cosmic-settings
cosmic-settings copied to clipboard
pop-os
OpenVPN Configurations Import Successfully but won't Connect
I can import my OpenVPN connections without any problems. After importing, I click the three dots, go to Settings, enter my username and password, and then click Save. When I hit Connect, it shows "Connected" for a few seconds before reverting to "Connect."
This works fine on PopOS 22.04, but I've installed the new Cosmic Alpha 2 (With Updates as of today) version on all three of my computers, and they all exhibit the same issue. The VPN configurations are downloaded using the configuration download button on my UniFi Ubiquiti sites.
Is this a known bug? I haven’t found any reports from others experiencing similar issues.
Here is logs produced in /var/log/syslog when I atempt to connect:
2024-10-10T18:39:06.987914-04:00 node25 NetworkManager[1168]: <info> [1728599946.9875] agent-manager: agent[ebe3e70504de37fa,:1.171/nmcli-connect/1000]: agent registered
2024-10-10T18:39:06.991480-04:00 node25 NetworkManager[1168]: <info> [1728599946.9913] vpn[0x56342c17b1b0,065b6647-8846-4049-998a-1e27a6ee5d5c,"HilltopVPN"]: starting openvpn
2024-10-10T18:39:06.991993-04:00 node25 NetworkManager[1168]: <info> [1728599946.9919] audit: op="connection-activate" uuid="065b6647-8846-4049-998a-1e27a6ee5d5c" name="HilltopVPN" pid=7247 uid=1000 result="success"
2024-10-10T18:39:06.993693-04:00 node25 dbus-broker[1167]: A security policy denied :1.136 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2024-10-10T18:39:06.997525-04:00 node25 dbus-broker[1167]: A security policy denied :1.136 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2024-10-10T18:39:06.997582-04:00 node25 dbus-broker[1167]: A security policy denied :1.85 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2024-10-10T18:39:07.042639-04:00 node25 cosmic-panel[1967]: com.system76.CosmicAppletPower: Warning: password for 'vpn.secrets.password' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
2024-10-10T18:39:07.042726-04:00 node25 NetworkManager[1168]: <warn> [1728599947.0427] vpn[0x56342c17b1b0,065b6647-8846-4049-998a-1e27a6ee5d5c,"HilltopVPN"]: secrets: failed to request VPN secrets #3: No agents were available for this request.
2024-10-10T18:39:07.043071-04:00 node25 cosmic-panel[1967]: com.system76.CosmicAppletPower: Error: Connection activation failed: No valid secrets
2024-10-10T18:39:07.043087-04:00 node25 cosmic-panel[1967]: com.system76.CosmicAppletPower: Hint: use 'journalctl -xe NM_CONNECTION=065b6647-8846-4049-998a-1e27a6ee5d5c + NM_DEVICE=enp2s0' to get more details.
2024-10-10T18:39:07.052815-04:00 node25 cosmic-panel[1967]: com.system76.CosmicAppletPower: #033[31mERROR#033[0m #033[1;31mwhy#033[0m#033[31m: "failed to connect to VPN: status is unknown: exit status: 4"#033[0m
2024-10-10T18:39:07.052873-04:00 node25 cosmic-panel[1967]: com.system76.CosmicAppletPower: #033[2;3mat#033[0m cosmic-settings/src/pages/networking/vpn/mod.rs:495 #033[2;3mon#033[0m main
2024-10-10T18:39:07.052909-04:00 node25 cosmic-panel[1967]: com.system76.CosmicAppletPower: #033[2;3min#033[0m #033[1mvpn::update#033[0m
2024-10-10T18:39:07.052947-04:00 node25 cosmic-panel[1967]: com.system76.CosmicAppletPower:
2024-10-10T18:39:07.996407-04:00 node25 dbus-broker[1167]: A security policy denied :1.136 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2024-10-10T18:39:07.998001-04:00 node25 dbus-broker[1167]: A security policy denied :1.136 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2024-10-10T18:39:08.029737-04:00 node25 dbus-broker[1167]: A security policy denied :1.85 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
It almost seems like its not saving my password or even prompting me when its required, it does save my username I enter
You should be getting a dialog from within cosmic-settings asking for the username and password. It will reprompt if the connection fails. Make sure you have network-manager-openvpn installed. Also make sure all system updates are installed.
