Using TunnelDeck locks the /usr directory as Read-only file system

[dshk0718]

As the title mentions here, installing and enabling the OpenVPN through TunnelDeck locks the /usr directory as a read-only file system, hence breaking any pacman related tasks (like trying to install a package using pacman).

This was due to /usr/.systemd-sysext being completely write-protected, which apparently causes the entire /usr path to be write-protected as well.

I had to disable the OpenVPN in the TunnelDeck settings and uninstall TunnelDeck itself to make it possible to write to the /usr path and use pacman to install important packages for the OS (like gnome-keyring, etc.).

Will you look into this?

[irol765]

Me too, and after enabling the portal2 Chinese text will show an error as XXX

[mineinmonkey]

@dshk0718 This is a consequence of the way TunnelDeck implements the openvpn plugin for networkmanager using systemd's system extensions. You can temporarily disable the extension by running the command sudo systemd-sysext unmerge, running your pacman commands, and then re-enabling the extension using sudo systemd-sysext merge.

[rpigab]

@mineinmonkey This may be out of topic, but I'm trying to troubleshoot my OpenVPN configuration on the Steam Deck, and since it doesn't work in Deck mode even with OpenVPN activated, IPv6 disabled, passphrase entered and saved for all users, I tried in desktop mode, but NetworkManager fails with message "support missing for openvpn", but since I already ticked openvpn support in TunnelDeck plugin, I can see openvpn extension in systemd-sysext. I have tried sudo systemd-sysext merge (and refresh), but nothing changes. journalctl NetworkManager doesn't help, should I look at other logs or try to perform the VPN connection in nmcli?

I can't find relevant information on how to get openvpn working with systemd extensions, I know this config works because I'm using it from other clients on which OpenVPN support was builtin or easier to install.

[mineinmonkey]

@rpigab The most likely reason is because of this #4. I fixed it on my Deck by changing the URL in ~/homebrew/plugins/TunnelDeck/extensions/openvpn.list to https://steamdeck-packages.steamos.cloud/archlinux-mirror/extra-3.3/os/x86_64/networkmanager-openvpn-1.8.16-1-x86_64.pkg.tar.zst and executing the install script in the same directory.

[dshk0718]

@dshk0718 This is a consequence of the way TunnelDeck implements the openvpn plugin for networkmanager using systemd's system extensions. You can temporarily disable the extension by running the command sudo systemd-sysext unmerge, running your pacman commands, and then re-enabling the extension using sudo systemd-sysext merge.

Thank you for this. I will try this out later myself.

[steve228uk]

@dshk0718 Unfortunately @mineinmonkey is correct and as TunnelDeck uses system extensions to overlay the filesystem, it will make the usr directory read only. If you opt not to check the box to install OpenVPN it should not make the merge.

If you want to continue to use TunnelDeck's system extension, you can manually unmerge/merge with the following commands:

sudo systemd-sysext unmerge

sudo systemd-sysext merge

As this is expected behaviour, I'm going to mark this is closed.