Ubuntu – gray button for saving “editing VPN connection” in network-manager

When creating a VPN connection you have to fill out all the required fields before 'save' becomes active. Ensure that you have them all filled out accurately.

I have found a "solution" (and I use this term very loosely here) based on this post: Network Manager does not set IP4.GATEWAY for OpenVPN connection - although I'm convinced this is a bug with the network-manager-openvpn module.

The problem occurs because no gateway is set for the OpenVPN tunnel:

[van@d2:~]$ nmcli device show tun0
GENERAL.DEVICE:                         tun0
GENERAL.TYPE:                           tun
GENERAL.HWADDR:                         (unknown)
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     tun0
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/15
IP4.ADDRESS[1]:                         10.9.0.4/24
IP4.ADDRESS[2]:                         192.168.0.7/32
IP4.GATEWAY:                            --
IP6.ADDRESS[1]:                         fe80::cd28:e3cf:f9e6:1417/64
IP6.GATEWAY                             --

The default gateway can be obtained using:

[van@d2:~]$ ip route
default via 192.168.0.1 dev wlp3s0 proto static metric 600 
...

Now use nmcli con show to obtain the UUID of the OpenVPN tunnel (tun0 in my case):

[van@d2:~]$ nmcli con show
NAME                UUID                      TYPE             DEVICE 
VAN-200-5GHz        <SOME-UUID>-9c79da9597a1  802-11-wireless  wlp3s0 
van                 <SOME-UUID>-484ee303d901  vpn              wlp3s0 
tun0                <SOME-UUID>-2a1a14674e78  tun              tun0   
Wired connection 1  <SOME-UUID>-d3935bcf886b  802-3-ethernet   --     

Once you have the UUID, set the gateway using:

nmcli con mod <SOME-UUID>-b717eca7a5a0 ipv4.gateway 192.168.0.1

Now check to make sure you're using the VPN Server's IP address:

dig @resolver1.opendns.com myip.opendns.com +short
<YOUR-VPN-SERVER-IP>

One of the side effects of using this method is you'll end up with a "zombie" connection every time you add a tun0 gateway (and these will persist across reboots):

[van@d2:~]$ nmcli con show
NAME                UUID                      TYPE             DEVICE 
VAN-200-5GHz        <SOME-UUID>-9c79da9597a1  802-11-wireless  wlp3s0 
Wired connection 1  <SOME-UUID>-d3935bcf886b  802-3-ethernet   --     
van                 <SOME-UUID>-484ee303d901  vpn              --     
tun0                <SOME-UUID>-c4381868f3f3  tun              --     
tun0                <SOME-UUID>-157870b81351  tun              --     
tun0                <SOME-UUID>-a1bc29fb7bef  tun              --

You can remove these using:

[van@d2:~]$ nmcli con del tun0
Connection 'tun0' (<SOME-UUID>-157870b81351) successfully deleted.
Connection 'tun0' (<SOME-UUID>-c4381868f3f3) successfully deleted.
Connection 'tun0' (<SOME-UUID>-a1bc29fb7bef) successfully deleted.

Considering how complicated it is working around these issues just to be able to connect to OpenVPN using the Network Manager, you're probably going to be far better off just connecting via the terminal (assuming you have a valid OpenVPN config file).

I'm not sure how to report bugs of this nature, so if anyone knows, please chime in.