System is KDE plasma. After upgrade to 15.6, connecting to Sonic VPN (ovpn.sonic.net) asks for a password, then fails with correct account password. Connection settings are exactly the same as 15.5, which never asked for a password, and connected easily. 15.6 will connect to PIA VPN.
Network info is:
Internet connection works without VPN, and with PIA VPN. Problem is not connecting to Sonic VPN after upgrade to 15.6.
Thanks for the reference, but it is not the same issue. The Sonic ovpn file does not contain the word “keysize” anywhere.
I have two laptops side-by-side, one with 15.5 (using NetworkManager 1.38.6-150500.3.2.1 and openvpn 2.5.6-150400.3.6.1) this one with 15.6 (using NetworkManager 1.44.2-150600.3.2.1 and openvpn 2.6.8-150600.1.5).
Both machines have exactly the same Sonic profile in NetworkManager. The 15.5 machine connects to Sonic correctly. The 15.6 machine asks for a password, then fails with everything I have tried.
Network Manager log after trying to connect to Sonic is:
howard@X201-oS15KDE:~> sudo journalctl -fu NetworkManager
[sudo] password for root:
Aug 11 13:52:18 X201-oS15KDE nm-openvpn[4624]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Aug 11 13:52:18 X201-oS15KDE nm-openvpn[4624]: [OpenVPN Server] Peer Connection Initiated with [AF_INET]157.131.224.199:1194
Aug 11 13:52:19 X201-oS15KDE nm-openvpn[4624]: AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)
Aug 11 13:52:19 X201-oS15KDE nm-openvpn[4624]: SIGUSR1[soft,auth-failure] received, process restarting
Aug 11 13:52:22 X201-oS15KDE NetworkManager[1260]: <warn> [1723409542.9964] vpn[0x5566aadf71b0,f594ef50-e208-4604-be11-308ce8a62c60,"Sonic"]: secrets: failed to request VPN secrets #4: User canceled the secrets request.
Aug 11 13:52:23 X201-oS15KDE nm-openvpn[4624]: ERROR: could not read Auth username/password/ok/string from management interface
Aug 11 13:52:23 X201-oS15KDE nm-openvpn[4624]: Exiting due to fatal error
Aug 11 13:52:30 X201-oS15KDE NetworkManager[1260]: <info> [1723409550.2374] audit: op="statistics" interface="eth0" ifindex=2 args="500" pid=4767 uid=1000 result="success"
Aug 11 13:52:30 X201-oS15KDE NetworkManager[1260]: <info> [1723409550.2402] audit: op="statistics" interface="wlan1" ifindex=3 args="500" pid=4767 uid=1000 result="success"
Aug 11 13:52:30 X201-oS15KDE NetworkManager[1260]: <info> [1723409550.3434] audit: op="statistics" interface="wlan1" ifindex=3 args="500" pid=4767 uid=1000 result="success"
^C
howard@X201-oS15KDE:~>
Any idea what is wrong with the 15.6 versions?
Thank you.
I saved it with a new name and imported it into NetworkManager. When it tries to connect, there is no longer a request for a password, but it times out without connecting.
Network Manager log after trying to connect to Sonic is:
howard@X201-oS15KDE:~> sudo journalctl -fu NetworkManager
[sudo] password for root:
Aug 12 10:52:24 X201-oS15KDE nm-openvpn[9510]: SIGUSR1[soft,server_poll] received, process restarting
Aug 12 10:52:24 X201-oS15KDE nm-openvpn[9510]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 12 10:52:24 X201-oS15KDE nm-openvpn[9510]: TCP/UDP: Preserving recently used remote address: [AF_INET]157.131.224.200:1194
Aug 12 10:52:24 X201-oS15KDE nm-openvpn[9510]: UDPv4 link local: (not bound)
Aug 12 10:52:24 X201-oS15KDE nm-openvpn[9510]: UDPv4 link remote: [AF_INET]157.131.224.200:1194
Aug 12 10:52:25 X201-oS15KDE NetworkManager[1256]: <info> [1723485145.0902] audit: op="statistics" interface="wlan1" ifindex=3 args="2000" pid=3924 uid=1000 result="success"
Aug 12 10:52:25 X201-oS15KDE NetworkManager[1256]: <info> [1723485145.0968] audit: op="statistics" interface="wlan1" ifindex=3 args="500" pid=4873 uid=1000 result="success"
Aug 12 10:52:42 X201-oS15KDE NetworkManager[1256]: <warn> [1723485162.9718] vpn[0x5645514ed020,30e4e55a-071e-47a0-8d81-867995136cff,"Sonic-data2"]: connect timeout exceeded
Aug 12 10:52:42 X201-oS15KDE nm-openvpn-serv[9504]: Connect timer expired, disconnecting.
