Wifi and VPN remain connected but go dead often

dipensible2948 · April 18, 2017, 9:17pm

I’ve tested out Linux Mint, KDE Neon and Ubuntu for a year without success. I’ve had issues with all of them. I installed openSUSE 42.2 Leap on the weekend and I’ve had the best experience with a distro. Everything but the WiFi/VPN works well.

I tried to get a stable Wifi in Ubuntu 16.04 for almost a year. I want to leave Windows 10 and move to a stable, sane Linux distro. I’m so sick of fiddling with random commands from the internet. I want it to be openSUSE + KDE, but I need help to set up Wifi and a working VPN connection.

1. System Details

I have a 4 year old Toshiba L840D laptop with an AMD GPU. The Wifi and VPN work well in Windows.

WiFi Card: Realtek Semiconductor Co., Ltd. RTL8723AE PCIe Wireless Network Adapter.

I know there are updated drivers here. I tried to install them in Ubuntu 16.04, but I don’t know if I was successful. I didn’t notice any changes.

2. The Problem

I can’t quite figure out the problem. Is if the WiFi or the VPN? Both? Neither? Here are the symptoms:

Sometimes, the wifi and vpn just connects and it works almost as well as Windows. But sometimes, the Wifi doesn’t connect. The wireless symbol just has that blue circle going around it. When it does connect, the performance feels impaired when compared to Windows.

When I try to connect to the VPN, sometimes its instantaneous and everything works, but half the time, the connection attempt fails or times out. The other thing that happens with the vpn service enabled is that, it will work fine for awhile, but when I click on a link, the firefox tab’s loading circle just spins - but sometimes it stays grey and the attempt times out and sometimes it’s blue but doesn’t load anything. The Wifi and vpn are connected, but it seems it seems like the connection goes dead.

I tried to run a speedof.me test, but midway through, it dies and gives an error. Disconnecting from the wireless network and reconnecting fixes the problem for a little while.

I get about 30 minutes to 1.5 hours of good wireless service, and then issues for hours. I tested this also with an ethernet connection instead of Wifi. I had the same issues but it was less annoying. This problem has been noted in KDE Neon, Ubuntu 16.04 and in openSUSE 42.2.

3. VPN Service suggestions

The vpn service asked me to disable IPv6 and I’ve done it.
The vpn help desk asked me to run install all of these packages in Ubuntu 16.04. I don’t know if that gives you a clue:

sudo apt install network-manager-openvpn network-manager-openvpn-gnome network-manager-pptp network-manager-vpnc

4. How I configured the wireless card when I installed opensuse

The installer did ask me to configure the wireless card. I had no idea what I was doing, but I got connected to my network, so I think I did something right. Here is my configurations:

Activate Device: At boot time
Dynamic Address: DHCP v4 and v6.

In another thread, people have asked me to use various command line tools to check performance. I know how to use Konsole, but I don’t understand what to do with the results of traceroute and other programs. It looks like gibberish to me. Can you please give me specific commands so that I can find and paste specific information?

deano_ferrari · April 19, 2017, 5:10am

Welcome to openSUSE Forums dipensible2948. From a quick read of your post, this does look to be wifi hardware/driver-related. The VPN stability will depend on the underlying wifi stability as when the wifi link drops, anything over the top of it will too. It’s important to be systematic with any diagnostic steps taken. I would leave the VPN out of the equation for the moment. Start by posting your wifi hardware details and the active driver.

You can get that information via a terminal window using

/usr/sbin/hwinfo --wlan

When I try to connect to the VPN, sometimes its instantaneous and everything works, but half the time, the connection attempt fails or times out. The other thing that happens with the vpn service enabled is that, it will work fine for awhile, but when I click on a link, the firefox tab’s loading circle just spins - but sometimes it stays grey and the attempt times out and sometimes it’s blue but doesn’t load anything. The Wifi and vpn are connected, but it seems it seems like the connection goes dead.

This can frustrating I know, and it does require some learning and effort to capture information to help characterise the problem. Monitoring/capturing relevant output is key to this.

If using Network Manager, you can monitor the logging on the fly but running the following while attempting to connect and use a given connection

sudo journalctl -fu NetworkManager

*CTRL+C to terminate monitoring

If using wicked, then do

sudo journalctl -fu wicked

When you feel that the connection is unresponsive you can review the journal output for clues. Check how far you can ping. Can you ping the router (gateway) successfully? Can you still ping VPN gateway if you had that active? Can you ping a well known internet site eg google.com?

In another thread, people have asked me to use various command line tools to check performance. I know how to use Konsole, but I don’t understand what to do with the results of traceroute and other programs. It looks like gibberish to me. Can you please give me specific commands so that I can find and paste specific information?

Well, in general when people give you commands to request, you should post the command and output for others to comment on. You don’t need to understand/interpret the results as such.

dipensible2948 · April 19, 2017, 7:34pm

deano_ferrari, thanks for helping me. I appreciate it. I couldn’t find anyone to sit down with me and do some diagnostics. I’m new to Linux and it has a steep learning curve for diagnosing problems with the command line. I’d be told to use use traceroute or check ping, but I didn’t know how to do that or read the output.

Here is the information returned by the terminal:

/usr/sbin/hwinfo --wlan

:


  24: PCI 200.0: 0282 WLAN controller                             
  [Created at pci.378]
  Unique ID: y9sn.4MZi5iELdZ6
  Parent ID: CvwD.nV9PPa_ZQ2D
  SysFS ID: /devices/pci0000:00/0000:00:05.0/0000:02:00.0
  SysFS BusID: 0000:02:00.0
  Hardware Class: network
  Model: "Realtek RTL8723AE PCIe Wireless Network Adapter"
  Vendor: pci 0x10ec "Realtek Semiconductor Co., Ltd."
  Device: pci 0x8723 "RTL8723AE PCIe Wireless Network Adapter"
  SubVendor: pci 0x10ec "Realtek Semiconductor Co., Ltd."
  SubDevice: pci 0x0723 
  Driver: "rtl8723ae"
  Driver Modules: "rtl8723ae"
  Device File: wlan0
  Features: WLAN
  I/O Ports: 0x2000-0x20ff (rw)
  Memory Range: 0xf0000000-0xf0003fff (rw,non-prefetchable)
  IRQ: 17 (no events)
  HW Address: 20:68:9d:fe:d3:3f
  Permanent HW Address: 20:68:9d:fe:d3:3f
  Link detected: yes
  WLAN channels: 1 2 3 4 5 6 7 8 9 10 11 12 13
  WLAN frequencies: 2.412 2.417 2.422 2.427 2.432 2.437 2.442 2.447 2.452 2.457 2.462 2.467 2.472
  WLAN encryption modes: WEP40 WEP104 TKIP CCMP
  WLAN authentication modes: open sharedkey wpa-psk wpa-eap
  Module Alias: "pci:v000010ECd00008723sv000010ECsd00000723bc02sc80i00"
  Driver Info #0:                                                                                                                     
    Driver Status: rtl8723ae is active                                                                                                
    Driver Activation Cmd: "modprobe rtl8723ae"                                                                                       
  Config Status: cfg=no, avail=yes, need=no, active=unknown                                                                           
  Attached to: #5 (PCI bridge)

sudo journalctl -fu NetworkManager

:

