linux-cli
linux-cli copied to clipboard
ProtonVPN
User has no permission to perform this operation
I have managed to trigger this error by:
- Connecting with
protonvpn-cli c --sc - Enabling killswitch
protonvpn-cli ks --permanent - Disconnecting
protonvpn-cli d - Trying to connect
protonvpn-cli c --sc
Which produced following error message:
Setting up ProtonVPN.
Connecting to ProtonVPN on CH-DE#1 with UDP.
ERROR:dbus.connection:Exception in handler for D-Bus signal:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/dbus/connection.py", line 232, in maybe_handle_message
self._handler(*args, **kwargs)
File "/usr/lib/python3.9/site-packages/protonvpn_nm_lib/core/connection_backend/nm_client/monitor_vpn_connection_start.py", line 54, in on_vpn_state_changed
env.killswitch.manage(
File "/usr/lib/python3.9/site-packages/protonvpn_nm_lib/core/killswitch/killswitch.py", line 87, in manage
actions_dict = {
File "/usr/lib/python3.9/site-packages/protonvpn_nm_lib/core/killswitch/killswitch.py", line 194, in setup_post_connection_ks
self.activate_connection(self.ks_conn_name)
File "/usr/lib/python3.9/site-packages/protonvpn_nm_lib/core/killswitch/killswitch.py", line 337, in activate_connection
conn_dict = self.dbus_wrapper.search_for_connection( # noqa
File "/usr/lib/python3.9/site-packages/protonvpn_nm_lib/core/dbus/dbus_wrapper.py", line 49, in search_for_connection
all_connection_properties = self.get_all_conn_settings(
File "/usr/lib/python3.9/site-packages/protonvpn_nm_lib/core/dbus/dbus_wrapper.py", line 391, in get_all_conn_settings
return iface.GetSettings()
File "/usr/lib/python3.9/site-packages/dbus/proxies.py", line 72, in __call__
return self._proxy_method(*args, **keywords)
File "/usr/lib/python3.9/site-packages/dbus/proxies.py", line 141, in __call__
return self._connection.call_blocking(self._named_service,
File "/usr/lib/python3.9/site-packages/dbus/connection.py", line 652, in call_blocking
reply_message = self.send_message_with_reply_and_block(
dbus.exceptions.DBusException: org.freedesktop.NetworkManager.Settings.PermissionDenied: uid 1000 has no permission to perform this operation
I'm running Manjaro and have installed protonvpn through the AUR package https://aur.archlinux.org/packages/protonvpn/ Perhaps this is an issue on my side, does the user need to be in a certain group to have access to NetworkManager? Or should protonvpn-cli be run as root? (Though, as I understood it, the idea was that it doesn't need root anymore)
Hey @DasCapschen
Is this the first time that you use the CLI ? Has this issue happened before ?
Hey @calexandru2018,
Yes, this is my first time using the new protonvpn-cli. I had previously used the community cli https://github.com/ProtonVPN/linux-cli-community without any problems (and have for the time being switched back to it).
I uninstalled the old community cli before installing this new packge to prevent any conflicts.
I have since also tried installing it on my OpenSuse machine (which leads to a whole other set of problems too), and had a similar issue there Unable to add IPv6 leak protection interface. Which I found out was also a permission error. I solved this by adding a polkit rule to allow all org.freedesktop.NetworkManager.* actions for my user.
So perhaps the issue I have reported here is similar. I have not yet had time to check for this on my Manjaro system unfortunately.
But should it be the case, that this issue is also a polkit problem, perhaps the protonvpn-cli should install a polkit rule to allow itself access to the NetworkManager (perhaps by running with a special group)?
Hey @DasCapschen
Thanks for the reply. So that is true indeed, the unable to add IPv6 leak protection interface is indeed a similar issue although at a different degree. The problem is that distros by default are configured with the necessary rights to do whatever is needed, and thus adding a new polkit rule is usually not needed. But in your case it seems that you were indeed missing some rules, so my question is only if this is relative to your current setups. I'm running Manjaro myself, and had never incurred in such issues (had manjaro on 2 laptops and never experienced). We had though users who had recently installed ie ubuntu 20.04 and out of the box were getting this error. So my assumption is mostly that something ends up being miss-configured.
Same issue on Ubuntu 21.04 ): Being not the most adept at Linux I can't figure out how to add the correct polkit rule, there doesn't seem to be a whole lot of documentation on it.
Still the same issue on Manjaro, and as @Syntrice I don't know how to add a pollkit rule. I'll try to switch back to the previous application.
Same issue in Debian 11:
Setting up ProtonVPN.
Connecting to ProtonVPN on [REDACTED] with UDP.
ERROR:dbus.connection:Exception in handler for D-Bus signal:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/dbus/connection.py", line 232, in maybe_handle_message
self._handler(*args, **kwargs)
File "/usr/lib/python3/dist-packages/protonvpn_nm_lib/core/connection_backend/nm_client/monitor_vpn_connection_start.py", line 58, in on_vpn_state_changed
env.killswitch.manage(KillSwitchActionEnum.SOFT)
File "/usr/lib/python3/dist-packages/protonvpn_nm_lib/core/killswitch/killswitch.py", line 82, in manage
actions_dict = {
File "/usr/lib/python3/dist-packages/protonvpn_nm_lib/core/killswitch/killswitch.py", line 280, in setup_soft_connection
self.setup_post_connection_ks(None, activating_soft_connection=True)
File "/usr/lib/python3/dist-packages/protonvpn_nm_lib/core/killswitch/killswitch.py", line 221, in setup_post_connection_ks
self.activate_connection(self.ks_conn_name)
File "/usr/lib/python3/dist-packages/protonvpn_nm_lib/core/killswitch/killswitch.py", line 404, in activate_connection
conn_dict = self.nm_wrapper.search_for_connection( # noqa
File "/usr/lib/python3/dist-packages/protonvpn_nm_lib/core/dbus/dbus_network_manager_wrapper.py", line 56, in search_for_connection
all_connection_properties = self.get_settings_from_connection(
File "/usr/lib/python3/dist-packages/protonvpn_nm_lib/core/dbus/dbus_network_manager_wrapper.py", line 418, in get_settings_from_connection
return iface.GetSettings()
File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 72, in __call__
return self._proxy_method(*args, **keywords)
File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 141, in __call__
return self._connection.call_blocking(self._named_service,
File "/usr/lib/python3/dist-packages/dbus/connection.py", line 652, in call_blocking
reply_message = self.send_message_with_reply_and_block(
dbus.exceptions.DBusException: org.freedesktop.NetworkManager.Settings.PermissionDenied: uid 1000 has no permission to perform this operation
I also don't know how to edit polkit rules, and I don't dare to add an asterisk rule, since it may add a vuln to my system (there has to be a reason this permission is not set by default...)
Any ideas on how to solve this? I may be able to help with the code :)
BTW, I think this issue should be reported to the protonvpn-nm-lib repo.
Hey @DasCapschen , this issue has been solved with the latest library release. Please update to the latest version.