I can't seem to get my openvpn connection to automatically connect when I wake up from system suspend or reboot. The openvpn connection works fine through the GUI, except there is no option to auto-connect. I've tried using nm-connection-editor, but after I check the box to auto-connect and save, the connection inexplicably fails. Adding secondaries to my wifi network through nmcli results in the same failure to connect. How can I auto-connect to my VPN through the GUI in Ubuntu 17.10? It seems like this is broken or something.
Update: So after selecting the auto-connect option from nm-connection-editor, then rebooting, I can manually reconnect to both interfaces successfully (the vpn service starts along with the network manager), but the system fails to connect automatically for some cryptic reason.
Best Answer
Wait wait wait. THIS worked. All you have to do is go
and bingo problem solved.
If
nm-connection-editorsays that you can't save the connection (the save box is grayed out), then...just forget the network and set up the connection again (worked for me at least). Once you have checked saidauto-connectbox withnm-connection-editorand ensured that the VPN password is set to "Store for all users," both the primary connection AND the VPN will start successfully at the same time. Otherwise I keep getting this message in my syslog aboutvpn-connection[...]: Failed to request VPN secrets #3: No agents were available for this request.Literally just toggling that one option fixes the problem entirely. Use
sudo service network-manager restartand it connects flawlessly the first time. To avoid the error loop on bootup specifically, just uncheck the box "Make available to other users" on the primary connection.Also to prevent DNS leaks over your vpn when systemd-resolved is used, type
sudo nmcli connection modify <vpn-connection-name> ipv4.dns-priority -42See the bug whose fix I personally backported to Ubuntu 17.04 at https://bugs.launchpad.net/network-manager/+bug/1624317
After restarting your network manager, you should check the output of
systemd-resolve --statusand make sure that ONLY the DNS servers of your VPN are listed. Use the 'Extended' test on the dnsleaktest site to confirm you aren't leaking DNS queries.