-- Logs begin at Mon 2017-04-17 00:41:17 EDT. --
Apr 19 12:51:55 linux-fi7p NetworkManager[2621]: <info>  NetworkManager state is now CONNECTED_LOCAL
Apr 19 12:51:55 linux-fi7p NetworkManager[2621]: <info>  NetworkManager state is now CONNECTED_SITE
Apr 19 12:51:55 linux-fi7p NetworkManager[2621]: <info>  Policy set 'Powerbeam' (wlan0) as default for IPv4 routing and DNS.
Apr 19 12:51:55 linux-fi7p NetworkManager[2621]: <13>Apr 19 12:51:55 dns-resolver: ATTENTION: You have modified /etc/resolv.conf. Leaving it untouched...
Apr 19 12:51:55 linux-fi7p NetworkManager[2621]: <13>Apr 19 12:51:55 dns-resolver: You can find my version in /etc/resolv.conf.netconfig
Apr 19 12:51:55 linux-fi7p NetworkManager[2621]: ATTENTION: You have modified /etc/resolv.conf.  Leaving it untouched...
Apr 19 12:51:55 linux-fi7p NetworkManager[2621]: You can find my version in /etc/resolv.conf.netconfig ...
Apr 19 12:51:55 linux-fi7p NetworkManager[2621]: <info>  (wlan0): Activation: successful, device activated.
Apr 19 12:51:55 linux-fi7p NetworkManager[2621]: <info>  NetworkManager state is now CONNECTED_GLOBAL
Apr 19 12:51:58 linux-fi7p NetworkManager[2621]: <info>  startup complete
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: activated -> deactivating (reason 'user-requested') [100 110 39]
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: <info>  NetworkManager state is now DISCONNECTING
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: deactivating -> disconnected (reason 'user-requested') [110 30 39]
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: <info>  (wlan0): canceled DHCP transaction, DHCP client pid 2660
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: <info>  (wlan0): DHCPv4 state changed bound -> done
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: <13>Apr 19 13:09:17 dns-resolver: ATTENTION: You have modified /etc/resolv.conf. Leaving it untouched...
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: <13>Apr 19 13:09:17 dns-resolver: You can find my version in /etc/resolv.conf.netconfig
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: ATTENTION: You have modified /etc/resolv.conf.  Leaving it untouched...
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: You can find my version in /etc/resolv.conf.netconfig ...
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: <info>  NetworkManager state is now DISCONNECTED
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: <warn>  Connection disconnected (reason -3)
Apr 19 13:09:17 linux-fi7p NetworkManager[2621]: <info>  (wlan0): supplicant interface state: completed -> disconnected
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  (wlan0): Activation: starting connection 'Powerbeam' (76cf2e20-03fd-4f81-ba9a-0036be2c3740)
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  NetworkManager state is now CONNECTING
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: prepare -> config (reason 'none') [40 50 0]
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  (wlan0): Activation: (wifi) access point 'Powerbeam' has security, but secrets are required.                                           
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: config -> need-auth (reason 'none') [50 60 0]                                                            
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: need-auth -> prepare (reason 'none') [60 40 0]                                                           
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: prepare -> config (reason 'none') [40 50 0]                                                              
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  (wlan0): Activation: (wifi) connection 'Powerbeam' has security, and secrets exist.  No new secrets needed.                            
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  Config: added 'ssid' value 'Powerbeam'                                                                                                 
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  Config: added 'scan_ssid' value '1'                                                                                                    
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  Config: added 'key_mgmt' value 'WPA-PSK'                                                                                               
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  Config: added 'psk' value '<omitted>'                                                                                                  
Apr 19 13:09:29 linux-fi7p NetworkManager[2621]: <info>  Config: set interface ap_scan to 1                                                                                                     
Apr 19 13:09:30 linux-fi7p NetworkManager[2621]: <info>  (wlan0): supplicant interface state: disconnected -> scanning                                                                          
^[BApr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): supplicant interface state: scanning -> authenticating                                                                    
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): supplicant interface state: authenticating -> associating                                                                     
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): supplicant interface state: associating -> 4-way handshake                                                                    
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): supplicant interface state: 4-way handshake -> completed                                                                      
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful.  Connected to wireless network 'Powerbeam'.
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: config -> ip-config (reason 'none') [50 70 0]
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  Activation (wlan0) Beginning DHCPv4 transaction (timeout in 45 seconds)
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  dhclient started with pid 4847
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>    address 192.168.2.186
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>    plen 24 (255.255.255.0)
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>    gateway 192.168.2.1
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>    server identifier 192.168.2.1
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>    lease time 86400
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>    hostname 'linux-fi7p'
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>    nameserver '192.168.2.1'
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): DHCPv4 state changed unknown -> bound
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  NetworkManager state is now CONNECTED_LOCAL
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  NetworkManager state is now CONNECTED_SITE
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  Policy set 'Powerbeam' (wlan0) as default for IPv4 routing and DNS.
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <13>Apr 19 13:09:31 dns-resolver: ATTENTION: You have modified /etc/resolv.conf. Leaving it untouched...
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <13>Apr 19 13:09:31 dns-resolver: You can find my version in /etc/resolv.conf.netconfig
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: ATTENTION: You have modified /etc/resolv.conf.  Leaving it untouched...
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: You can find my version in /etc/resolv.conf.netconfig ...
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  (wlan0): Activation: successful, device activated.
Apr 19 13:09:31 linux-fi7p NetworkManager[2621]: <info>  NetworkManager state is now CONNECTED_GLOBAL

sudo journalctl -fu wicked

:

-- Logs begin at Mon 2017-04-17 00:41:17 EDT. --

I don’t think I’m using wicked.

Annoyingly, the connection works well right now, so I can’t test it via pings.

