I have OpenVPN connection that - for some reason - takes too long to connect.
However, when I use the nmcli connection up MyOpenVPN_TCP command it keeps trying to connect for only 60 seconds, and I need to increase that duration.
I get the following error message:
Error: Connection activation failed: Unknown reason
Hint: use 'journalctl -xe NM_CONNECTION={SOME_SERIAL} + NM_DEVICE={MY_WLAN_INTERFACE}' to get more details.
And when I run that journalctrl command, I just get the following log:
starting openvpn
dbus: failure: connect-failed (1)
And when I monitor the DBus NetworkManager's VPN interface, I get the following log:
signal time=1677534191.881782 sender=:1.328 -> destination=(null destination) serial=527 path=/org/freedesktop/NetworkManager/ActiveConnection/2; interface=org.freedesktop.NetworkManager.VPN.Connection; member=VpnStateChanged uint32 2 uint32 1
signal time=1677534191.883698 sender=:1.328 -> destination=(null destination) serial=544 path=/org/freedesktop/NetworkManager/ActiveConnection/2; interface=org.freedesktop.NetworkManager.VPN.Connection; member=VpnStateChanged uint32 3 uint32 1
signal time=1677534252.361651 sender=:1.328 -> destination=(null destination) serial=582 path=/org/freedesktop/NetworkManager/ActiveConnection/2; interface=org.freedesktop.NetworkManager.VPN.Connection; member=VpnStateChanged uint32 6 uint32 0
Am I missing something? Any idea on how to increase that timeout?
What I've tried so far with no luck:
- in my VPN connection configuration file: /etc/NetworkManager/system-connections/MyOpenVPN_TCP.nmconnection: adding
timeout=90under section[vpn](it works though when I set it to something less than 60; I get timeout error message instead of the unknown reason) - in the NetworkManager global config file: /etc/NetworkManager/NetworkManager.conf
- adding
vpn.timeout=90under section[connection](same behavior like previous one)
- adding
- in the OpenVPN config file: MyOpenVPN_TCP.ovpn: adding `hand-window 90', then re-import the config file, but I see nothing new added to the MyOpenVPN_TCP.nmconnection file (I was expecting timeout=90 under [vpn]!
- replace binary
/usr/sbin/openvpnwith shell script that passes--hand-window 90, so that whenever NetworkManager starts openvpn, it's started withhand-window=90.
However, when I explicitly start openvpn with the following command, the handshake waits 90 seconds instead of 60:
sudo openvpn --hand-window 90 --config MyOpenVPN_TCP.ovpn
The only workaround I could do so far is to keep retrying to connect until it succeeds, using some shell script loop.
My configs are:
1. /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=false
[device]
wifi.scan-rand-mac-address=no
[connection]
#vpn.timeout=90
2. /etc/NetworkManager/system-connections/MyOpenVPN_TCP.nmconnection
[connection]
id=MyOpenVPN_TCP
uuid=7f9b3356-b210-4c0e-8123-bd116c9c280f
type=vpn
timestamp=1676641002
[vpn]
auth=SHA256
ca=MyOpenVPN_TCP.p12
cert=MyOpenVPN_TCP.p12
cert-pass-flags=0
cipher=AES-256-GCM
connection-type=password-tls
dev=tun
key=MyOpenVPN_TCP.key
password-flags=1
push-peer-info=yes
remote={SERVER_IP}:443:tcp-client
remote-cert-tls=server
ta=MyOpenVPN_TCP.key
ta-dir=1
username={MY_VPN_USERNAME}
verify-x509-name=name:freeradius-temp-server
service-type=org.freedesktop.NetworkManager.openvpn
#timeout=90
[vpn-secrets]
cert-pass={CERT_PWD}
[ipv4]
method=auto
[ipv6]
addr-gen-mode=stable-privacy
method=auto
[proxy]
System details:
- Ubuntu 22.04 LTS 64-Bit
- NetworkManager 1.36.6
- OpenVPN 2.5.5
OpenVPN Client Log
When I run the following command:
sudo openvpn --hand-window 93 --config MyOpenVPN_TCP.ovpn
or add hand-window 93 to the OpenVPN config file: MyOpenVPN_TCP.ovpn, then run the following command:
sudo openvpn --config MyOpenVPN_TCP.ovpn
It works, and I get the following log:
2023-02-23 14:01:53 TCP/UDP: Preserving recently used remote address: [AF_INET]{SERVER_IP}:443
2023-02-23 14:01:53 Attempting to establish TCP connection with [AF_INET]{SERVER_IP}:443 [nonblock]
2023-02-23 14:01:53 TCP connection established with [AF_INET]{SERVER_IP}:443
2023-02-23 14:01:53 TCP_CLIENT link local (bound): [AF_INET][undef]:0
2023-02-23 14:01:53 TCP_CLIENT link remote: [AF_INET]{SERVER_IP}:443
2023-02-23 14:03:26 TLS Error: TLS key negotiation failed to occur within 93 seconds (check your network connectivity)
2023-02-23 14:03:26 TLS Error: TLS handshake failed 2023-02-23 14:03:26 Fatal TLS error (check_tls_errors_co), restarting
2023-02-23 14:03:26 SIGUSR1[soft,tls-error] received, process restarting
2023-02-23 14:03:31 TCP/UDP: Preserving recently used remote address: [AF_INET]{SERVER_IP}:443