So yes it looks like its deff not saving the password:
Here is me trying to connect via shell using nmcli
johnny@node25:~$ nmcli connection up HilltopVPN
You need to authenticate to access the Virtual Private Network “HilltopVPN”.
Warning: password for 'vpn.secrets.password' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
Hint: use 'journalctl -xe NM_CONNECTION=065b6647-8846-4049-998a-1e27a6ee5d5c + NM_DEVICE=enp2s0' to get more details.
You should be getting a dialog from within cosmic-settings asking for the username and password. It will reprompt if the connection fails. Make sure you have network-manager-openvpn installed. Also make sure all system updates are installed.
@mmstick Your right thats what I thought, but for some reason cosmic is not prompting me
I also have network-manager-openvpn installed
johnny@node25:~$ sudo apt install network-manager-openvpn
[sudo] password for johnny:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
network-manager-openvpn is already the newest version (1.10.2-4build2).
network-manager-openvpn set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
When I put my password in via shell, it keeps stating password required
Also this is strange when I attempt to connect via the shell with --ask. The UI is showing connected even though I didnt put my password in. Which I can verify Im not connected as the IP is still my public
okay this looks like it may not be a problem with Cosmic itself Im able to import ovpn files and connect no problem with PopOS 22.04 as its based off Ubuntu 22.04 However I tried Importing the same VPN Files into and have failed to connect Ubuntu 24.04 Mint 22 (Which is based on 24.04) Cosmic Alpha 2 (Which is based on 24.04)
PopOS 22.04 OpenVPN
Cosmic Epoch 1 Alpha 2
Its possible it may have to do with the OpenVPN Version and the ovpn config file Unifi Application Controller Produces
So I spun up Ubuntu 24.10
I was able to import the ovpn config and connect just fine
It looks like Ubuntu 24.10 is using the same OpenVPN client version as 24.04
I'm running into the same issue on Cosmic Alpha 5 where I can't connect to my OpenVPN connection that had previously worked on 22.04. Interestingly enough I installed gnome on top of alpha 5 and the same connection works just fine. There's something in Cosmic that doesn't allow it to connect to the gnome keychain or something of the sort. It also doesn't prompt me to authenticate when attempting to connect.
This is the output from nmcli when I attempt to connect:
nmcli con up id "Home"
You need to authenticate to access the Virtual Private Network “Home”.
Warning: password for 'vpn.secrets.password' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
Hint: use 'journalctl -xe NM_CONNECTION=d333e5fd-c563-4a20-a0af-e0d30d24acad + NM_DEVICE=wlp0s20f3' to get more details.
And here's the syslog output when I attempt to connect:
2025-02-06T14:34:09.537630-05:00 localhost NetworkManager[1409]: <info> [1738870449.5372] agent-manager: agent[3dcbe8300f6d9192,:1.395/nmcli-connect/1000]: agent registered
2025-02-06T14:34:09.538771-05:00 localhost NetworkManager[1409]: <info> [1738870449.5387] vpn[0x58fedbb872a0,d333e5fd-c563-4a20-a0af-e0d30d24acad,"Home"]: starting openvpn
2025-02-06T14:34:09.538947-05:00 localhost NetworkManager[1409]: <info> [1738870449.5388] audit: op="connection-activate" uuid="d333e5fd-c563-4a20-a0af-e0d30d24acad" name="Home" pid=603120 uid=1000 result="success"
2025-02-06T14:34:09.542105-05:00 localhost dbus-broker[1408]: A security policy denied :1.207 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2025-02-06T14:34:09.542201-05:00 localhost dbus-broker[1408]: A security policy denied :1.206 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2025-02-06T14:34:09.576187-05:00 localhost NetworkManager[1409]: <warn> [1738870449.5761] vpn[0x58fedbb872a0,d333e5fd-c563-4a20-a0af-e0d30d24acad,"Home"]: secrets: failed to request VPN secrets #3: No agents were available for this request.
2025-02-06T14:34:10.587016-05:00 localhost dbus-broker[1408]: A security policy denied :1.207 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2025-02-06T14:34:10.588323-05:00 localhost dbus-broker[1408]: A security policy denied :1.206 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
I'm seeing something very similar with a IPSec/L2TP VPN connection. The IPSec tunnel succeeds but the PPP connection fails with the similar 'security policy denied' error, such as below. This happens with the UI, or with nmcli
sudo nmcli con up LAB --ask
A security policy denied :1.142 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
Yeah still seeing the same thing for OpenVPN still. I work for an MSP and have so many clients I need to connect into via VPN and it just makes Cosmic unusable for me. I did the same thing and just installed Gnome on top of Cosmic and use this mainly but occasionally switch to Cosmic to see if it got fixed yet. Its really the only major blocker for me from using Cosmic.