PING www.google.com (206.248.169.88) 56(84) bytes of data.
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=1 ttl=60 time=14.4 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=2 ttl=60 time=14.7 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=3 ttl=60 time=18.0 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=4 ttl=60 time=15.8 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=5 ttl=60 time=14.8 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=6 ttl=60 time=15.5 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=7 ttl=60 time=12.8 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=8 ttl=60 time=13.9 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=9 ttl=60 time=23.2 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=10 ttl=60 time=14.7 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=11 ttl=60 time=20.9 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=12 ttl=60 time=21.2 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=13 ttl=60 time=14.5 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=14 ttl=60 time=14.2 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=15 ttl=60 time=13.7 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=16 ttl=60 time=27.1 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=17 ttl=60 time=138 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=18 ttl=60 time=17.2 ms
64 bytes from 206-248-169-88.dsl.teksavvy.com (206.248.169.88): icmp_seq=19 ttl=60 time=16.1 ms

I’ll wait for the connection to have troubles and I’ll post the ping results.

deano_ferrari · April 19, 2017, 10:15pm

The hardware information shows that you have a “Realtek RTL8723AE PCIe Wireless Network Adapter” using the rtl8723ae driver (included as part of the kernel). The Network Manager log shows that you got connected successfully. Now that you know how to monitor the connection via journalctl, the idea is to run it and whe the connection fails, not the output. It might not be completely definitive, but it’s a starting point.

BTW, I note that the journal log mentions that you have modified /etc/resolv.conf at some stage

dns-resolver: ATTENTION: You have modified /etc/resolv.conf. Leaving it untouched...

This file points to valid name servers for domain name resolution. It isn’t a problem as such, but it means that Network Manager won’t try to configure it when a connection is made to your wireless router. There’s no need to undo that change for now.

dipensible2948 · April 19, 2017, 11:17pm

I don’t know what modified /etc/resolv.conf is. I do know that I didn’t modify it directly. I did go to Network Settings and disable IPv6. Is that setting stored in this file? Btw, in Network settings, YaST warns me that Network is handled by NetworkManager or completely disabled. I’ll add that because I’m not sure if that’s relevant.

I’m still waiting for my Wifi to screw up, so that I can log it. For all the times it did, it has great performance just when I don’t need it! rotfl!

deano_ferrari · April 19, 2017, 11:26pm

It’s not important to rectify right now. Clearly you can resolve hot names, otherwise you’d be reporting problems with surfing the web. It can be deleted as administrator and it will then get recreated by Network Manager the next time a DHCP connection is made.

I’m still waiting for my Wifi to screw up, so that I can log it. For all the times it did, it has great performance just when I don’t need it! rotfl!

Yes, it can be a waiting game. It might occur when the connection is idle perhaps. In any case we’ll hear from you when it next drops (armed with the appropriate snippet from the logs).

dipensible2948 · April 20, 2017, 12:39am

While I wait for Wireless to fail, here are the ping results with the VPN enabled.

Some VPN connections do connect and transmit packets. This is one of the cases where nothing happens even though I’m connected. Firefox tabs circle blue without ever loading the page.

ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=2.88 ms
64 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=14.7 ms
64 bytes from 192.168.2.1: icmp_seq=4 ttl=64 time=1.98 ms
64 bytes from 192.168.2.1: icmp_seq=5 ttl=64 time=1.91 ms
64 bytes from 192.168.2.1: icmp_seq=6 ttl=64 time=24.4 ms
64 bytes from 192.168.2.1: icmp_seq=7 ttl=64 time=2.92 ms
64 bytes from 192.168.2.1: icmp_seq=9 ttl=64 time=251 ms
64 bytes from 192.168.2.1: icmp_seq=10 ttl=64 time=5.07 ms
64 bytes from 192.168.2.1: icmp_seq=11 ttl=64 time=3.17 ms
64 bytes from 192.168.2.1: icmp_seq=12 ttl=64 time=1.80 ms
64 bytes from 192.168.2.1: icmp_seq=13 ttl=64 time=2.92 ms
64 bytes from 192.168.2.1: icmp_seq=14 ttl=64 time=1.74 ms
64 bytes from 192.168.2.1: icmp_seq=15 ttl=64 time=34.2 ms
64 bytes from 192.168.2.1: icmp_seq=16 ttl=64 time=6.36 ms
64 bytes from 192.168.2.1: icmp_seq=17 ttl=64 time=2.86 ms
64 bytes from 192.168.2.1: icmp_seq=18 ttl=64 time=1.95 ms
64 bytes from 192.168.2.1: icmp_seq=19 ttl=64 time=1.92 ms
64 bytes from 192.168.2.1: icmp_seq=20 ttl=64 time=6.61 ms
64 bytes from 192.168.2.1: icmp_seq=21 ttl=64 time=8.78 ms
64 bytes from 192.168.2.1: icmp_seq=22 ttl=64 time=1.24 ms
64 bytes from 192.168.2.1: icmp_seq=23 ttl=64 time=1.15 ms
^C
--- 192.168.2.1 ping statistics ---
23 packets transmitted, 21 received, 8% packet loss, time 22024ms
rtt min/avg/max/mdev = 1.153/18.091/251.070/52.738 ms

user@linux-fi7p:~> ping www.google.com

I can ping my router, but not google. There is no response. What does that mean? My local network is operating nominally but why can’t I connect to the internet?

deano_ferrari · April 20, 2017, 1:47am

Ok, so you can ping the gateway which means the wireless link still active. Can you ping an internet address? For example, a google DNS server by IP address…

ping 8.8.8.8

With your VPN active you should be able to get a response from the VPN gateway too.

Share your routing table

ip route

That should show the VPN gateway (as would the journal log when you first connected to the VPN).

You can put Network Manager back in charge of the nameserver configuration by doing the following

sudo rm -f /etc/resolv.conf

sudo systemctl restart NetworkManager

Bear in mind this will kill the VPN and wireless connectivity, so you’ll need to connect again.

dipensible2948 · April 20, 2017, 5:51am

Okay, my WiFi still has no problems when running by itself. I ran these tests with the VPN enabled.

I tried pinging google’s dns servers:

@linux-fi7p:~> ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.129.31.146 icmp_seq=1 Destination Host Unreachable
From 10.129.31.146 icmp_seq=2 Destination Host Unreachable
From 10.129.31.146 icmp_seq=3 Destination Host Unreachable
From 10.129.31.146 icmp_seq=4 Destination Host Unreachable
From 10.129.31.146 icmp_seq=5 Destination Host Unreachable
From 10.129.31.146 icmp_seq=6 Destination Host Unreachable
From 10.129.31.146 icmp_seq=7 Destination Host Unreachable
From 10.129.31.146 icmp_seq=8 Destination Host Unreachable
From 10.129.31.146 icmp_seq=11 Destination Host Unreachable
From 10.129.31.146 icmp_seq=12 Destination Host Unreachable
From 10.129.31.146 icmp_seq=13 Destination Host Unreachable
From 10.129.31.146 icmp_seq=14 Destination Host Unreachable
From 10.129.31.146 icmp_seq=15 Destination Host Unreachable
From 10.129.31.146 icmp_seq=16 Destination Host Unreachable
From 10.129.31.146 icmp_seq=17 Destination Host Unreachable
From 10.129.31.146 icmp_seq=18 Destination Host Unreachable
From 10.129.31.146 icmp_seq=19 Destination Host Unreachable
From 10.129.31.146 icmp_seq=20 Destination Host Unreachable
From 10.129.31.146 icmp_seq=21 Destination Host Unreachable
From 10.129.31.146 icmp_seq=22 Destination Host Unreachable
From 10.129.31.146 icmp_seq=23 Destination Host Unreachable
From 10.129.31.146 icmp_seq=24 Destination Host Unreachable
From 10.129.31.146 icmp_seq=25 Destination Host Unreachable
From 10.129.31.146 icmp_seq=26 Destination Host Unreachable
From 10.129.31.146 icmp_seq=27 Destination Host Unreachable
From 10.129.31.146 icmp_seq=28 Destination Host Unreachable
From 10.129.31.146 icmp_seq=29 Destination Host Unreachable
From 10.129.31.146 icmp_seq=30 Destination Host Unreachable                                                                           
                                                                                                                                    
