I have found a "solution" (and I use this term very loosely here) based on this post: Network Manager does not set IP4.GATEWAY for OpenVPN connection - although I'm convinced this is a bug with the network-manager-openvpn
module.
The problem occurs because no gateway is set for the OpenVPN tunnel:
[van@d2:~]$ nmcli device show tun0
GENERAL.DEVICE: tun0
GENERAL.TYPE: tun
GENERAL.HWADDR: (unknown)
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: tun0
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/15
IP4.ADDRESS[1]: 10.9.0.4/24
IP4.ADDRESS[2]: 192.168.0.7/32
IP4.GATEWAY: --
IP6.ADDRESS[1]: fe80::cd28:e3cf:f9e6:1417/64
IP6.GATEWAY --
The default gateway can be obtained using:
[van@d2:~]$ ip route
default via 192.168.0.1 dev wlp3s0 proto static metric 600
...
Now use nmcli con show
to obtain the UUID of the OpenVPN tunnel (tun0 in my case):
[van@d2:~]$ nmcli con show
NAME UUID TYPE DEVICE
VAN-200-5GHz <SOME-UUID>-9c79da9597a1 802-11-wireless wlp3s0
van <SOME-UUID>-484ee303d901 vpn wlp3s0
tun0 <SOME-UUID>-2a1a14674e78 tun tun0
Wired connection 1 <SOME-UUID>-d3935bcf886b 802-3-ethernet --
Once you have the UUID, set the gateway using:
nmcli con mod <SOME-UUID>-b717eca7a5a0 ipv4.gateway 192.168.0.1
Now check to make sure you're using the VPN Server's IP address:
dig @resolver1.opendns.com myip.opendns.com +short
<YOUR-VPN-SERVER-IP>
One of the side effects of using this method is you'll end up with a "zombie" connection every time you add a tun0 gateway (and these will persist across reboots):
[van@d2:~]$ nmcli con show
NAME UUID TYPE DEVICE
VAN-200-5GHz <SOME-UUID>-9c79da9597a1 802-11-wireless wlp3s0
Wired connection 1 <SOME-UUID>-d3935bcf886b 802-3-ethernet --
van <SOME-UUID>-484ee303d901 vpn --
tun0 <SOME-UUID>-c4381868f3f3 tun --
tun0 <SOME-UUID>-157870b81351 tun --
tun0 <SOME-UUID>-a1bc29fb7bef tun --
You can remove these using:
[van@d2:~]$ nmcli con del tun0
Connection 'tun0' (<SOME-UUID>-157870b81351) successfully deleted.
Connection 'tun0' (<SOME-UUID>-c4381868f3f3) successfully deleted.
Connection 'tun0' (<SOME-UUID>-a1bc29fb7bef) successfully deleted.
Considering how complicated it is working around these issues just to be able to connect to OpenVPN using the Network Manager, you're probably going to be far better off just connecting via the terminal (assuming you have a valid OpenVPN config file).
I'm not sure how to report bugs of this nature, so if anyone knows, please chime in.
Best Answer
One solution is to start:
in the terminal. Terminal messages will tell you which entries of the connection are considered as invalid.
Source: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/990765/comments/27