
After login i have no network connectivity. Sometimes it is connected, but its rare cases (~1 of 20+). Mostly there is no connection. NetworkManager service and its dependent services are inactive, waiting for connectivity.
I supposed to | Code: | | rc-config restart NetworkManager |
, and then also dnscrypt-proxy which is in crashed state most of time after boot. After this everything is nice.
I adjusted | Code: | | /etc/conf.d/NetworkManager INACTIVE_TIMEOUT=10 |
to 10 but it does nothing.
PS. this problem was not present til some update this late spring/ early summer this year.
Last edited by n05ph3r42 on Thu Sep 22, 2022 2:30 pm; edited 2 times in total |
|
| Back to top |
|
 |
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Sun Sep 18, 2022 10:18 am Post subject: |
|
|
Try
| Code: |
nmcli con show
nmcli con show <con-name-of-dm9601>
|
And if you see something like
| Code: |
ipv4.gateway
or
ip4.gateway
or
gw4
|
just remove them.
by
| Code: |
nmcli con mod <dm9601-con-name> -ipv4.gateway 10.10.10.1
|
If it uses dhcp plz configure it static instead,without assigning gateway.
You can not have two connections with gateway defined.
This will freeze your network.
One has gateway the other should use routing.
_________________
 |
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
| Posted: Sun Sep 18, 2022 11:49 am Post subject: |
|
|
| Code: | R3X /home/su # nmcli con show
NAME UUID TYPE DEVICE
nl-free-88.protonvpn.net.udp 7040537d-2dc8-419c-82df-d1cfcefcaae1 vpn enp4s0
tun0 a32d7786-33be-40e9-b3a0-d0c1c9603e2a tun tun0
Uplink 96e47727-0648-3798-ae4a-574312acd993 ethernet enp4s0
virbr0 e866cf12-f4f6-44fa-a30e-ce0032986237 bridge virbr0
Shared 43e7f60d-956c-464a-a481-9f0e07994fb6 ethernet --
nl-free-77.protonvpn.net.udp 24e37e8b-9ff6-4c10-91c0-f7b7856a7234 vpn -- |
| Code: | R3X /home/su # nmcli con show Shared
connection.id: Shared
connection.uuid: 43e7f60d-956c-464a-a481-9f0e07994fb6
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: enp0s20u4
connection.autoconnect: yes
connection.autoconnect-priority: -5
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1663498012
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.dns-over-tls: -1 (default)
connection.wait-device-timeout: -1
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: yes
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
802-3-ethernet.accept-all-mac-addresses:-1 (default)
ipv4.method: shared
ipv4.dns: --
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: --
ipv4.gateway: --
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-iaid: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.dhcp-hostname-flags: 0x0 (none)
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.required-timeout: -1 (default)
ipv4.dad-timeout: -1 (default)
ipv4.dhcp-vendor-class-identifier: --
ipv4.dhcp-reject-servers: --
ipv6.method: disabled
ipv6.dns: --
ipv6.dns-search: --
ipv6.dns-options: --
ipv6.dns-priority: 0
ipv6.addresses: --
ipv6.gateway: --
ipv6.routes: --
ipv6.route-metric: -1
ipv6.route-table: 0 (unspec)
ipv6.routing-rules: --
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.required-timeout: -1 (default)
ipv6.ip6-privacy: -1 (unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.ra-timeout: 0 (default)
ipv6.dhcp-duid: --
ipv6.dhcp-iaid: --
ipv6.dhcp-timeout: 0 (default)
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
ipv6.dhcp-hostname-flags: 0x0 (none)
ipv6.token: --
proxy.method: none
proxy.browser-only: no
proxy.pac-url: --
proxy.pac-script: --
|
| Code: | R3X /home/su # nmcli con show Uplink
connection.id: Uplink
connection.uuid: 96e47727-0648-3798-ae4a-574312acd993
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: enp4s0
connection.autoconnect: yes
connection.autoconnect-priority: 777
