debcrafters-packages team mailing list archive

[Enverest <2116000@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Actual result:
When VPN client tries to reconnect it fails.

Expected result:
When VPN client tries to reconnect it should reconnect sucessfully.

Steps to Reproduce:
1. Use GNOME’s NetworkManager GUI to import a .ovpn file. 
(Zaborona VPN in my case. https://zaborona.help/openvpn-client-config/srv0.zaborona-help-TCP_maxroutes.ovpn).
2. Connect to the VPN.
3. Verify that routes are present. ("ip route show dev tun0")
4. Wait wait wait for a reconnect. (I use this command to notice changes 'journalctl --follow --no-tail --since "1 hour ago"')
5. Verify that routes are NOT present. ("ip route show dev tun0")

I have Ubuntu 25.04.
Clean Ubuntu 25.04 install in GNOME Boxes reproduces the issue.
apt-cache policy network-manager-openvpn => 1.12.0-2


ChatGPT suggestion below:
🧩 Root Cause: DBus Policy Rejection on Reconnect

At the heart of it is this:

    The nm-openvpn-service-openvpn-helper process (running as nm-
openvpn) tries to call privileged DBus methods like SetConfig and
SetIp4Config, but gets rejected.

This breaks route injection and IP configuration on reconnect.
🧠 Why It Works on First Connect but Not Reconnect

    Initial connect: NetworkManager launches OpenVPN itself and has full
DBus access. Everything works.

    Reconnect (after ping-restart): OpenVPN restarts internally and
invokes the helper, which runs as a sandboxed user (nm-openvpn). That
user lacks DBus permissions to reconfigure the VPN plugin.

** Affects: network-manager-openvpn (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "Manually removed from the logs excessive "unable to configure IPv4 route: type unicast" lines"
   https://bugs.launchpad.net/bugs/2116000/+attachment/5888046/+files/journalctl_openvpn_logs.txt

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to network-manager-openvpn in
Ubuntu.
https://bugs.launchpad.net/bugs/2116000

Title:
  network-manager-openvpn fails to reapply routes after reconnect due to
  DBus permission denial

Status in network-manager-openvpn package in Ubuntu:
  New

Bug description:
  Actual result:
  When VPN client tries to reconnect it fails.

  Expected result:
  When VPN client tries to reconnect it should reconnect sucessfully.

  Steps to Reproduce:
  1. Use GNOME’s NetworkManager GUI to import a .ovpn file. 
  (Zaborona VPN in my case. https://zaborona.help/openvpn-client-config/srv0.zaborona-help-TCP_maxroutes.ovpn).
  2. Connect to the VPN.
  3. Verify that routes are present. ("ip route show dev tun0")
  4. Wait wait wait for a reconnect. (I use this command to notice changes 'journalctl --follow --no-tail --since "1 hour ago"')
  5. Verify that routes are NOT present. ("ip route show dev tun0")

  I have Ubuntu 25.04.
  Clean Ubuntu 25.04 install in GNOME Boxes reproduces the issue.
  apt-cache policy network-manager-openvpn => 1.12.0-2

  
  ChatGPT suggestion below:
  🧩 Root Cause: DBus Policy Rejection on Reconnect

  At the heart of it is this:

      The nm-openvpn-service-openvpn-helper process (running as nm-
  openvpn) tries to call privileged DBus methods like SetConfig and
  SetIp4Config, but gets rejected.

  This breaks route injection and IP configuration on reconnect.
  🧠 Why It Works on First Connect but Not Reconnect

      Initial connect: NetworkManager launches OpenVPN itself and has
  full DBus access. Everything works.

      Reconnect (after ping-restart): OpenVPN restarts internally and
  invokes the helper, which runs as a sandboxed user (nm-openvpn). That
  user lacks DBus permissions to reconfigure the VPN plugin.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/2116000/+subscriptions