--- 8.8.8.8 ping statistics ---
31 packets transmitted, 0 received, +28 errors, 100% packet loss, time 30003ms
pipe 4

I ran journalctl:

sudo journalctl -fu NetworkManager
root's password:
-- Logs begin at Mon 2017-04-17 00:41:17 EDT. --
Apr 19 23:17:53 linux-fi7p NetworkManager[1032]: <13>Apr 19 23:17:53 dns-resolver: ATTENTION: You have modified /etc/resolv.conf. Leaving it untouched...
Apr 19 23:17:53 linux-fi7p NetworkManager[1032]: <13>Apr 19 23:17:53 dns-resolver: You can find my version in /etc/resolv.conf.netconfig
Apr 19 23:17:53 linux-fi7p NetworkManager[1032]: ATTENTION: You have modified /etc/resolv.conf.  Leaving it untouched...
Apr 19 23:17:53 linux-fi7p NetworkManager[1032]: You can find my version in /etc/resolv.conf.netconfig ...
Apr 19 23:17:53 linux-fi7p NetworkManager[1032]: <info>  (tap0): Activation: successful, device activated.
Apr 19 23:19:16 linux-fi7p NetworkManager[1032]: <info>  connectivity: check for uri 'http://conncheck.opensuse.org' failed with 'Error resolving 'conncheck.opensuse.org': Temporary failure in name resolution'
Apr 19 23:19:16 linux-fi7p NetworkManager[1032]: <info>  NetworkManager state is now CONNECTED_SITE
Apr 19 23:20:12 linux-fi7p NetworkManager[1032]: <info>  connectivity: check for uri 'http://conncheck.opensuse.org' failed with 'Error resolving 'conncheck.opensuse.org': Temporary failure in name resolution'
Apr 19 23:20:12 linux-fi7p NetworkManager[1032]: <info>  connectivity: check for uri 'http://conncheck.opensuse.org' failed with 'Error resolving 'conncheck.opensuse.org': Temporary failure in name resolution'
Apr 19 23:22:28 linux-fi7p NetworkManager[1032]: <info>  connectivity: check for uri 'http://conncheck.opensuse.org' failed with 'Error resolving 'conncheck.opensuse.org': Temporary failure in name resolution'

I ran ip route:

ip route
default dev tap0  proto static  scope link  metric 50 
default via 192.168.2.1 dev wlan0  proto static  metric 600 
10.129.31.146 dev tap0  proto kernel  scope link  src 10.129.31.146  metric 50 
192.168.2.0/24 dev wlan0  proto kernel  scope link  src 192.168.2.186  metric 600 
204.187.100.85 via 192.168.2.1 dev wlan0  proto static  metric 600

There are two IPs there and I pinged both of them:

ping 10.129.31.146
PING 10.129.31.146 (10.129.31.146) 56(84) bytes of data.
64 bytes from 10.129.31.146: icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from 10.129.31.146: icmp_seq=2 ttl=64 time=0.057 ms
64 bytes from 10.129.31.146: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from 10.129.31.146: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from 10.129.31.146: icmp_seq=5 ttl=64 time=0.057 ms
64 bytes from 10.129.31.146: icmp_seq=6 ttl=64 time=0.047 ms
64 bytes from 10.129.31.146: icmp_seq=7 ttl=64 time=0.055 ms
64 bytes from 10.129.31.146: icmp_seq=8 ttl=64 time=0.044 ms
64 bytes from 10.129.31.146: icmp_seq=9 ttl=64 time=0.065 ms
64 bytes from 10.129.31.146: icmp_seq=10 ttl=64 time=0.056 ms
64 bytes from 10.129.31.146: icmp_seq=11 ttl=64 time=0.057 ms
64 bytes from 10.129.31.146: icmp_seq=12 ttl=64 time=0.050 ms
64 bytes from 10.129.31.146: icmp_seq=13 ttl=64 time=0.055 ms
64 bytes from 10.129.31.146: icmp_seq=14 ttl=64 time=0.048 ms
64 bytes from 10.129.31.146: icmp_seq=15 ttl=64 time=0.044 ms
64 bytes from 10.129.31.146: icmp_seq=16 ttl=64 time=0.047 ms
64 bytes from 10.129.31.146: icmp_seq=17 ttl=64 time=0.048 ms
64 bytes from 10.129.31.146: icmp_seq=18 ttl=64 time=0.047 ms
64 bytes from 10.129.31.146: icmp_seq=19 ttl=64 time=0.055 ms
64 bytes from 10.129.31.146: icmp_seq=20 ttl=64 time=0.053 ms
64 bytes from 10.129.31.146: icmp_seq=21 ttl=64 time=0.045 ms
64 bytes from 10.129.31.146: icmp_seq=22 ttl=64 time=0.041 ms
64 bytes from 10.129.31.146: icmp_seq=23 ttl=64 time=0.020 ms
64 bytes from 10.129.31.146: icmp_seq=24 ttl=64 time=0.052 ms
64 bytes from 10.129.31.146: icmp_seq=25 ttl=64 time=0.046 ms

--- 10.129.31.146 ping statistics ---
25 packets transmitted, 25 received, 0% packet loss, time 23991ms
rtt min/avg/max/mdev = 0.020/0.049/0.065/0.009 ms

This one is very close. The ping times are even lower than my router. What returns sub-millisecond ping times?