I'm having the same issue with release Alpha 6 of PopOS 24.04 COSMIC DE I put the password but it is ignoring it, and I'm getting
Warning: password for 'vpn.secrets.password' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
I am having the same issue. If i use GNOME it works flawlessly on the same PC. definitely something with COSMIC
I am having the same issue.
Warning: password for 'vpn.secrets.password' not given in 'passwd-file' and nmcli cannot ask without '--ask' option. Error: Connection activation failed: No valid secrets
This is with OpenVPN.
If I set the server (running on pfSense) to use Remote Access SSL/TLS it connects. But if I set the server to also require the username and password Remote Access SSL/TLS + User Auth it gives the above error.
Checking back here , looks like they made progress on this a few weeks ago. I now get a prompt for a username and password but once entered it keeps looping back to Failed to connect to VPN This is deff the biggest gripe with Cosmic as this is how we do business, understanding its still alpha but I thought something as important as this would be fixed by now. This is the only major holdup for me as I work in an MSP and openVPNs are everywhere with all our clients.
It would be helpful to just to be acknowledged and that they are working on it, which would put my mind and im sure many others at ease.
@johnnyq to help put your mind at ease, this is actively tracked and in queue for the upcoming beta release.
@johnnyq I've been unable to recreate the issue when testing with a few imported configs, would you mind sharing the logs from the error message when you get a chance? Additionally, do you see the password that you entered when you runnmcli -s -g vpn.secrets connection show {YOUR_VPN}?
Yes I do see my password when I enter nmcli -s -g vpn.secrets connection show HilltopVPN
Its seems to only be a problem with ubiquiti vpn exports for the unifi controller, however they work flawless with gnome.
Here my log from /var/log/dmesg:
2025-07-12T15:20:41.018167-04:00 theLexx systemd[1]: Reloading finished in 119 ms.
2025-07-12T15:20:41.052511-04:00 theLexx NetworkManager[1208]: <info> [1752348041.0523] audit: op="connection-update" uuid="7f223fc0-c162-412d-a34d-f6f3af9dc1c0" name="HilltopVPN" pid=34356 uid=1000 result="success"
2025-07-12T15:20:41.179615-04:00 theLexx systemd[1]: Reloading requested from client PID 34470 ('systemctl') (unit NetworkManager.service)...
2025-07-12T15:20:41.179689-04:00 theLexx systemd[1]: Reloading...
2025-07-12T15:20:41.309060-04:00 theLexx systemd[1]: Reloading finished in 129 ms.
2025-07-12T15:20:41.346687-04:00 theLexx NetworkManager[1208]: <info> [1752348041.3465] audit: op="connection-update" uuid="7f223fc0-c162-412d-a34d-f6f3af9dc1c0" name="HilltopVPN" args="vpn.secrets" pid=34460 uid=1000 result="success"
2025-07-12T15:20:41.362645-04:00 theLexx NetworkManager[1208]: <info> [1752348041.3625] agent-manager: agent[fd7315ca7cf40944,:1.604/nmcli-connect/1000]: agent registered
2025-07-12T15:20:41.364252-04:00 theLexx NetworkManager[1208]: <info> [1752348041.3642] vpn[0x5ddf366272c0,7f223fc0-c162-412d-a34d-f6f3af9dc1c0,"HilltopVPN"]: starting openvpn
2025-07-12T15:20:41.364551-04:00 theLexx NetworkManager[1208]: <info> [1752348041.3644] audit: op="connection-activate" uuid="7f223fc0-c162-412d-a34d-f6f3af9dc1c0" name="HilltopVPN" pid=34564 uid=1000 result="success"
2025-07-12T15:20:41.365633-04:00 theLexx dbus-broker[1207]: A security policy denied :1.597 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2025-07-12T15:20:41.368031-04:00 theLexx dbus-broker[1207]: A security policy denied :1.597 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2025-07-12T15:20:41.368103-04:00 theLexx dbus-broker[1207]: A security policy denied :1.89 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2025-07-12T15:20:41.368146-04:00 theLexx dbus-broker[1207]: A security policy denied :1.117 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2025-07-12T15:20:41.381202-04:00 theLexx NetworkManager[34583]: 2025-07-12 15:20:41 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2025-07-12T15:20:41.381856-04:00 theLexx nm-openvpn[34583]: OpenVPN 2.6.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2025-07-12T15:20:41.381901-04:00 theLexx nm-openvpn[34583]: library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10