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1663498377
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: 7040537d-2dc8-419c-82df-d1cfcefcaae1
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.dns-over-tls: -1 (default)
connection.wait-device-timeout: -1
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: yes
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
802-3-ethernet.accept-all-mac-addresses:-1 (default)
ipv4.method: auto
ipv4.dns: --
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: --
ipv4.gateway: --
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-iaid: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.dhcp-hostname-flags: 0x0 (none)
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.required-timeout: -1 (default)
ipv4.dad-timeout: -1 (default)
ipv4.dhcp-vendor-class-identifier: --
ipv4.dhcp-reject-servers: --
ipv6.method: disabled
ipv6.dns: --
ipv6.dns-search: --
ipv6.dns-options: --
ipv6.dns-priority: 0
ipv6.addresses: --
ipv6.gateway: --
ipv6.routes: --
ipv6.route-metric: -1
ipv6.route-table: 0 (unspec)
ipv6.routing-rules: --
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.required-timeout: -1 (default)
ipv6.ip6-privacy: -1 (unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.ra-timeout: 0 (default)
ipv6.dhcp-duid: --
ipv6.dhcp-iaid: --
ipv6.dhcp-timeout: 0 (default)
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
ipv6.dhcp-hostname-flags: 0x0 (none)
ipv6.token: --
proxy.method: none
proxy.browser-only: no
proxy.pac-url: --
proxy.pac-script: --
GENERAL.NAME: Uplink
GENERAL.UUID: 96e47727-0648-3798-ae4a-574312acd993
GENERAL.DEVICES: enp4s0
GENERAL.IP-IFACE: enp4s0
GENERAL.STATE: activated
GENERAL.DEFAULT: no
GENERAL.DEFAULT6: no
GENERAL.SPEC-OBJECT: --
GENERAL.VPN: no
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/18
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/2
GENERAL.ZONE: --
GENERAL.MASTER-PATH: --
IP4.ADDRESS[1]: 10.32.16.184/24
IP4.GATEWAY: 10.32.16.8
IP4.ROUTE[1]: dst = 10.32.16.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 10.32.16.8, mt = 100
IP4.ROUTE[3]: dst = 10.32.16.8/32, nh = 0.0.0.0, mt = 50
IP4.ROUTE[4]: dst = 89.39.104.165/32, nh = 10.32.16.8, mt = 50
IP4.DNS[1]: 10.32.16.8
DHCP4.OPTION[1]: broadcast_address = 10.32.16.255
DHCP4.OPTION[2]: dhcp_lease_time = 7200
DHCP4.OPTION[3]: dhcp_server_identifier = 10.32.16.8
DHCP4.OPTION[4]: domain_name_servers = 10.32.16.8
DHCP4.OPTION[5]: expiry = 1663508106
DHCP4.OPTION[6]: host_name = R3X
DHCP4.OPTION[7]: ip_address = 10.32.16.184
DHCP4.OPTION[8]: next_server = 10.32.16.8
DHCP4.OPTION[9]: requested_broadcast_address = 1
DHCP4.OPTION[10]: requested_domain_name = 1
DHCP4.OPTION[11]: requested_domain_name_servers = 1
DHCP4.OPTION[12]: requested_domain_search = 1
DHCP4.OPTION[13]: requested_host_name = 1
DHCP4.OPTION[14]: requested_interface_mtu = 1
DHCP4.OPTION[15]: requested_ms_classless_static_routes = 1
DHCP4.OPTION[16]: requested_nis_domain = 1
DHCP4.OPTION[17]: requested_nis_servers = 1
DHCP4.OPTION[18]: requested_ntp_servers = 1
DHCP4.OPTION[19]: requested_rfc3442_classless_static_routes = 1
DHCP4.OPTION[20]: requested_root_path = 1
DHCP4.OPTION[21]: requested_routers = 1
DHCP4.OPTION[22]: requested_static_routes = 1
DHCP4.OPTION[23]: requested_subnet_mask = 1
DHCP4.OPTION[24]: requested_time_offset = 1
DHCP4.OPTION[25]: requested_wpad = 1
DHCP4.OPTION[26]: routers = 10.32.16.8
DHCP4.OPTION[27]: subnet_mask = 255.255.255.0
IP6.GATEWAY: --
|
P.S. Mostly, device which uses "Shared" connection, is powered off. |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Sun Sep 18, 2022 12:18 pm Post subject: |
|
|
Ok the uplink one has
| Code: |
IP4.GATEWAY: 10.32.16.8
|
Is this your main connection when protonvpn is not running?
