linux-app
linux-app copied to clipboard
ProtonVPN
Asks for OpenVPN credentials upon connection on Fedora 34
A system dialog appears every time I connect using the ProtonVPN app asking for my OpenVPN password. I don't believe this is the intended behavior, and makes connecting much more difficult.
Steps to reproduce
- On the command line
sudo dnf install https://protonvpn.com/download/protonvpn-stable-release-1.0.0-1.noarch.rpm -y
sudo dnf install protonvpn -y --refresh
protonvpn
- In the GUI
- Enter the KDE wallet password
- Login using your credentials
- Select any combination of Secure Core, Netshield, and Kill Switch options
- Click "Quick Connect"
Expected behavior
Connection proceeds without prompt
Actual behavior
Dialog appears asking for OpenVPN password for whichever server was selected. Entering the OpenVPN password from my ProtonVPN account page allows the connection to succeed.
Machine Info
OS Name=Fedora
Version=34 (KDE Plasma)
uname -a output=Linux nattie 5.11.17-300.fc34.x86_64 #1 SMP Wed Apr 28 14:21:28 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Hey @MillironX
Thank you for your great report. This is indeed not a desired behavior. My suspicion is that the kwallet needs to be tweaked. Could you please try the following:
- Got to https://account.protonvpn.com/downloads
- Download .ovpn file of your choice (that is compatible with your plan)
- Import it via NM Plasma
- Set the password to "Store only for this user"
- Enable the VPN connection
After completing step 5, please provide some feedback. I suspect that you'll also be prompted for openvpn password, but I would need confirmation on that.
@calexandru2018
I followed your steps with one exception: between steps 4 and 5 I had to copy my openvpn username and password into NM Plasma before enabling the connection, or else it would time out. I have not been prompted for the openvpn password with this method, even after logging out and back in.
Hey @MillironX
Thank you for the reply. Indeed the credentials need to be provided otherwise the VPN won't work.
From what I've understood, you've installed Fedora 34 and then on top of it installed KDE Plasma, or did you install the KDE Plasma version of Fedora ?
Hey @MillironX
I've tried to recreate this on Fed32 KDE but I was not able to recreate this issue. Could you please reach out to our support at: https://protonvpn.com/support-form
@calexandru2018
Already reached out to support, and their answer was (in so many words): "Fedora 34 isn't our problem."
I suspect that this issue is peculiar to Fedora 34+ (hence why Fedora 32 couldn't reproduce), as there are pretty significant changes to Python in 34 compared to 33.
The OpenVPN protocols are a very livable workaround for the time being, but I would like to see this fixed in the long term, especially since RHEL 9 is supposed to use Fedora 34 as its direct upstream.
Hey @MillironX
That is odd. I've now tested on a fresh version of KDE Fedora 34 and am not experiencing this issue. I think this has to do with KWallet limitations tbh. Please check the following. What I want to know at this point is:
- Do you use of autologin feature ? If yes, then this can be once cause.
- Do you have multiple wallets in KWallet Manager App ? If so, then that can be a cause (as per the docs you should have only one wallet, called kdewallet and of blowfish encryption)
- Is Close when last application stops using it disabled in KWallet ?
@calexandru2018
- I have never enabled an autologin feature. My wallet password was blank, which seems similar to the link you provided, though.
- No, just one wallet named
kdewalletwith blowfish encryption - Yes
This brings up a couple of new items I'd like to try, but I won't get to them until after this weekend.
@MillironX if it still does not work, I would advise you to contact our support team. From last week (22nd June) we started to officially support a wide range of distros, including Fedora 34 (that was not the case before though).
This issue also appears on the Arch AUR build as of version 1.0.1
Interestingly, this only happens on my PC where I haven't stored the OVPN login in my network manager manually. On my other PC it asks for my OVPN credential for each connection.
Same behavior on Fedora 35 (KDE Plasma/X11) (Linux xxx 5.15.16-200.fc35.x86_64 #1 SMP Thu Jan 20 15:38:18 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux)
I'm using gnome-keyring, not kwallet, with gnome-keyring daemon running.
Installed as per https://protonvpn.com/support/official-linux-vpn-fedora/ Got behavior as @MillironX described above. Uninstalled. Deleted all protonvpn keys from gnome-keyring (via Seahorse). Re-installed, same issue. Same results whether using "protonvpn" or "protonvpn-cli".
FWIW I had an old install of protonvpn on this machine (Jan. 2021, Fedora 33), but went through the uninstall steps. I assume uninstalling and removing any gnome-keyring keys would clear out the old cruft.
I'm not sure if this is relevant, but I get an error about kwallet not being available immediately upon start: $ protonvpn ERROR:dbus.proxies:Introspect error on :1.212:/modules/kwalletd5: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Remote peer disconnected ERROR:protonvpn:Unable to select keyring.backends.kwallet.DBusKeyring (priority: 5.1) backend Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/keyring/backends/kwallet.py", line 99, in connected self.handle = self.iface.open(self.iface.networkWallet(), wId, self.appid) File "/usr/lib64/python3.10/site-packages/dbus/proxies.py", line 72, in call return self._proxy_method(*args, **keywords) File "/usr/lib64/python3.10/site-packages/dbus/proxies.py", line 141, in call return self._connection.call_blocking(self._named_service, File "/usr/lib64/python3.10/site-packages/dbus/connection.py", line 652, in call_blocking reply_message = self.send_message_with_reply_and_block( dbus.exceptions.DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name is not activatable
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/protonvpn_nm_lib/core/keyring/linuxkeyring.py", line 121, in _ensure_backend_is_working self.__keyring_backend.get_password( File "/usr/lib/python3.10/site-packages/keyring/backends/kwallet.py", line 110, in get_password if not self.connected(service): File "/usr/lib/python3.10/site-packages/keyring/backends/kwallet.py", line 101, in connected raise InitError('Failed to open keyring: %s.' % e) keyring.errors.InitError: Failed to open keyring: org.freedesktop.DBus.Error.ServiceUnknown: The name is not activatable.
Is there some snafu related to python keyring assuming kwallet is available since the DE is KDE?
Thanks, @apmangan, for reminding me: I also had an old protonvpn install (don't know version) that I had "completely" removed before performing the steps to reproduce. I don't remember the exact procedure, but it involved at least
sudo dnf remove '*proton*' -y- Deleting the KDE wallet
rm -rf ~/.{config,cache}/protonvpn
I then had an issue with my Nvidia driver, and wound up reinstalling my OS. My home directory is located on a separate partition from the rest of my OS, so no home directory files were modified, but I was no longer able to reproduce this bug after that. That suggests to me that a file outside of the home directory was modified by the old protonvpn install and creates this bug.
Thanks for the tips. I followed your 3 steps as above; changing step 2 to remove the gnome-keyring keys instead of kwallet. Same prompt for credentials after re-installing.
Surprised to see this, and other related issues are still open. I am using Arch Linux + Protonvpn GUI. After reading #67, and some trial and error, I found an workaround for avoiding the openvpn credential request: I started nm-applet (belongs to network-manager-applet). These are the software versions currently installed on my computer:
- protonvpn-gui 1.12.0
- kde plasma 5.26.4
- qt 5.15.7
- kernel 6.0.8
- wayland 1.21.0
- network-manager-applet 1.30.0
I hope, it might be helpful.
