My ProtonVPN connection keeps breaking. I'm using Ubuntu 18.04. ProtonVPN informs me that the issue is with Ubuntu, they won't help me fix it, and that I should post here. This is a cross-post of this Unix SE question.
Right now, in the broken state, the two ProtonVPN device profiles proton0 and ipv6leakintrf0 are listed as "unmanaged" and "disconnected", respectively, by nmcli:
$ nmcli d
DEVICE TYPE STATE CONNECTION
wlp3s0 wifi connected WifiAP
ipv6leakintrf0 dummy disconnected --
enp2s0 ethernet unavailable --
lo loopback unmanaged --
proton0 tun unmanaged --
ProtonVPN support has not been able to resolve the issue after working on it for nearly two months, but they did inform me they don't support unmanaged connections. So, I'm struggling on my own to make both proton0 and ipv6leakintrf0 be "managed".
From what I can piece together from the NetworkManager configuration documentation, NetworkManager configures devices from the following sources, in order:
- /usr/lib/NetworkManager/conf.d/
- /run/NetworkManager/conf.d/
- /etc/NetworkManager/conf.d/
- /etc/NetworkManager.conf
- /var/lib/NetworkManager/NetworkManager-intern.conf
Within the three directories, files are parsed in their listed order. On my system, the file /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf exists and contains the following directive:
[keyfile]
unmanaged-devices=*,except:type:wifi,except:type:wwan
This appears to set all non-wifi and non-wan network devices to "unmanaged", which would explain why proton0 and probably ipv6leakintrf0 are unmanaged. However, given how poorly-designed the NetworkManager UX is, there's no way for me to be certain that subsequent configuration I don't understand isn't overriding this directive.
I searched the above configuration list for another unmanaged-devices directive and found none, so I can only assume the one in 10-globally-managed-devices.conf is the only one. In that case, it seems like I could correct the problem and make proton0 a managed device by creating a file /usr/lib/NetworkManager/conf.d/80-proton-vpn.conf with the following contents:
[device]
match-device=interface-name:proton0
managed=true
[device]
match-device=interface-name:ipv6leakintrf0
managed=true
where I've pieced the syntax together as best I can from the poor documentation linked above. I restarted network-manager. ProtonVPN worked for several days before breaking again, giving the $ nmcli d output shown above that indicates proton0 (and probably ipv6leakintrf0) are still unmanaged, despite my best efforts at changing the config.
This AskUbuntu answer indicates that the listing of a device in /etc/network/interfaces will cause it to be unmanaged by NetworkManager. In my case that does not apply, the only contents of that file are
$ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
I've also tried explicitly excepting the ProtonVPN devices in 10-globally-managed-devices.conf as suggested by a comment on the Unix SE post I linked above:
[keyfile]
unmanaged-devices=*,except:type:wifi,except:type:wwan,except:interface-name:proton*,except:interface-name:ipv6leakintrf*
After restarting network-manager, this config made no change in the problem.
What else do I have to do to make these device profiles be managed by NetworkManager?
Edit
For the question "How do I set a network device to be managed?", the answer to start with is:
"Run the command
$ nmcli device set <name> managed yes
where <name> is the relevant entry under the DEVICE column of the output of $ nmcli d."
I've been working on this problem for such a soul-drainingly long time that I forgot to include the results of doing this. Here they are:
When I run
$ nmcli device set proton0 managed yes
it does not affect 'proton0' in any way. The output of $ nmcli d continues to show 'proton0' as "disconnected" (because I can't connect), and the output of $ nmcli device show continues to show 'proton0' as having GENERAL.STATE: 10 (unmanaged).
'ipv6leakintrf0' has appeared and disappeared throughout the troubleshooting process. I don't know why, but ProtonVPN support didn't find it noteworthy, so I assume it's expected. When it exists, running
$ nmcli device set ipv6leakintrf0 managed yes
has no effect. The output of $ nmcli d continues to show it as "unmanaged". When it doesn't exist, running the $ nmcli device set command returns the error Error: Device 'ipv6leakintrf0' not found., which seems normal. It currently does not exist.
extra info
Here is the 'proton0' portion of the output of $ nmcli device show:
GENERAL.DEVICE: proton0
GENERAL.TYPE: tun
GENERAL.HWADDR: (unknown)
GENERAL.MTU: 1500
GENERAL.STATE: 10 (unmanaged)
GENERAL.MTU: 1500
GENERAL.STATE: 20 (unavailable)
GENERAL.CONNECTION: --
GENERAL.CON-PATH: --
WIRED-PROPERTIES.CARRIER: off
10-globally-managed.devices.confand/etc/network/interfaces, so I doubt that this is the problem. I assume you went through log files and disabling any additional functions like Killswitch, Netshield, Split Tunneling with Proton support already? Have you tried downloading their *.ovpn config files and loading those directly with openvpn? – Sebastian Aug 24 '21 at 12:2110-globally-managed-devices.conf, try using my version, post if you see anything worth reporting./run/NetworkManager/devices/...files, post if you see anything worth reporting.nmcli device set..., post if you see anything worth reporting.And I added a 5th action. If you have further doubts, please comment.
– sancho.s ReinstateMonicaCellio Sep 01 '21 at 18:45There is no relevant difference between your
10-globally-managed-devices.confand mine.Instead of files called
18and19, I have files with different numbers in the/run/NetworkManager/devices/directory. That's not unexpected, since I imagine they're named randomly on each system. What I need is a way to determine which ones are related to ProtonVPN. Since my VPN doesn't work, I can't compare files between the connected and disconnected states like you can. Lacking any other method, I don't know what I'm comparing, so this is a dead end.$ nmcli device showis over 160 lines, and I'm certain most of those are not relevant. Including this would add a massive amount of clutter to the page and risk accidentally posting sensitive information, since the output is largely gibberish to me and I don't know what information it represents.nmcli device set ...line was intended to be a terminal command rather than a line of configuration inNetworkManager.conf. Thank you for the explanation you added, it was extremely helpful in communicating what you wanted me to do.$ nmcli dshows that the 'proton0' device profile remains "disconnected", while the 'ipv6leakintrf0' remains "unmanaged" or else doesn't exist (it seems to come and go). I tried them again just now and got the same result./etc/udev/rules.d/that would relate to ProtonVPN or VPNs in general, only to my printer and tosnap./run/NetworkManager/devices/: "What I need is a way to determine which ones are related to ProtonVPN"... check modification times, as mentioned in my answer. They seem to correlate with connecting/disconnecting ProtonVPN.I don't know if this is true in your system.
– sancho.s ReinstateMonicaCellio Sep 03 '21 at 16:37$ nmcli device show:As mentioned above, this is one of the cases where I am not certain what information is valuable, until I don't see it. You can post whatever you consider (and this could be nothing, but if so it is good to state this clearly) a good balance between privacy, brevity (there is always pastebin), and expectation that it might be useful in the process of solving your problem.
– sancho.s ReinstateMonicaCellio Sep 03 '21 at 16:45As a general rule, expecting that people answering are all Ubutnu gurus that will hit the nail in the head in the first hammering is not realistic, AFAICT.
– sancho.s ReinstateMonicaCellio Sep 03 '21 at 16:49And I regret you didn't solve your issue. If I find anything else, considering your added information, I would post again. Still, no warranties on having all details and precision you seem to expect.
– sancho.s ReinstateMonicaCellio Sep 03 '21 at 16:52