You can access the internet with it?
_________________
|
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
| Posted: Sun Sep 18, 2022 4:11 pm Post subject: |
|
|
| Quote: | Is this your main connection when protonvpn is not running?
You can access the internet with it? |
Yup, router address is 10.32.16.8 . All internet provided by this router. |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Sun Sep 18, 2022 4:17 pm Post subject: |
|
|
Can you plz bring up this also and post "nmcli con show Shared"
| Code: |
Shared 43e7f60d-956c-464a-a481-9f0e07994fb6 ethernet --
|
I suppose you will have to plug in the usb no?
_________________
|
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
| Posted: Sun Sep 18, 2022 8:09 pm Post subject: |
|
|
| alamahant wrote: | Can you plz bring up this also and post "nmcli con show Shared"
| Code: |
Shared 43e7f60d-956c-464a-a481-9f0e07994fb6 ethernet --
|
I suppose you will have to plug in the usb no? |
This usb eth is always plugged in. But notebook which is connected to this usb eth is powered off most of time, and always powered off when gentoo host boots.
BTW I already checked (when this problem appeared for a first few times) without this usb eth (i plugged it out) - nothing changed.
Same situation messages in dmesg about r8169 state when no dm9601 usb eth plugged in.
The situation u describing is more about "Shared" connection work, i guess.
I had similar problems, when set up this "Shared" connection. DHCP was working badly for it, i had to re-setup it few times and then re-plug usb eth, to make it work correctly, otherwise end host (win10) can't obtain anything at all, no network at all (only physical layer, i guess, because it detects cable plugged in)
But problem is in r8169 state i guess.
And also i had similar situation when tried to share internet to internal eth from internal 3g modem on my another gentoo notebook.
There was trouble with gateways, so i was forced to adjust it manually. Moreover i decided to use this nice script https://github.com/garywill/linux-router |
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
| Posted: Mon Sep 19, 2022 8:45 am Post subject: |
|
|
After a little investigation, i think that problem can be in auth for VPN.
I re-created VPN connection, and set Uplink to auto connect for with it.
Also i set to remember password for all users in VPN conn settings.
But after reboot NetworkMAnager asked for password again.
I had same issue few times, after creating VPN connection (every time).
It seems something bad with auth for VPN. Looks like it tries to connect with VPN, but something blocks access to password for VPN and connection returns to disconnected state. This can explain multiple connected states in dmesg for r8169.
But later after logon, it can be accessed, when i press connect Uplink manually in nm-applet in tray.
Maybe keychain or where is VPN password is stored is still not loaded, while NetworkManager already tries to use password from it? |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Mon Sep 19, 2022 9:10 am Post subject: |
|
|
The best way to avoid passwords etc is to modify the .ovpn file like
| Code: |
auth-user-pass login.conf
|
Then create the login.conf file as
_________________
|
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
| Posted: Mon Sep 19, 2022 11:43 am Post subject: |
|
|
Well, i added login.conf to ovpn file. and created login.conf in same dir with usr and pwd on next line . But it asks for password when i try to connect.
| Code: |
# ==============================================================================
# Copyright (c) 2016-2020 Proton Technologies AG (Switzerland)
# Email: contact@protonvpn.com
#
# The MIT License (MIT)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR # OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# ==============================================================================
