Weirdly, I seem to be able to connect successfully to the VPN, but then all requests just timeout (things were fine in 14.04 before upgrading)
NetworkManager[26605]: <info> [1475104045.6096] audit: op="connection-activate" uuid="f3e592de-b14e-4775-8950-cdedac3b5a28" name="AirVPN_United-Kingdom_UDP-443" pid=2156 uid=1000 result="success"
NetworkManager[26605]: <info> [1475104045.6166] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: Started the VPN service, PID 4493
NetworkManager[26605]: <info> [1475104045.6237] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: Saw the service appear; activating connection
NetworkManager[26605]: nm-openvpn-Message: openvpn[4496] started
NetworkManager[26605]: <info> [1475104045.6310] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: VPN plugin: state changed: starting (3)
NetworkManager[26605]: <info> [1475104045.6313] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: VPN connection: (ConnectInteractive) reply received
nm-openvpn[4496]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016
nm-openvpn[4496]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
nm-openvpn[4496]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
nm-openvpn[4496]: Control Channel Authentication: using '/home/lee/.cert/nm-openvpn/AirVPN_United-Kingdom_UDP-443-tls-auth.pem' as a OpenVPN static key file
nm-openvpn[4496]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
nm-openvpn[4496]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
nm-openvpn[4496]: UDPv4 link local: [undef]
nm-openvpn[4496]: UDPv4 link remote: [AF_INET]185.103.96.133:443
nm-openvpn[4496]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
nm-openvpn[4496]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
nm-openvpn[4496]: [server] Peer Connection Initiated with [AF_INET]185.103.96.133:443
nm-openvpn[4496]: TUN/TAP device tun0 opened
nm-openvpn[4496]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --bus-name org.freedesktop.NetworkManager.openvpn.Connection_5 --tun -- tun0 1500 1557 10.4.9.184 255.255.0.0 init
NetworkManager[26605]: <info> [1475104048.1017] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/5)
NetworkManager[26605]: <info> [1475104048.1177] devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
NetworkManager[26605]: <info> [1475104048.1178] device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
NetworkManager[26605]: <info> [1475104048.1261] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: VPN connection: (IP Config Get) reply received.
nm-openvpn[4496]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
nm-openvpn[4496]: GID set to nm-openvpn
NetworkManager[26605]: <info> [1475104048.1346] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: VPN connection: (IP4 Config Get) reply received
nm-openvpn[4496]: UID set to nm-openvpn
NetworkManager[26605]: <info> [1475104048.1359] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: VPN Gateway: 185.103.96.133
nm-openvpn[4496]: Initialization Sequence Completed
NetworkManager[26605]: <info> [1475104048.1359] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Tunnel Device: tun0
NetworkManager[26605]: <info> [1475104048.1359] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: IPv4 configuration:
NetworkManager[26605]: <info> [1475104048.1360] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Internal Gateway: 10.4.0.1
NetworkManager[26605]: <info> [1475104048.1360] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Internal Address: 10.4.9.184
NetworkManager[26605]: <info> [1475104048.1360] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Internal Prefix: 16
NetworkManager[26605]: <info> [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Internal Point-to-Point Address: 10.4.9.184
NetworkManager[26605]: <info> [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Maximum Segment Size (MSS): 0
NetworkManager[26605]: <info> [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Forbid Default Route: no
NetworkManager[26605]: <info> [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Internal DNS: 10.4.0.1
NetworkManager[26605]: <info> [1475104048.1362] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: DNS Domain: '(none)'
NetworkManager[26605]: <info> [1475104048.1362] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: No IPv6 configuration
NetworkManager[26605]: <info> [1475104048.1362] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: VPN plugin: state changed: started (4)
NetworkManager[26605]: <info> [1475104048.1387] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: VPN connection: (IP Config Get) complete
NetworkManager[26605]: <info> [1475104048.1392] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
NetworkManager[26605]: <info> [1475104048.1500] manager: NetworkManager state is now CONNECTED_LOCAL