Aug 12 10:52:42 X201-oS15KDE nm-openvpn[9510]: SIGTERM[hard,] received, process exiting
^C
howard@X201-oS15KDE:~>
howard@X201-oS15KDE:~/Downloads> openvpn --verb 4 Sonic-data2.ovpn
Absolute path to 'openvpn' is '/usr/sbin/openvpn', so running it may require superuser privileges (eg. root).
howard@X201-oS15KDE:~/Downloads> sudo openvpn --verb 4 Sonic-data2.ovpn
[sudo] password for root:
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: verb (2.6.8)
Use --help for more information.
howard@X201-oS15KDE:~/Downloads>
howard@X201-oS15KDE:~/Downloads> sudo openvpn --verb 4 --config Sonic-data2.ovpn
[sudo] password for root:
Options error: Unrecognized option or missing or extra parameter(s) in Sonic-data2.ovpn:199: data-cipher (2.6.8)
Use --help for more information.
howard@X201-oS15KDE:~/Downloads>
The Sonic issue is different from the one you cite for Express vpn. Sonic ovpn files do not contain the word keysize anywhere.
I deleted line 199, with data-cipher, deleted the existing NM Sonic-data2 connection and created a new one by importing the revised ovpn file. It times out, does not connect.
I did get:
howard@X201-oS15KDE:~/Downloads> sudo openvpn --verb 4 --config Sonic-data2.ovpn
[sudo] password for root:
2024-08-13 09:04:57 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-08-13 09:04:57 OpenVPN 2.6.8 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
2024-08-13 09:04:57 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
Enter Auth Username:
Failed to query password: Timer expired
Enter Auth Password: ********
2024-08-13 09:07:56 ERROR: Failed retrieving username or password
2024-08-13 09:07:56 Exiting due to fatal error
howard@X201-oS15KDE:~/Downloads>
Note the “s” at the end of “data-ciphers”. That was not there previously. I put back a line “data-ciphers AES-128-CBC” and then get:
howard@X201-oS15KDE:~/Downloads> sudo openvpn --verb 4 --config Sonic-data2.ovpn
2024-08-13 09:08:24 OpenVPN 2.6.8 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
2024-08-13 09:08:24 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
Enter Auth Username: candh_sfo
Enter Auth Password: ********
2024-08-13 09:08:59 TCP/UDP: Preserving recently used remote address: [AF_INET]157.131.224.199:1194
2024-08-13 09:08:59 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-08-13 09:08:59 UDPv4 link local: (not bound)
2024-08-13 09:08:59 UDPv4 link remote: [AF_INET]157.131.224.199:1194
2024-08-13 09:08:59 TLS: Initial packet from [AF_INET]157.131.224.199:1194, sid=0d5d982a 6bee9b78
2024-08-13 09:08:59 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-08-13 09:08:59 VERIFY OK: depth=1, CN=OpenVPN CA
2024-08-13 09:08:59 VERIFY KU OK
2024-08-13 09:08:59 Validating certificate extended key usage
2024-08-13 09:08:59 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-08-13 09:08:59 VERIFY EKU OK
2024-08-13 09:08:59 VERIFY OK: depth=0, CN=OpenVPN Server
2024-08-13 09:08:59 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-08-13 09:08:59 [OpenVPN Server] Peer Connection Initiated with [AF_INET]157.131.224.199:1194
2024-08-13 09:08:59 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-08-13 09:08:59 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-08-13 09:09:00 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
2024-08-13 09:09:00 AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)
2024-08-13 09:09:00 SIGTERM[soft,auth-failure] received, process exiting
howard@X201-oS15KDE:~/Downloads>