# If you are a paying user you can also enable the ProtonVPN ad blocker (NetShield) or Moderate NAT:
# Use: "MibNiYHzIb1HiJq1+f1" as username to enable anti-malware filtering
# Use: "MibNiYHzIb1HiJq1+f2" as username to additionally enable ad-blocking filtering
# Use: "MibNiYHzIb1HiJq1+nr" as username to enable Moderate NAT
# Note that you can combine the "+nr" suffix with other suffixes.
client
dev tun
proto udp
remote 89.39.104.165 5060
remote 89.39.104.165 80
remote 89.39.104.165 1194
remote 89.39.104.165 4569
remote 89.39.104.165 80
remote 89.39.104.165 5060
remote 89.39.104.165 4569
remote 89.39.104.165 5060
remote 89.39.104.165 443
remote 89.39.104.165 4569
remote 89.39.104.165 80
remote 89.39.104.165 1194
remote 89.39.104.165 5060
remote 89.39.104.165 1194
remote 89.39.104.165 443
remote 89.39.104.165 443
remote 89.39.104.165 443
remote 89.39.104.165 1194
remote 89.39.104.165 4569
remote 89.39.104.165 80
server-poll-timeout 20
remote-random
resolv-retry infinite
nobind
# The following setting is only needed for old OpenVPN clients compatibility. New clients
# automatically negotiate the optimal cipher.
cipher AES-256-CBC
auth SHA512
verb 3
setenv CLIENT_CERT 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
reneg-sec 0
remote-cert-tls server
auth-user-pass /home/su/Downloads/proton_vpn_free/ProtonVPN_server_configs_free/login.conf
pull
fast-io
<ca>
-----BEGIN CERTIFICATE-----
MIIFozCCA4ugAwIBAgIBATANBgkqhkiG9w0BAQ0FADBAMQswCQYDVQQGEwJDSDEV
MBMGA1UEChMMUHJvdG9uVlBOIEFHMRowGAYDVQQDExFQcm90b25WUE4gUm9vdCBD
QTAeFw0xNzAyMTUxNDM4MDBaFw0yNzAyMTUxNDM4MDBaMEAxCzAJBgNVBAYTAkNI
MRUwEwYDVQQKEwxQcm90b25WUE4gQUcxGjAYBgNVBAMTEVByb3RvblZQTiBSb290
IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAt+BsSsZg7+AuqTq7
vDbPzfygtl9f8fLJqO4amsyOXlI7pquL5IsEZhpWyJIIvYybqS4s1/T7BbvHPLVE
wlrq8A5DBIXcfuXrBbKoYkmpICGc2u1KYVGOZ9A+PH9z4Tr6OXFfXRnsbZToie8t
2Xjv/dZDdUDAqeW89I/mXg3k5x08m2nfGCQDm4gCanN1r5MT7ge56z0MkY3FFGCO
qRwspIEUzu1ZqGSTkG1eQiOYIrdOF5cc7n2APyvBIcfvp/W3cpTOEmEBJ7/14RnX
nHo0fcx61Inx/6ZxzKkW8BMdGGQF3tF6u2M0FjVN0lLH9S0ul1TgoOS56yEJ34hr
JSRTqHuar3t/xdCbKFZjyXFZFNsXVvgJu34CNLrHHTGJj9jiUfFnxWQYMo9UNUd4
a3PPG1HnbG7LAjlvj5JlJ5aqO5gshdnqb9uIQeR2CdzcCJgklwRGCyDT1pm7eoiv
WV19YBd81vKulLzgPavu3kRRe83yl29It2hwQ9FMs5w6ZV/X6ciTKo3etkX9nBD9
ZzJPsGQsBUy7CzO1jK4W01+u3ItmQS+1s4xtcFxdFY8o/q1zoqBlxpe5MQIWN6Qa
lryiET74gMHE/S5WrPlsq/gehxsdgc6GDUXG4dk8vn6OUMa6wb5wRO3VXGEc67IY
m4mDFTYiPvLaFOxtndlUWuCruKcCAwEAAaOBpzCBpDAMBgNVHRMEBTADAQH/MB0G
A1UdDgQWBBSDkIaYhLVZTwyLNTetNB2qV0gkVDBoBgNVHSMEYTBfgBSDkIaYhLVZ
TwyLNTetNB2qV0gkVKFEpEIwQDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFByb3Rv
blZQTiBBRzEaMBgGA1UEAxMRUHJvdG9uVlBOIFJvb3QgQ0GCAQEwCwYDVR0PBAQD