2025-07-12T15:20:41.381922-04:00 theLexx nm-openvpn[34583]: DCO version: N/A
2025-07-12T15:20:41.581986-04:00 theLexx nm-openvpn[34583]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-07-12T15:20:41.584902-04:00 theLexx nm-openvpn[34583]: TCP/UDP: Preserving recently used remote address: [AF_INET]74.98.233.7:1194
2025-07-12T15:20:41.584973-04:00 theLexx nm-openvpn[34583]: Attempting to establish TCP connection with [AF_INET]74.98.233.7:1194
2025-07-12T15:20:41.590409-04:00 theLexx nm-openvpn[34583]: TCP connection established with [AF_INET]74.98.233.7:1194
2025-07-12T15:20:41.590531-04:00 theLexx nm-openvpn[34583]: TCPv4_CLIENT link local: (not bound)
2025-07-12T15:20:41.590563-04:00 theLexx nm-openvpn[34583]: TCPv4_CLIENT link remote: [AF_INET]74.98.233.7:1194
2025-07-12T15:20:41.590611-04:00 theLexx nm-openvpn[34583]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2025-07-12T15:20:42.649699-04:00 theLexx nm-openvpn[34583]: [UniFi_OpenVPN_Server] Peer Connection Initiated with [AF_INET]74.98.233.7:1194
2025-07-12T15:20:43.586541-04:00 theLexx wpa_supplicant[1258]: wlp9s0f0: Reject scan trigger since one is already pending
2025-07-12T15:20:43.800952-04:00 theLexx nm-openvpn[34583]: AUTH: Received control message: AUTH_FAILED
2025-07-12T15:20:43.801082-04:00 theLexx nm-openvpn[34583]: SIGUSR1[soft,auth-failure] received, process restarting
2025-07-12T15:20:44.822536-04:00 theLexx NetworkManager[1208]: <warn> [1752348044.8222] vpn[0x5ddf366272c0,7f223fc0-c162-412d-a34d-f6f3af9dc1c0,"HilltopVPN"]: secrets: failed to request VPN secrets #4: No agents were available for this request.
2025-07-12T15:20:44.823760-04:00 theLexx nm-openvpn[34583]: ERROR: could not read Auth username/password/ok/string from management interface
2025-07-12T15:20:44.823889-04:00 theLexx nm-openvpn[34583]: Exiting due to fatal error
2025-07-12T15:20:44.824346-04:00 theLexx dbus-broker[1207]: A security policy denied :1.597 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2025-07-12T15:20:44.825082-04:00 theLexx dbus-broker[1207]: A security policy denied :1.597 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2025-07-12T15:20:44.825242-04:00 theLexx dbus-broker[1207]: A security policy denied :1.117 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
2025-07-12T15:20:44.825605-04:00 theLexx dbus-broker[1207]: A security policy denied :1.89 to send method call /org/freedesktop/NetworkManager/Settings:org.freedesktop.NetworkManager.Settings.LoadConnections to org.freedesktop.NetworkManager.
Since we're having trouble re-creating this and the logs aren't very helpful, we purchased a Ubiquiti Networks Cloud Gateway Ultra. Hopefully that helps us get to the bottom of why the ubiquity VPN export isn't working in COSMIC.
@WatchMkr Wow thank you! So it appears to be Ubiquiti's ovpn config file is the issue then
Also if this is of any help here is the .ovpn file Ubiquiti produces ( I redacted private info)
client
dev tun
proto tcp
remote vpn.REDACTED.com 1194
resolv-retry infinite
nobind
# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup
persist-key
persist-tun
auth-user-pass
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
auth SHA1
key-direction 1
reneg-sec 0
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
REDACTED
-----END OpenVPN Static key V1-----
</tls-auth>
<cert>
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
REDACTED
-----END PRIVATE KEY-----
</key>