Here’s the other IP:

ping 204.187.100.85
PING 204.187.100.85 (204.187.100.85) 56(84) bytes of data.
64 bytes from 204.187.100.85: icmp_seq=1 ttl=58 time=24.2 ms
64 bytes from 204.187.100.85: icmp_seq=2 ttl=58 time=20.3 ms
64 bytes from 204.187.100.85: icmp_seq=3 ttl=58 time=169 ms
64 bytes from 204.187.100.85: icmp_seq=4 ttl=58 time=43.8 ms
64 bytes from 204.187.100.85: icmp_seq=5 ttl=58 time=16.3 ms
64 bytes from 204.187.100.85: icmp_seq=6 ttl=58 time=56.0 ms
64 bytes from 204.187.100.85: icmp_seq=7 ttl=58 time=35.8 ms
64 bytes from 204.187.100.85: icmp_seq=8 ttl=58 time=41.5 ms
64 bytes from 204.187.100.85: icmp_seq=9 ttl=58 time=28.0 ms
64 bytes from 204.187.100.85: icmp_seq=10 ttl=58 time=24.8 ms
64 bytes from 204.187.100.85: icmp_seq=11 ttl=58 time=34.6 ms
64 bytes from 204.187.100.85: icmp_seq=12 ttl=58 time=18.4 ms
64 bytes from 204.187.100.85: icmp_seq=13 ttl=58 time=25.8 ms
64 bytes from 204.187.100.85: icmp_seq=14 ttl=58 time=14.9 ms
64 bytes from 204.187.100.85: icmp_seq=15 ttl=58 time=22.4 ms
64 bytes from 204.187.100.85: icmp_seq=16 ttl=58 time=19.8 ms
64 bytes from 204.187.100.85: icmp_seq=17 ttl=58 time=14.7 ms
64 bytes from 204.187.100.85: icmp_seq=18 ttl=58 time=29.0 ms
64 bytes from 204.187.100.85: icmp_seq=19 ttl=58 time=25.1 ms
64 bytes from 204.187.100.85: icmp_seq=20 ttl=58 time=21.2 ms
64 bytes from 204.187.100.85: icmp_seq=21 ttl=58 time=25.1 ms
64 bytes from 204.187.100.85: icmp_seq=22 ttl=58 time=16.7 ms
64 bytes from 204.187.100.85: icmp_seq=23 ttl=58 time=30.1 ms
64 bytes from 204.187.100.85: icmp_seq=24 ttl=58 time=17.0 ms
64 bytes from 204.187.100.85: icmp_seq=25 ttl=58 time=23.3 ms
64 bytes from 204.187.100.85: icmp_seq=26 ttl=58 time=15.8 ms
64 bytes from 204.187.100.85: icmp_seq=27 ttl=58 time=22.5 ms
64 bytes from 204.187.100.85: icmp_seq=28 ttl=58 time=13.8 ms
64 bytes from 204.187.100.85: icmp_seq=29 ttl=58 time=14.0 ms
64 bytes from 204.187.100.85: icmp_seq=30 ttl=58 time=15.6 ms
64 bytes from 204.187.100.85: icmp_seq=31 ttl=58 time=15.7 ms
64 bytes from 204.187.100.85: icmp_seq=32 ttl=58 time=17.0 ms
64 bytes from 204.187.100.85: icmp_seq=33 ttl=58 time=13.8 ms
64 bytes from 204.187.100.85: icmp_seq=34 ttl=58 time=16.7 ms
64 bytes from 204.187.100.85: icmp_seq=35 ttl=58 time=15.6 ms
64 bytes from 204.187.100.85: icmp_seq=36 ttl=58 time=13.6 ms
64 bytes from 204.187.100.85: icmp_seq=37 ttl=58 time=14.8 ms
64 bytes from 204.187.100.85: icmp_seq=38 ttl=58 time=18.2 ms
64 bytes from 204.187.100.85: icmp_seq=39 ttl=58 time=21.2 ms
64 bytes from 204.187.100.85: icmp_seq=40 ttl=58 time=14.1 ms
64 bytes from 204.187.100.85: icmp_seq=41 ttl=58 time=14.9 ms
64 bytes from 204.187.100.85: icmp_seq=42 ttl=58 time=23.6 ms
64 bytes from 204.187.100.85: icmp_seq=43 ttl=58 time=17.1 ms
64 bytes from 204.187.100.85: icmp_seq=44 ttl=58 time=40.8 ms
64 bytes from 204.187.100.85: icmp_seq=45 ttl=58 time=16.1 ms
64 bytes from 204.187.100.85: icmp_seq=46 ttl=58 time=16.3 ms
64 bytes from 204.187.100.85: icmp_seq=47 ttl=58 time=16.2 ms

--- 204.187.100.85 ping statistics ---
47 packets transmitted, 47 received, 0% packet loss, time 46032ms
rtt min/avg/max/mdev = 13.628/25.274/169.387/23.124 ms

I’m not sure what this this IP is. It could be my VPN, but I doubt. I can’t open any websites with the VPN running on this server. Firefox tabs have both blue and grey circles constantly rotating, but never loading anything.

I also executed sudo rm -f /etc/resolv.conf and restarted NetworkManager. Made no difference to the VPN connection. I checked journalctl again:

sudo journalctl -fu NetworkManager
root's password:
-- Logs begin at Mon 2017-04-17 00:41:17 EDT. --
Apr 19 23:49:03 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Apr 19 23:49:03 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: prepare -> config (reason 'none') [40 50 0]
Apr 19 23:49:03 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: config -> ip-config (reason 'none') [50 70 0]
Apr 19 23:49:03 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
Apr 19 23:49:03 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
Apr 19 23:49:03 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Apr 19 23:49:04 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_LOCAL
Apr 19 23:49:04 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_GLOBAL
Apr 19 23:49:04 linux-fi7p NetworkManager[4439]: <info>  Policy set 'tap0' (tap0) as default for IPv4 routing and DNS.
Apr 19 23:49:04 linux-fi7p NetworkManager[4439]: <info>  (tap0): Activation: successful, device activated.

Do you know what’s going on? I don’t get it.

dipensible2948 · April 20, 2017, 6:14am

In case this might help, I turned off Wifi and the VPN and ran journalctl. Then, I connected to the Wifi, then the VPN and captured all the logs. I disconnected in reverse, first the VPN and then the Wifi. Here are the full logs:

@linux-fi7p:~> sudo journalctl -fu NetworkManager
root's password:
-- Logs begin at Mon 2017-04-17 00:41:17 EDT. --
Apr 19 23:57:18 linux-fi7p NetworkManager[4439]: **<warn>  Connection disconnected (reason -3)**
Apr 19 23:57:18 linux-fi7p NetworkManager[4439]: <info>  (wlan0): supplicant interface state: completed -> disconnected
Apr 19 23:57:18 linux-fi7p NetworkManager[4439]: <info>  connectivity: check for uri 'http://conncheck.opensuse.org' failed with 'Error resolving 'conncheck.opensuse.org': Temporary failure in name resolution'
Apr 19 23:57:18 linux-fi7p NetworkManager[4439]: <info>  connectivity: check for uri 'http://conncheck.opensuse.org' failed with 'Error resolving 'conncheck.opensuse.org': Temporary failure in name resolution'
Apr 19 23:57:21 linux-fi7p NetworkManager[4439]: <info>  connectivity: check for uri 'http://conncheck.opensuse.org' failed with 'Error resolving 'conncheck.opensuse.org': Temporary failure in name resolution'
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  (wlan0): Activation: starting connection 'Powerbeam' (76cf2e20-03fd-4f81-ba9a-0036be2c3740)
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  (wlan0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTING
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  (wlan0): device state change: prepare -> config (reason 'none') [40 50 0]
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  (wlan0): Activation: (wifi) access point 'Powerbeam' has security, but secrets are required.
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  (wlan0): device state change: config -> need-auth (reason 'none') [50 60 0]
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  (wlan0): device state change: need-auth -> prepare (reason 'none') [60 40 0]
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  (wlan0): device state change: prepare -> config (reason 'none') [40 50 0]
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  (wlan0): Activation: (wifi) connection 'Powerbeam' has security, and secrets exist.  No new secrets needed.
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  Config: added 'ssid' value 'Powerbeam'                                                                                                 
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  Config: added 'scan_ssid' value '1'                                                                                                    
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  Config: added 'key_mgmt' value 'WPA-PSK'
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  Config: added 'psk' value '<omitted>'
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  Config: set interface ap_scan to 1
Apr 19 23:57:43 linux-fi7p NetworkManager[4439]: <info>  (wlan0): supplicant interface state: disconnected -> scanning
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): supplicant interface state: scanning -> authenticating
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): supplicant interface state: authenticating -> associating
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): supplicant interface state: associating -> associated
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): supplicant interface state: associated -> 4-way handshake
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): supplicant interface state: 4-way handshake -> completed
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful.  Connected to wireless network 'Powerbeam'.
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): device state change: config -> ip-config (reason 'none') [50 70 0]
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  Activation (wlan0) Beginning DHCPv4 transaction (timeout in 45 seconds)
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  dhclient started with pid 8296
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>    address 192.168.2.186
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>    plen 24 (255.255.255.0)
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>    gateway 192.168.2.1
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>    server identifier 192.168.2.1
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>    lease time 86400
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>    hostname 'linux-fi7p'
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>    nameserver '192.168.2.1'
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): DHCPv4 state changed unknown -> bound
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  (wlan0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_LOCAL
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_SITE
Apr 19 23:57:44 linux-fi7p NetworkManager[4439]: <info>  Policy set 'Powerbeam' (wlan0) as default for IPv4 routing and DNS.
Apr 19 23:57:45 linux-fi7p NetworkManager[4439]: <info>  (wlan0): Activation: successful, device activated.
Apr 19 23:57:45 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_GLOBAL
Apr 19 23:58:04 linux-fi7p NetworkManager[4439]: (nm-openvpn-service:7117): nm-openvpn-WARNING **: (nm-openvpn-service.c:1269):nm_openvpn_start_openvpn_binary: runtime check failed: (priv->mgt_path == NULL)
Apr 19 23:58:04 linux-fi7p NetworkManager[4439]: (nm-openvpn-service:7117): nm-openvpn-WARNING **: Directory '/var/lib/openvpn/chroot' not usable for chroot by 'nm-openvpn', openvpn will not be chrooted.
Apr 19 23:58:04 linux-fi7p NetworkManager[4439]: nm-openvpn-Message: openvpn started with pid 8445
Apr 19 23:58:04 linux-fi7p NetworkManager[4439]: <info>  VPN plugin state changed: starting (3)
Apr 19 23:58:04 linux-fi7p NetworkManager[4439]: <info>  VPN connection 'CG UDP - Canada' (Connect) reply received.



Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: OpenVPN 2.3.8 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug  4 2015
Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: library versions: OpenSSL 1.0.2j-fips  26 Sep 2016, LZO 2.08
Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: **WARNING: file 'VPNCLIENT.key' is group or others accessible**
Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: **NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay**
Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: UDPv4 link local: [undef]
Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: **UDPv4 link remote: [AF_INET]184.75.209.101:443**
Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: **WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'**
Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: **WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1558'**
Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: **WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'**
Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: **[CyberGhost VPN Server Bucharest-S14-I02] Peer Connection Initiated with [AF_INET]184.75.209.101:443**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.129.0.1**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **TUN/TAP device tap0 opened**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **/usr/lib/nm-openvpn-service-openvpn-helper --tap -- tap0 1500 1590 10.129.17.202 10.129.17.201 init
**



Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  (tap0): new Tun device (carrier: OFF, driver: 'tun', ifindex: 8)
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  VPN connection 'CG UDP - Canada' (IP Config Get) reply received.
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  VPN connection 'CG UDP - Canada' (IP4 Config Get) reply received.
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  VPN Gateway: 184.75.209.101
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  Tunnel Device: tap0
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  IPv4 configuration:
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>    Internal Address: 10.129.17.202
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>    Internal Prefix: 32
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>    Internal Point-to-Point Address: 0.0.0.0
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>    Maximum Segment Size (MSS): 0
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>    Forbid Default Route: no
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>    Internal DNS: 38.132.106.139
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>    Internal DNS: 194.187.251.67
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>    Internal DNS: 185.93.180.131
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>    DNS Domain: '(none)'
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  No IPv6 configuration
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  VPN plugin state changed: started (4)
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  VPN connection 'CG UDP - Canada' (IP Config Get) complete.
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  (tap0): link connected
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **GID set to nm-openvpn**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **UID set to nm-openvpn**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **Initialization Sequence Completed**
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_LOCAL
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_GLOBAL
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  keyfile: add connection in-memory (cbbf5a9f-4788-4687-868e-a8b2438e950c,"tap0")
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Apr 19 23:58:11 linux-fi7p NetworkManager[4439]: <info>  (tap0): Activation: starting connection 'tap0' (cbbf5a9f-4788-4687-868e-a8b2438e950c)
Apr 19 23:58:12 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Apr 19 23:58:12 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: prepare -> config (reason 'none') [40 50 0]
Apr 19 23:58:12 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: config -> ip-config (reason 'none') [50 70 0]
Apr 19 23:58:12 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
Apr 19 23:58:12 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
Apr 19 23:58:12 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Apr 19 23:58:12 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_LOCAL
Apr 19 23:58:12 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_GLOBAL
Apr 19 23:58:12 linux-fi7p NetworkManager[4439]: <info>  Policy set 'tap0' (tap0) as default for IPv4 routing and DNS.
Apr 19 23:58:12 linux-fi7p NetworkManager[4439]: <info>  (tap0): Activation: successful, device activated.
Apr 19 23:58:53 linux-fi7p NetworkManager[4439]: nm-openvpn-Message: Terminated openvpn daemon with PID 8445.
Apr 19 23:58:53 linux-fi7p NetworkManager[4439]: **<error> [1492660733.796329] [platform/nm-linux-platform.c:2850] do_change_link(): platform-linux: do-change-link: failure changing link 8: No such device (31)**
Apr 19 23:58:53 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_LOCAL
Apr 19 23:58:53 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now CONNECTED_GLOBAL
Apr 19 23:58:53 linux-fi7p NetworkManager[4439]: <info>  Policy set 'Powerbeam' (wlan0) as default for IPv4 routing and DNS.
Apr 19 23:58:54 linux-fi7p NetworkManager[4439]: <info>  (tap0): device state change: activated -> unmanaged (reason 'removed') [100 10 36]
Apr 19 23:59:08 linux-fi7p NetworkManager[4439]: <info>  (wlan0): device state change: activated -> deactivating (reason 'user-requested') [100 110 39]
Apr 19 23:59:08 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now DISCONNECTING
Apr 19 23:59:08 linux-fi7p NetworkManager[4439]: <info>  NetworkManager state is now DISCONNECTED
Apr 19 23:59:08 linux-fi7p NetworkManager[4439]: <warn>  **Connection disconnected (reason -3)**