AgEGMA0GCSqGSIb3DQEBDQUAA4ICAQCYr7LpvnfZXBCxVIVc2ea1fjxQ6vkTj0zM
htFs3qfeXpMRf+g1NAh4vv1UIwLsczilMt87SjpJ25pZPyS3O+/VlI9ceZMvtGXd
MGfXhTDp//zRoL1cbzSHee9tQlmEm1tKFxB0wfWd/inGRjZxpJCTQh8oc7CTziHZ
ufS+Jkfpc4Rasr31fl7mHhJahF1j/ka/OOWmFbiHBNjzmNWPQInJm+0ygFqij5qs
51OEvubR8yh5Mdq4TNuWhFuTxpqoJ87VKaSOx/Aefca44Etwcj4gHb7LThidw/ky
zysZiWjyrbfX/31RX7QanKiMk2RDtgZaWi/lMfsl5O+6E2lJ1vo4xv9pW8225B5X
eAeXHCfjV/vrrCFqeCprNF6a3Tn/LX6VNy3jbeC+167QagBOaoDA01XPOx7Odhsb
Gd7cJ5VkgyycZgLnT9zrChgwjx59JQosFEG1DsaAgHfpEl/N3YPJh68N7fwN41Cj
zsk39v6iZdfuet/sP7oiP5/gLmA/CIPNhdIYxaojbLjFPkftVjVPn49RqwqzJJPR
N8BOyb94yhQ7KO4F3IcLT/y/dsWitY0ZH4lCnAVV/v2YjWAWS3OWyC8BFx/Jmc3W
DK/yPwECUcPgHIeXiRjHnJt0Zcm23O2Q3RphpU+1SO3XixsXpOVOYP6rJIXW9bMZ
A1gTTlpi7A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFszCCA5ugAwIBAgIBBjANBgkqhkiG9w0BAQ0FADBAMQswCQYDVQQGEwJDSDEV
MBMGA1UEChMMUHJvdG9uVlBOIEFHMRowGAYDVQQDExFQcm90b25WUE4gUm9vdCBD
QTAeFw0xNzAyMTUxNTE3MDBaFw0yNzAyMTUxNDM4MDBaMEoxCzAJBgNVBAYTAkNI
MRUwEwYDVQQKEwxQcm90b25WUE4gQUcxJDAiBgNVBAMTG1Byb3RvblZQTiBJbnRl
cm1lZGlhdGUgQ0EgMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANv3
uwQMFjYOx74taxadhczLbjCTuT73jMz09EqFNv7O7UesXfYJ6kQgYV9YyE86znP4
xbsswNUZYh+XdZUpOoP6Zu3tR/iiYiuzi6jVYrJ66G89nPqS2mm5dn8Fbb8CRWkJ
ygm8AdlYkDwYNldhDUrERlQdCRDGsYYg/98dded+5pXnSG8Y/+iuLM6/YYhkUVQe
Cfq1L6XguSwu8CuvJjIjjE1PptUHa3Hc3tGziVydltKynxWlqb1dJqinGKiBZvYn
oiV4motpFYwhc3Wd09JLPzeobhD2IAZ2evSatikMWDingEv1EJXpI+V/E2AK3xHK
Skhw+YZx99tNxCiOu3U5BFAreZR3j2YnZzX1nEv9p02IGaWzzYJPNED0zSO2w07u
thSmKcxA39VTvs91lptbcV7VTxoJY0SErHIeVS3Scrnr7WvoOTuu3M3SCRqe6oI9
oJZMOdfNsceBdvG+qlpOFICoBjO53W4BK8KahzTd/PWlBRiVJ3UVv8xXwUDA+o98
34DXVAobaAHXQtM9jNobqT98FXhZktjOQEA2UORL581ZPxfKeHLRcgWJ5dmPsDBG
y/L6/qW/yrm6DUDAdN5+q41+gSNEjNBjLBJQFUmDk3l6Qxiu0uEDQ98oFvGHk5US
2Kbj0OAq1RpiDjHci/536yua9rTC+cxekTM2asdXAgMBAAGjga0wgaowEgYDVR0T
AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUJbaTWcIB4t5ETvvhUy5/yQqqGjMwaAYD
VR0jBGEwX4AUg5CGmIS1WU8MizU3rTQdqldIJFShRKRCMEAxCzAJBgNVBAYTAkNI
MRUwEwYDVQQKEwxQcm90b25WUE4gQUcxGjAYBgNVBAMTEVByb3RvblZQTiBSb290
IENBggEBMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQ0FAAOCAgEAAgZ/BIVl+DcK
OTVJJBy+RZ1E8os11gFaMKy12lAT1XEXDqLAnitvVyQgG5lPZKFQ2wzUR/TCrYKT
SUZWdYaJIXkRWAU0aCDZ2I81T0OMpg9aS7xdxgHCGWOwwes8GhjtvQad9GJ8mUZH
GyzfMaGG6fAZrgHnlOb4OIoqhBWYla6D2bpvbKgGkMo5NLAaX/7+U0HcxjjSS9vm
/3XHTZU4q77pn+lhPWncajnVyMtm1mIZxMioyckR4+scyZse0mYJS6xli/7crH7j
qScX7c5sWcaN4J63a3+x3uGvzOXjCyoDl9IaeqnxQpi8yc0nsWxIyDalR3uRQ9tJ
7l/eRxJZ/1Pzz2LRHSQZuqN2ZReWVNTqJ42af8cWWH0fDOEt2468GLeSm08Hvyz0
lRjn7Tf5hxOJSw4/3oGihvzuTdquJMOi62kThbp7DS3mMaZsfbmDoU3oNDv91bvL
57z8wm7yRcGEoMsUNnrOZ4SU8dG/souvJM1BDStMLprFEgUbHEY5MjSR4/PLR6j9
3NZgocfnfk80nBvNtgWVHxW019nuT93WL0/5L5g4UVm0Ay1V6pNkGZCmgNUBaRY4
