OpenVPN does not connect via network manager plugin

Question

I am trying to connect to my OpenVPN server via the network manager plugin (network-manager-openvpn), after importing the ovpn config file. However, I receive a time-out error:

$ grep VPN /var/log/syslog
Oct  1 11:56:05 packer NetworkManager[997]: <info> Starting VPN service 'openvpn'...
Oct  1 11:56:05 packer NetworkManager[997]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 4700
Oct  1 11:56:05 packer NetworkManager[997]: <info> VPN service 'openvpn' appeared; activating connections
Oct  1 11:56:05 packer NetworkManager[997]: <info> VPN plugin state changed: starting (3)
Oct  1 11:56:05 packer NetworkManager[997]: <info> VPN connection 'vpnt' (Connect) reply received.
Oct  1 11:56:05 packer nm-openvpn[4703]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Oct  1 11:56:46 packer NetworkManager[997]: <warn> VPN connection 'vpnt' (IP Config Get) timeout exceeded.
Oct  1 11:56:51 packer NetworkManager[997]: <info> VPN service 'openvpn' disappeared

connecting via the console

sudo openvpn --config .openvpn/vpnt.ovpn

works perfectly well.

I have no idea what I am missing -- and grateful for any ideas. :)

Possible duplicate of Unable to connect to VPN using gnome-network-manager — don.joey, Jan 26 '17 at 09:52

score 3 · Accepted Answer · answered Jun 09 '20 at 01:12

I know this post is old, but I'm leaving this in case anyone's having same issue with me.

I was having same issue with the OP (can connect via command line but cant connect using network manager), and I noticed that the config was not loading TLS key correctly. I fixed this issue by storing the TLS-Crypt static key separately.

Create a file with static key. The key is in .ovpn file and it starts with < tls-crypt > and ends with < /tls-crypt >.
Tell network manager where to find the key by setting in VPN(openvpn) - Advanced - TLS Settings - Mode to TLC-Crypt.
Set Key file to the file you just created.

I havent tested it myself, but you can probably do the same with TLS-Auth.

your hack with TLS-Auth works for my case. i had to also specify a key file and the key direction — whitepixel, Jan 15 '23 at 10:00

score 1 · Answer 2 · answered Aug 14 '21 at 07:12

One year later ...

I was having problems with an OpenVPN connection exported from PfSense. It was working fine on the command line but not from NetworkManager. As it turns out the TLS authentication was, indeed, the problem. In my case, after importing the connection i had to manually set the key direction to 1 inside advanced settings dialog. I leave this here in case someone else gets the same problem (or if I ever forget and google it some time later :J).

score 0 · Answer 3 · answered Apr 29 '22 at 15:07

Bogdan Tomasciuc's solution worked for me too: I was getting the message "Failed to get secrets for..." and I could not work this out. In Network Manager (on kubuntu), under Advanced, TLS Settings, the Key Direction must be set to "Client (1)".

In my .ovpn import file I do see the line key-direction 1 just under the tls-auth key that is embedded in the file, but that doesn't seem to have been imported correctly.

score 0 · Answer 4 · answered Mar 12 '23 at 11:14

In my case, there was an (effectively) dummy line in the .ovpn file with only the port and no remote address like

remote  1234 tcp-client

instead of like this, a handful of which came right after the above

remote 22.222.22.222 1234 tcp-client

This is most likely a buggy configuration/generation issue. Somehow OpenVPN could ignore this line and move ahead to the other lines. Apparently the nm-openvpn plugin did not ignore it similarly. Commenting the offending line made it work.

OpenVPN does not connect via network manager plugin

4 Answers4