Some things were bolded in Konsole and I’ve highlighted them. In the middle of this log, you can see a block of warnings related to the VPN. I should mention that when I added the .ovpn config files to NetworkManager in openSUSE, I got some errors. Something like dev tun missing parameters. This has happened only with the latest batch of .ovpn files from the vpn vendor.

Before that, when I was using Ubuntu, I did not get any errors when importing .ovpn files, but I did suffer similar connection woes.

Does any of that help?

deano_ferrari · April 20, 2017, 6:24am

I ran ip route:

ip route
default dev tap0  proto static  scope link  metric 50 
default via 192.168.2.1 dev wlan0  proto static  metric 600 
10.129.31.146 dev tap0  proto kernel  scope link  src 10.129.31.146  metric 50 
192.168.2.0/24 dev wlan0  proto kernel  scope link  src 192.168.2.186  metric 600 
204.187.100.85 via 192.168.2.1 dev wlan0  proto static  metric 600

There are two IPs there and I pinged both of them:

ping 10.129.31.146
PING 10.129.31.146 (10.129.31.146) 56(84) bytes of data.
64 bytes from 10.129.31.146: icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from 10.129.31.146: icmp_seq=2 ttl=64 time=0.057 ms

This one is very close. The ping times are even lower than my router. What returns sub-millisecond ping times?

That’s the local address assigned (to the virtual tap0 interface) by the VPN server you connect to.

Here’s the other IP:

ping 204.187.100.85
PING 204.187.100.85 (204.187.100.85) 56(84) bytes of data.
64 bytes from 204.187.100.85: icmp_seq=1 ttl=58 time=24.2 ms
64 bytes from 204.187.100.85: icmp_seq=2 ttl=58 time=20.3 ms

I’m not sure what this this IP is. It could be my VPN, but I doubt.

It’s your configured VPN gateway.

I can’t open any websites with the VPN running on this server. Firefox tabs have both blue and grey circles constantly rotating, but never loading anything.

For some reason that VPN server is not giving you internet access apparently. Next time you connect, try restarting your browser and see if you can reach some well-known sites.

I also executed sudo rm -f /etc/resolv.conf and restarted NetworkManager. Made no difference to the VPN connection.

Okay, but at least NM will update this file with the appropriate name server(s) as required now.

When you are connected via VPN, check the configured name server(s)

grep name /etc/resolv.conf

dipensible2948 · April 20, 2017, 5:34pm

When I restarted the browser, the problem continued. Trying to ping via terminal gave me nothing:

jerry@linux-fi7p:~> ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=3.44 ms
64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=3.41 ms
64 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=1.65 ms
64 bytes from 192.168.2.1: icmp_seq=4 ttl=64 time=1.25 ms
64 bytes from 192.168.2.1: icmp_seq=5 ttl=64 time=1.27 ms
^C
--- 192.168.2.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 1.254/2.209/3.449/1.008 ms
jerry@linux-fi7p:~> ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.129.29.206 icmp_seq=1 Destination Host Unreachable
From 10.129.29.206 icmp_seq=2 Destination Host Unreachable
From 10.129.29.206 icmp_seq=3 Destination Host Unreachable
From 10.129.29.206 icmp_seq=4 Destination Host Unreachable
From 10.129.29.206 icmp_seq=5 Destination Host Unreachable
From 10.129.29.206 icmp_seq=6 Destination Host Unreachable
From 10.129.29.206 icmp_seq=7 Destination Host Unreachable
From 10.129.29.206 icmp_seq=8 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 0 received, +8 errors, 100% packet loss, time 8998ms
pipe 4
jerry@linux-fi7p:~> ping google.com
ping: unknown host google.com
jerry@linux-fi7p:~> ping www.google.com
ping: unknown host www.google.com

And the now the name server is my router. Is that supposed to happen?

jerry@linux-fi7p:~> grep name /etc/resolv.conf                                                                                        
nameserver 192.168.2.1

dipensible2948 · April 20, 2017, 5:39pm

I’m trying to think of solutions. When I imported .ovpn files from the vendor, I got errors. I think this is relevant section from post 10:

Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: **WARNING: file 'VPNCLIENT.key' is group or others accessible**
Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: **NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay**
Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: UDPv4 link local: [undef]
Apr 19 23:58:04 linux-fi7p nm-openvpn[8445]: **UDPv4 link remote: [AF_INET]184.75.209.101:443**
Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: **WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'**
Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: **WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1558'**
Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: **WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'**
Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: **[CyberGhost VPN Server Bucharest-S14-I02] Peer Connection Initiated with [AF_INET]184.75.209.101:443**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.129.0.1**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **TUN/TAP device tap0 opened**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: **/usr/lib/nm-openvpn-service-openvpn-helper --tap -- tap0 1500 1590 10.129.17.202 10.129.17.201 init**

dev-type, link-mtu and tun-mtu are improperly configured. Do you think the VPN’s .ovpn file is incorrectly configured?

Moreover, I don’t know how the first thing about configuring wireless networks, but I had to do it when I was installing openSUSE. Could I have badly configured wireless?

deano_ferrari · April 20, 2017, 11:01pm

Do you think the VPN’s .ovpn file is incorrectly configured?

Yes, that doesn’t look right to me. There is no VPN route pushed to you from the server. This might take communication from your (CyberGhost) VPN provider to help resolve. I would normally also expect to see their DNS servers present in your name server configuration when the VPN is active.

Moreover, I don’t know how the first thing about configuring wireless networks, but I had to do it when I was installing openSUSE. Could I have badly configured wireless?

No, that appears to be working fine.

deano_ferrari · April 20, 2017, 11:09pm

For informational/comparative purposes only, here’s an Ubuntu thread discussing a similar issue
https://ubuntuforums.org/showthread.php?t=1500159
and it was suggested that there was a mismatch with the server and client tunnel (tun/tap) interfaces. Communication with the VPN provider should be able to resolve this though.

dipensible2948 · April 21, 2017, 4:09am

Hi deano_ferrari, thanks for your help. I’ve sent an technical support request to my VPN. I hope they’ll respond promptly.