2JLzyY8p48OKapR5GnedLTJXJVbdd9GUNzIzm4iVITDH3p/u1g69dITCNXTO9EO5
sGEYLNPbV49XBnVAm1tUWuoByZAjoWs=
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
# 2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
6acef03f62675b4b1bbd03e53b187727
423cea742242106cb2916a8a4c829756
3d22c7e5cef430b1103c6f66eb1fc5b3
75a672f158e2e2e936c3faa48b035a6d
e17beaac23b5f03b10b868d53d03521d
8ba115059da777a60cbfd7b2c9c57472
78a15b8f6e68a3ef7fd583ec9f398c8b
d4735dab40cbd1e3c62a822e97489186
c30a0b48c7c38ea32ceb056d3fa5a710
e10ccc7a0ddb363b08c3d2777a3395e1
0c0b6080f56309192ab5aacd4b45f55d
a61fc77af39bd81a19218a79762c3386
2df55785075f37d8c71dc8a42097ee43
344739a0dd48d03025b0450cf1fb5e8c
aeb893d9a96d1f15519bb3c4dcb40ee3
16672ea16c012664f8a9f11255518deb
-----END OpenVPN Static key V1-----
</tls-auth>
|
|
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
| Posted: Mon Sep 19, 2022 1:01 pm Post subject: |
|
|
Here https://openvpn.net/community-resources/reference-manual-for-openvpn-2-0/ they say that
| Code: | (Note: OpenVPN will only read passwords from a file if it has been built with the --enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in config-win32.h).If up is omitted, username/password will be prompted from the console.
The server configuration must specify an --auth-user-pass-verify script to verify the username/password provided by the client. |
So i have 2 questions:
1.Is net-vpn/networkmanager-openvpn compiled with "--enable-password-save configure option" (i see no such flag for it)
2 (A bit offtopic) Does protonVPN server configuration specifies an --auth-user-pass-verify script |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Mon Sep 19, 2022 4:54 pm Post subject: |
|
|
It seems its NM that is asking for login details not protonvpn server.
Try
| Code: |
openvpn --config /path/to/ovpn-file
|
Here is my openvpn
| Code: |
[ebuild R ] net-vpn/openvpn-2.5.7::gentoo USE="lz4 lzo openssl pam plugins -down-root -examples -inotify -iproute2 -mbedtls -pkcs11 (-selinux) -systemd -test" 1,124 KiB
|
And it accepts fine login info file.
Try this to remove them from NM
| Code: |
mcli connection modify "${name}" -vpn.data connection-type=password-tls
nmcli connection modify "${name}" -vpn.data username="${USERNAME}"
nmcli connection modify "${name}" -vpn.secrets password="${PASS}"
|
replacing the variables with your user/pass
_________________
|
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
| Posted: Thu Sep 22, 2022 2:28 pm Post subject: |
|
|
I re-created two or three times new VPN connection, and suddenly problem disappeared.
Definitely NM or nm-openvpn-plugin issue.
Thanks for attention. |
|
| Back to top |
|
|
|
Networking & Security
