#StackBounty: #network-manager #vpn How do I set a network device to be managed?

Bounty: 150

My ProtonVPN connection keeps breaking. I’m using Ubuntu 18.04. ProtonVPN informs me that the issue is with Ubuntu, they won’t help me fix it, and that I should post here. This is a cross-post of this Unix SE question.

Right now, in the broken state, the two ProtonVPN device profiles proton0 and ipv6leakintrf0 are listed as "unmanaged" and "disconnected", respectively, by nmcli:

$ nmcli d
DEVICE          TYPE      STATE         CONNECTION 
wlp3s0          wifi      connected     WifiAP
ipv6leakintrf0  dummy     disconnected  --         
enp2s0          ethernet  unavailable   --         
lo              loopback  unmanaged     --         
proton0         tun       unmanaged     --

ProtonVPN support has not been able to resolve the issue after working on it for nearly two months, but they did inform me they don’t support unmanaged connections. So, I’m struggling on my own to make both proton0 and ipv6leakintrf0 be "managed".

From what I can piece together from the NetworkManager configuration documentation, NetworkManager configures devices from the following sources, in order:

  1. /usr/lib/NetworkManager/conf.d/
  2. /run/NetworkManager/conf.d/
  3. /etc/NetworkManager/conf.d/
  4. /etc/NetworkManager.conf
  5. /var/lib/NetworkManager/NetworkManager-intern.conf

Within the three directories, files are parsed in their listed order. On my system, the file /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf exists and contains the following directive:

[keyfile]
unmanaged-devices=*,except:type:wifi,except:type:wwan

This appears to set all non-wifi and non-wan network devices to "unmanaged", which would explain why proton0 and probably ipv6leakintrf0 are unmanaged. However, given how poorly-designed the NetworkManager UX is, there’s no way for me to be certain that subsequent configuration I don’t understand isn’t overriding this directive.

I searched the above configuration list for another unmanaged-devices directive and found none, so I can only assume the one in 10-globally-managed-devices.conf is the only one. In that case, it seems like I could correct the problem and make proton0 a managed device by creating a file /usr/lib/NetworkManager/conf.d/80-proton-vpn.conf with the following contents:

[device]
match-device=interface-name:proton0
managed=true

[device]
match-device=interface-name:ipv6leakintrf0
managed=true

where I’ve pieced the syntax together as best I can from the poor documentation linked above. I restarted network-manager. ProtonVPN worked for several days before breaking again, giving the $ nmcli d output shown above that indicates proton0 (and probably ipv6leakintrf0) are still unmanaged, despite my best efforts at changing the config.

This AskUbuntu answer indicates that the listing of a device in /etc/network/interfaces will cause it to be unmanaged by NetworkManager. In my case that does not apply, the only contents of that file are

$ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

I’ve also tried explicitly excepting the ProtonVPN devices in 10-globally-managed-devices.conf as suggested by a comment on the Unix SE post I linked above:

[keyfile]
unmanaged-devices=*,except:type:wifi,except:type:wwan,except:interface-name:proton*,except:interface-name:ipv6leakintrf*

After restarting network-manager, this config made no change in the problem.

What else do I have to do to make these device profiles be managed by NetworkManager?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.