Closed ExpandingMan closed 2 years ago
Been doing some more digging on this, really seems like something is going singularly wrong when it tries to actually enable the connection. Creating and deleting the connections work fine. I am member of both wheel
and network
groups, and /etc/polkit-1/rules.d/50-org.freedesktop.NetworkManager.rules
exists and looks configured correctly. According to the arch linux wiki it should be working.
For a while I was thinking that this is purely a NetworkManager
issue, but now I'm starting to wonder if maybe something is mis-configured on the protonvpn
side.
@ExpandingMan try doing the following: Once the connection gets added, interrupt the process. In the keyring, check if an entry for the vpn has been added with the username and password. Then from that point:
if the entry in keyring is present, it means that the connection was can correctly added with all settings. If this is the case then ensure that nm-applet is installed and running (got an understanding that nm-applet is needed for some distros)
if not then something went wrong when adding the connection
Yes!!! It needs nm-applet
!!
Oh man, that was a saga, and what a simple fix!
Thanks so much. I understand that protonvpn doesn't want to say that it "officially supports" desktop environments other than GNOME or KDE, but I think it would still be really great if we could add some documentation here.
In particular, so far what I know is needed is NetworkManager
, dbus
, gnome-keyring
and for nm-applet
to be running. There are probably some details of network manager permissions to be documented here as well. My user is in both the network
and wheel
groups, think this might break for users who are not, so perhaps that should be documented somewhere.
Anyway thanks!!!
@ExpandingMan As en example, nm-applet is not always needed nor gnome-keyring. Lubuntu for example uses nm-tray but it has some quirks. Also you could use KWallet instead of gnome-keyring but it would require some understanding of some other concepts, although if you install on a full KDE DE it should work flawlessly.
About the rest, the clients are made to work on default desktop configurations, which users are normally already in both network/wheel, also NM polkit rules are also pre-defined. Given the ammount of WM and other configurations, we have to limit ourselves somehow. Also, manual installation via is currently not supported (git cloning, compiling installing) but the community is free to try out.
Yeah, what you are saying is understandable, but regardless, I definitely think more documentation is in order. I'd have to guess that something like half of your users are not using standard GNOME or KDE setups. It's perfectly reasonable for protonvpn not to officially support every crazy thing that somebody tries, but documentation (and links to documentation) are always nice.
I'll close this issue. At the very least, this stuff will now be discoverable in my dotfiles.
KeePassXC can be used for org.freedesktop.secrets storage instead of KWallet or gnome-keyring but you have to leave the program running it doesn't have a background service. I haven't tried this with protonvpn-cli as I just stick with protonvpn-cli-ng since that has always worked for me. That and I use connman not NetworkManager.
thanks for this thread, I also went down the rabbit hole (I use a very basic sway setup) - it should maybe be mentioned on the docs, I'm sure I'm not alone :)
I am having the same issue none of the steps here helped I can't even open the GUI app anymore or do anything with the command line program like logout
Yes!!! It needs
nm-applet
!!Oh man, that was a saga, and what a simple fix!
Thanks so much. I understand that protonvpn doesn't want to say that it "officially supports" desktop environments other than GNOME or KDE, but I think it would still be really great if we could add some documentation here.
In particular, so far what I know is needed is
NetworkManager
,dbus
,gnome-keyring
and fornm-applet
to be running. There are probably some details of network manager permissions to be documented here as well. My user is in both thenetwork
andwheel
groups, think this might break for users who are not, so perhaps that should be documented somewhere.Anyway thanks!!!
I can't believe this worked, OMG, after hours, this was the fix... :man_facepalming:
I have been trying for a couple of weeks now to get ProtonVPN working on my machine. I use the i3 desktop manager, but my setup is pretty close to a vanilla Manjaro install and I am running
NetworkManager
andgnome-keyring
.I am able to login successfully, but when I try connecting
protonvpn-cli
will hang. The following line appears in thenetwork_manager.service.log
which is copied to theprotonvpn
log directory:I have now confirmed quite explicitly that
gnome-keyring
is working properly in my setup. I am able to fetch the protonvpn credentials withsecret-tool
and I can see the stored credentials in theseahorse
GUI interface tognome-keyring
.I haven't fully established what is going on, but it seems that while I am able to fetch credentials just fine as my user, for whatever reason
NetworkManager
cannot. This may be due to a misconfiguration of theNetworkManager
polkit, but if this is the case I so far have no clue how it could be fixed.I have seen a number of vaguely similar threads on the internet such as this one where people seem to have solved similar problems by making
gnome-keyring
passwords available to all users, though I also do not yet know how this can be done.Note that
protonvpn-cli
successfully creates theNetworkManager
connection, it just isn't able to actually connect to it because it can't get the credentials. I can successfully finish the aborted process manually by doing, e.g.(or whatever the name of the connection was that
protonvpn-cli
created) and manually entering my password. While it means that strictly speaking I am able to connect, obviously this still needs to be fixed.I will continue investigating. I went through a lengthy discussion with ProtonVPN support but it ultimately went nowhere (seems like maybe there are just too many layers between customer support and developers to solve this issue), but I may open another ticket now that I have more information.
Please let me know if you have any suggestions, I am quite determined to get this working as I really don't want to have to find another VPN provider.