Can you think of any solution we can try while we wait for a response? Or should we just wait?

deano_ferrari · April 21, 2017, 4:48am

I think this is a VPN misconfiguration, so they are probably in the best position to assist further. Having said that, it would be useful to perhaps view your NetoworkManager VPN configuration located in the /etc/NetworkManager/system-connections/ directory. In particular, for OpenVPN it is possible to specifiy a number of options including the virtual interface. In the NetworkManager connection editor, this can be aset via ‘Advanced…’ > ‘Set virtual device type’ (tun or tap). Maybe changing that is worth a shot based on this NM warning about a mismatch…

 **WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'**

Other than that, I’m out of my league. I use PPTP VPN connectivity for my workplace access and don’t have direct experience with using OpenVPN.

deano_ferrari · April 21, 2017, 5:02am

FWIW, here’s a CyberGhost VPN How-to for Ubuntu-with-Network-ManagerIn particular, I note at step 4 it is mentioned (and what I was trying to articulate in my previous post)…

Possible Failure: On some systems even though a VPN connection is established successfully no pages can be loaded. If that’s the case with your configuration, please deactivate the TAP device:

Click on the network icon in your system tray

Click on ‘Network Connections’

Mark the VPN entry to be changed and click on ‘Edit’

Click down below on ‘Advanced’

Deactivate ‘Use a TAP device’

Click on ‘OK’ and ‘Save’

dipensible2948 · April 24, 2017, 12:38am

Yes, I’ve seen that page and configured the settings in Advanced Tab according to that page. But that page maybe out of date. Here are my settings for the Advanced Tab. I’m trying to get both TCP and UDP settings working, in the hope that one one protocol might work well for me.

Tab “General”:
Custom Gateway Port: 443
Customer Tunnel MTU: 1500 for UDP (Deactivate for TCP).
Custom UDP Fragment Size: 1300 for UDP (Deactivate for TCP).
Use Custom Renegotiation Interval: Deactivated for UDP and TCP connections.
Set Virtual Device Type (aka Use a TAP Device): Activated. (If no data connections can be established, please deactivate.)
Set Virtual Device Name:
Use LZO data compression: Activated for both UDP and TCP connections.
Use a TCP connection: Only activated if you have chosen an OpenVPN TCP connection while configuring your native VPN in your account management.
Restrict TCP Maximum Segment Size (MSS): Deactivated for both UDP and TCP.
Randomize Remote Hosts: Deactivated for both UDP and TCP.

Tab “Security”:
Cipher: AES-256-CBC (for both UDP and TCP connections).
HMAC Authentication: MD-5 (for both UDP and TCP connections).

These are old warnings I got:

**Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: WARNING: ‘dev-type’ is used inconsistently, local=‘dev-type tap’, remote=‘dev-type tun’
Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 1590’, remote=‘link-mtu 1558’
Apr 19 23:58:08 linux-fi7p nm-openvpn[8445]: **WARNING: ‘tun-mtu’ is used inconsistently, local=‘tun-mtu 1532’, remote=‘tun-mtu 1500’

Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)**
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Apr 19 23:58:11 linux-fi7p nm-openvpn[8445]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.129.0.1
**

If you look at that CyberGhost setup page, it only asks that I enable a TAP device. I think this is an out of date configuration because there are now two related settings. The new setting enables a virtual device, of which there are two, TAP and TUN. I don’t what those are, my experiments show that TAP seems to give me more trouble than TUN. TUN is also be unusuable at times.

I am now on a stable VPN connection. I ran sudo journalctl -fu NetworkManager and I before I connect, I get this BIG RED WARNING:

Apr 23 18:26:57 linux-fi7p NetworkManager[1015]: <error> [1492986417.497048] [platform/nm-linux-platform.c:2850] do_change_link(): platform-linux: do-change-link: failure changing link 5: No such device (31)

When I connect, these are logs that caught my eye:


Apr 23 18:29:35 linux-fi7p nm-openvpn[5387]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Apr 23 18:29:45 linux-fi7p nm-openvpn[5387]: /usr/lib/nm-openvpn-service-openvpn-helper --tun -- tun0 1500 1558 10.129.35.138 10.129.35.137 init

Should I experiment with changing the Custom Tunnel MTU and Custom UDP Fragment Size values?

deano_ferrari · April 24, 2017, 2:26am

dipensible2948:

Yes, I’ve seen that page and configured the settings in Advanced Tab according to that page. But that page maybe out of date. Here are my settings for the Advanced Tab. I’m trying to get both TCP and UDP settings working, in the hope that one one protocol might work well for me.
Tab “General”:
Custom Gateway Port: 443
Customer Tunnel MTU: 1500 for UDP (Deactivate for TCP).
Custom UDP Fragment Size: 1300 for UDP (Deactivate for TCP).
Use Custom Renegotiation Interval: Deactivated for UDP and TCP connections.
Set Virtual Device Type (aka Use a TAP Device): Activated. (If no data connections can be established, please deactivate.)
Set Virtual Device Name:
Use LZO data compression: Activated for both UDP and TCP connections.
Use a TCP connection: Only activated if you have chosen an OpenVPN TCP connection while configuring your native VPN in your account management.
Restrict TCP Maximum Segment Size (MSS): Deactivated for both UDP and TCP.
Randomize Remote Hosts: Deactivated for both UDP and TCP.

Tab “Security”:
Cipher: AES-256-CBC (for both UDP and TCP connections).
HMAC Authentication: MD-5 (for both UDP and TCP connections).
These are old warnings I got:

If you look at that CyberGhost setup page, it only asks that I enable a TAP device. I think this is an out of date configuration because there are now two related settings. The new setting enables a virtual device, of which there are two, TAP and TUN. I don’t what those are, my experiments show that TAP seems to give me more trouble than TUN. TUN is also be unusuable at times.

Well, all I know is that the server reports type TUN (from the logs you’ve posted). Therefore, it makes sense to match that tye at the client end IMHO.

I am now on a stable VPN connection. I ran sudo journalctl -fu NetworkManager and I before I connect, I get this BIG RED WARNING:

Apr 23 18:26:57 linux-fi7p NetworkManager[1015]: <error> [1492986417.497048] [platform/nm-linux-platform.c:2850] do_change_link(): platform-linux: do-change-link: failure changing link 5: No such device (31)

If its stable now, I wouldn’t play with the settings any more.

Should I experiment with changing the Custom Tunnel MTU and Custom UDP Fragment Size values?

They’re not going to impact on getting connected as such. That’s the size of packet payload before fragmentation occurs.