KDE openVPN configuration option: proto udp4

Good morning,

I have setup a VPN on my synology at home, exported the .ovpn, imported it in KDE network/connection manager and tested it at home with my phone as hotspot and at work and it worked fine.

Now I am abroad at a friends house and I could not get it to work, after some trail and error the problem was that I gotten a IP4 and IP6 on the wifi here and the protol in the .ovpn file was

proto udp

which makes it default to udp6, so when I changed that to

proto udp4

I could connect again via the CLI. Then I started looking in the KDE network/connection manager if there is an option to set the protocol but I could not find it. Of course I imported the modified .ovpn file but that did not solve it and I did not see a difference in the settings comparing the old and new one.

So I hoped maybe someone smart here knows where that option is hidden (if it even is available)

the others tabs only have stuff like Ciphers, Authentication and TLS settings, nothing option wise.

Thanks for any hints/tips/idea’s

Regards, Xil

By default openvpn connects using UDP so no need to configure that. There is however an option to force TCP instead, from your screenshot:

Screenshot_20230826_072046

Instead of changing “proto udp” to"proto udp4" I would change select the Network Manger VPN connection in the settings GUI and go to the IPv6 tab and set the Method to disabled.

I did run in a similar issue, the .ovpn using the CLI works but network manager not.

The key takeaway from the reply of @arvidjaar is that KDE-GUI for advanced settings is not up-to-date.

Would be good to dump the vpn.data" for your VPN connection:

nmcli -g vpn.data connection show <conn-id>

Then review the settings and update them to what is needed.

Thinking a bit further on my (and your) problem I concluded that it is counter-intuitive that importing an .ovpn file is not working. I see why a KDE settings applet might be out-of-date for advanced settings.

So I checked, can I also import an .ovpn file via the nmcli? Yes, that is possible:

> sudo nmcli connection import type openvpn file MyVPNConnection.ovpn
Connection 'MyVPNConnection' (6ca193ca-f012-4815-9c52-ed57c34041fe) successfully added.

Doing so, the connection is working.

NetworkManager OpenVPN plugin does not support udp4 protocol definition. You will need to contact developers and convince them it is required.

But somehow I do not quite understand the problem. If you pass IPv4 server address, OpenVPN should use IPv4 to contact it. There seems to be something more going on, and you better debug why plain udp fails.

thanks so much for all the answer.

@arvidjaar you sort of got me thinking, the synology is registered via xxxxxx.synology.me and if I ping that I get a IPv6 back so I am guessing that is why openVPN does this by default and makes sence

2023-08-26 15:55:27 UDPv6 link local: (not bound)
2023-08-26 15:55:27 UDPv6 link remote: [AF_INET6]2a02:a44a:a1c1:1:9209:xxxxxxxxx:61194

and I need to set

proto udp4

@marel the nmcli import went okay but the connection does not work, still tries IPv6. Disabling IPv6 on the IPv6 tab under Method sounded good and tried that of course but it still timed out.

With the IPv4 vs IPv6 in mind I changed the gateway to he IPv4 address instead of the xxxxxx.synology.me and solved it like that. The IP is not going to change so very often (if at all) so I might as well use that for now, and else I can always trace it down :slight_smile:

Thank you again for the answers and suggestions.

You can globally change the order in /etc/gai.conf so that IPv4 is returned first.

thank you Arvidjaar, I will look into how to set that file up as there is none atm but hey google :slight_smile:

/usr/share/doc/packages/glibc/gai.conf

man gai.conf