NetworkManager[26605]: <info> [1475104048.1502] manager: NetworkManager state is now CONNECTED_GLOBAL
NetworkManager[26605]: <info> [1475104048.1505] dns-mgr: Writing DNS information to /sbin/resolvconf
dnsmasq[26678]: setting upstream servers from DBus
dnsmasq[26678]: using nameserver 10.4.0.1#53
dbus[804]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
NetworkManager[26605]: <info> [1475104048.1769] keyfile: add connection in-memory (40a6043d-7871-4195-8e3e-d7ea59e00877,"tun0")
NetworkManager[26605]: <info> [1475104048.1786] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
NetworkManager[26605]: <info> [1475104048.1852] device (tun0): Activation: starting connection 'tun0' (40a6043d-7871-4195-8e3e-d7ea59e00877)
NetworkManager[26605]: <info> [1475104048.1890] device (tun0): state change: disconnected -> prepare (reason 'none') [30 40 0]
NetworkManager[26605]: <info> [1475104048.1894] device (tun0): state change: prepare -> config (reason 'none') [40 50 0]
NetworkManager[26605]: <info> [1475104048.1897] device (tun0): state change: config -> ip-config (reason 'none') [50 70 0]
NetworkManager[26605]: <info> [1475104048.1901] device (tun0): state change: ip-config -> ip-check (reason 'none') [70 80 0]
NetworkManager[26605]: <info> [1475104048.1904] device (tun0): state change: ip-check -> secondaries (reason 'none') [80 90 0]
NetworkManager[26605]: <info> [1475104048.1907] device (tun0): state change: secondaries -> activated (reason 'none') [90 100 0]
NetworkManager[26605]: <info> [1475104048.1935] manager: NetworkManager state is now CONNECTED_LOCAL
NetworkManager[26605]: <info> [1475104048.1936] manager: NetworkManager state is now CONNECTED_GLOBAL
NetworkManager[26605]: <info> [1475104048.1937] policy: set 'tun0' (tun0) as default for IPv4 routing and DNS
NetworkManager[26605]: <info> [1475104048.1938] device (tun0): Activation: successful, device activated.
systemd[1]: Starting Network Manager Script Dispatcher Service...
dbus[804]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
systemd[1]: Started Network Manager Script Dispatcher Service.
nm-dispatcher: req:1 'vpn-up' [tun0]: new request (2 scripts)
nm-dispatcher: req:1 'vpn-up' [tun0]: start running ordered scripts...
nm-dispatcher: req:2 'up' [tun0]: new request (2 scripts)
wpa_supplicant[1266]: wlp4s0: Failed to initiate sched scan
nm-openvpn[4496]: write to TUN/TAP : Invalid argument (code=22)
nm-dispatcher: req:2 'up' [tun0]: start running ordered scripts...
whoopsie[881]: [] Cannot reach: https://daisy.ubuntu.com
whoopsie[881]: [] offline
whoopsie[881]: [] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/6
whoopsie[881]: [] Network connection may be a paid data plan: /org/freedesktop/NetworkManager/Devices/5
whoopsie[881]: [] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/6
whoopsie[881]: [] Network connection may be a paid data plan: /org/freedesktop/NetworkManager/Devices/5
nm-openvpn[4496]: write to TUN/TAP : Invalid argument (code=22)
This is an AirVPN vpn and the ovpn file was generated via their config generator for linux selecting UK country and UDP (the same config works fine on my android phone openvpn). I tried with a work VPN ovpn file and it was a similar story.
I've already installed network-manager-openvpn
and
network-manager-openvpn-gnome
Also ifconfig shows:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.4.16.251 P-t-P:10.4.16.251 Mask:255.255.0.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:1860 (1.8 KB)
iptables flushed:
[ root@myhostname: /home/lee ]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
route -n (without VPN):
[ root@myhostname: ~ ]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 enp3s0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp3s0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp3s0
route -n (with VPN):
[ root@myhostname: ~ ]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.4.0.1 0.0.0.0 UG 50 0 0 tun0
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 enp3s0
10.4.0.0 0.0.0.0 255.255.0.0 U 50 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp3s0
185.103.96.130 192.168.0.1 255.255.255.255 UGH 100 0 0 enp3s0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp3s0
The AirVPN ovpn looks like (I removed on the crts and keys at end):
# --------------------------------------------------------
# Air VPN | https://airvpn.org | Wednesday 28th of September 2016 11:02:52 PM
# OpenVPN Client Configuration.
# AirVPN_United-Kingdom_UDP-443
# --------------------------------------------------------
client
dev tun
proto udp
remote gb.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
EDIT: I found that if I change the config so comp-lzo
is enabled (or use LZO data compression in Network Manager settings) things work. I'm not sure exactly why this was the problem, and why this departure from the settings AirVPN auto generated are necessary on 16.04.