Closed devqore closed 2 months ago
We can't do this with the GUI at this point as w're using NM which relies on polkit, and it always requires a "sitting" user, so unless you modify it yourself the rules it won't work for you, but from our side since this is not a scenario that we cover we won't be "fixing" this.
so unless you modify it yourself the rules it won't work for you
@calexandru2018 could you elaborate? What rules can be added to make this work on the VNC session?
It honestly depends what is the version of the polkit, >= v0.106 have a different structure from <= v0.105. Lastly you can read more about actions here: https://wiki.archlinux.org/title/Polkit#Actions
It's quite extensive so it's a bit impossible to give you a breakdown, but in a very short TL;DR: You need to make sure that polkit allows changes to networks from a non present person (VNC, SSH), but rather remotely.
@calexandru2018 but how granting privileges will solve a reported problem:
2024-02-16T08:02:09.700696 | dbus.proxies:407 | ERROR | Introspect error on :1.10:/org/freedesktop/login1/seat/auto: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.UnknownObject: Unknown object '/org/freedesktop/login1/seat/auto'.
there will be different privileges but still, there will be no such object, as in the VNC session seat
is not allocated. Also, the network manager works without any issues. Also, usually, when the application lacks privileges it shows a popup to ask for a password to get them.
Hey @devqore you're right my bad I miss-read it. It seems that you don't have org.freedesktop.login1
, in other words systemd-logind working. We require this process so that we can reconnect the user after a network change, network drop or when the sessions is locked (when locking screen or going to sleep). This leads me to thing that you don't have it running. Also DE is somewhat important because we currently only tests against Gnome DE and not KDE, and even though our app should work on KDE it's not tested and thus not fully (and officially) supported.
This should be solved once we release a new CLI, until then this won't be fixed because this is meant to be running on a usual desktop setup which has session handling.
Thank you @calexandru2018, for your answer, but still I think the case is a bit different. There is systemd-logind
session, but there is no seat
allocated. Let me try to show with a few commands, according to busctl tree
there can be login /org/freedesktop/login1
session without a seat:
$ busctl tree org.freedesktop.login1
└─ /org
└─ /org/freedesktop
├─ /org/freedesktop/LogControl1
└─ /org/freedesktop/login1
├─ /org/freedesktop/login1/seat
│ └─ /org/freedesktop/login1/seat/seat0
├─ /org/freedesktop/login1/session
│ ├─ /org/freedesktop/login1/session/auto
│ └─ /org/freedesktop/login1/session/c2
└─ /org/freedesktop/login1/user
├─ /org/freedesktop/login1/user/_1000
└─ /org/freedesktop/login1/user/self
and loginctl
confirms existing session:
$ loginctl session-status
c2 - myusername (1000)
Since: Sun 2024-03-24 20:40:39 CET; 3 weeks 3 days ago
Leader: 2374 (xrdp-sesman)
Display: :10
Service: xrdp-sesman; type x11; class user
State: active
Idle: no
Unit: session-c2.scope
├─2374 /usr/sbin/xrdp-sesman --nodaemon
├─2375 /bin/sh /home/myusername/.Xclients
├─2376 Xvnc :10 -auth .Xauthority -geometry 1920x1162 -depth 32 -rfbauth /home/myusername/.vnc/sesman_passwd-myusername@my.hostname:10 -bs -nolisten tcp -localhost -dpi 96
├─2378 /usr/sbin/xrdp-chansrv
├─2697 /usr/bin/ssh-agent /home/myusername/.Xclients
└─2698 startplasma-x11
also confirms lack of the seat
:
$ loginctl seat-status
Could not get properties: Unknown object '/org/freedesktop/login1/seat/auto'.
systemd-logind
service is also up and running:
$ systemctl status systemd-logind
● systemd-logind.service - User Login Management
Loaded: loaded (/usr/lib/systemd/system/systemd-logind.service; static)
Drop-In: /usr/lib/systemd/system/systemd-logind.service.d
└─10-grub2-logind-service.conf
/usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Sun 2024-03-24 20:38:37 CET; 3 weeks 3 days ago
Docs: man:sd-login(3)
man:systemd-logind.service(8)
man:logind.conf(5)
man:org.freedesktop.login1(5)
Main PID: 879 (systemd-logind)
Status: "Processing requests..."
Tasks: 1 (limit: 18642)
FD Store: 0 (limit: 512)
Memory: 3.9M
CPU: 2.778s
CGroup: /system.slice/systemd-logind.service
└─879 /usr/lib/systemd/systemd-logind
If I attach monitor and peripheral devices to this station (normally is started headless) and I'll start KDE session then app works correctly, but then is allocated seat, so the problem is not ratter related to DM (also on daily basis on regular workstation works perfectly with Xfce).
Of course, I have a workaround for it, and I'm managing ProtonVPN via CLI, but I really like GUI app, and still I'm thinking that's a valid use case to have a headless workstation for research purposes and not only use it via SSH but also with VNC/XRDP with a valid session but without a seat.
Anyway, thank you for your time, and I'm looking forward to CLI update, as recent updates broke something (right now I don't even remember what hack I had to apply, but possibly it was related to fedora packaging).
Yeah gotcha thanks for clarifying it 👍🏻 As I previously mentioned we do really depend on that mainly for the reconnect logic so there's no way around it currently. Can I ask you which CLI you were talking about, is the community one ?
No, about this one described here https://protonvpn.com/support/linux-vpn-tool/, the community one was the solution for me. On the headless machine, I don't have any proton VPN rpm installed:
$ rpm -qa | grep -i proton
but instead:
$ pip freeze | grep -i proton
-e git+https://github.com/ProtonVPN/linux-cli-community@568dc778c3247cc920d7af909c119d671d883900#egg=protonvpn_cli
But currently, I can't provide more details, also I didn't report it as I hoped to get GUI working. But I'm pretty sure that dependencies have been broken and CLI didn't exist or it was unusable in the mentioned in the documentation Fedora repositories. I'm using a Proton VPN Plus license.
If there is another possibility to use ProtonVPN via CLI which you recommend I can try to use it.
No, about this one described here https://protonvpn.com/support/linux-vpn-tool/
Hmm that's odd, we haven't made any changes to V3 so if it worked before it should continue working, unless some packages have been updated on the distro that somehow broke something, but that shouldn't be the case I suspect. But also do note that this client has been deprecated in favor of v4, so currently we don't have an official CLI but we'll try to prioritize it once we finish WireGuard for the current app.
the community one was the solution for me.
The community one will eventually be discontinued because we keep creating API hacks for it and it's becoming unsustainable, plus it has not been maintained in +2 years, so I would advise against using it if possible.
If there is another possibility to use ProtonVPN via CLI which you recommend I can try to use it.
You can always go the manual way:
You can download a config for a country instead of a server and this way you'll ensure that if that server goes into maintenance if always have backup servers to connect to.
Understood. I'm aware of WireGuard and OpenVPN but I'm changing often countries, and it would require a lot of manual configurations. Of course, I could automate it somehow but that's not the point if the app is (or should be) in place.
Is there any chance to support VNC sessions in
proton-vpn-gtk-app
? Currently, I'm starting VNC session with KDE (but the Desktop Environment is not important) and when I'm starting the app I'm getting:It's because VNC session doesn't allocate any seat and app hangs on:
I've installed packages in the following versions:
Output from
loginctl
command:protonvpn-cli
works, but it would be nice to use gtk-app on headless stations only with VNC session started.