[BUG] Mageia 7 KDE issue

[sandrokensan]

I have attempt to install protonvpn-cli to Mageia 7:

openvpn installed
python3-pip installed
python3-setuptools installed
I have not dialog, I have kdialog and Xdialog installed, It is not installed python3-dialog and python-dialog: I have installed they. Without this I have a dialog error into protonvpn.

# pip3 install protonvpn-cli
works fine.

# protonvpn init
don't works: [!] The program was not executed as root.

I add my username to sudoers (mageia has not sudo, only root) and then try:

$ sudo protonvpn init
don't works: unknown protonvpn command

$ sudo /usr/local/bin/protonvpn init
works!

$ sudo /usr/local/bin/protonvpn connect
don't work (dialog problem), I install python3-dialog and the dialog windows works.

I have try all configuration but I get always:
[!] Authentication failed. into $ sudo /usr/local/bin/protonvpn connect

Checked my login data with $ sudo /usr/local/bin/protonvpn configure and copy and paste my login data (username and password) without success.

Firewall problem?

[Rafficer]

$ sudo protonvpn init
don't works: unknown protonvpn command

That's because you didn't install as root. When you then use sudo, it won't be in root's $PATH because it's installed only for your user. If you don't want to install with sudo you can follow this guide to install it globally in a virtual environment.

I have not dialog, I have kdialog and Xdialog installed, It is not installed python3-dialog and python-dialog: I have installed they. Without this I have a dialog error into protonvpn.

The package that gets installed by python3-dialog should be installed by PIP, so not sure why this error exists for you when not using the package provided by the repositories.

I have try all configuration but I get always:
[!] Authentication failed. into $ sudo /usr/local/bin/protonvpn connect

Are you using the ProtonVPN OpenVPN credentials? You can find them on https://account.protonvpn.com/accounts. Note that you can't use your normal login credentials for ProtonVPN, but you need to use those special credentials for this tool.

This is also described in the example installation.

[sandrokensan]

$ sudo protonvpn init
don't works: unknown protonvpn command

That's because you didn't install as root. When you then use sudo, it won't be in root's $PATH because it's installed only for your user. If you don't want to install with sudo you can follow this guide to install it globally in a virtual environment.

I have bash history and I have check the root commands in my history:

[~]$ su
Password: 
[root@localhost]# pip3 install protonvpn-cli

So I have installed protonvpn-cli as root, it is sure.

I have not dialog, I have kdialog and Xdialog installed, It is not installed python3-dialog and python-dialog: I have installed they. Without this I have a dialog error into protonvpn.

The package that gets installed by python3-dialog should be installed by PIP, so not sure why this error exists for you when not using the package provided by the repositories.

I don't know, python3-dialog was not installed, so I had to installed it manually.

Are you using the ProtonVPN OpenVPN credentials? You can find them on https://account.protonvpn.com/accounts. Note that you can't use your normal login credentials for ProtonVPN, but you need to use those special credentials for this tool.

This is also described in the example installation.

Yes, sorry, I have not read the manual and have used the site credentials. Now I have not login error but API error:

There is already a VPN connection running.
Terminating previous connection...
Connecting to NL-FREE#1 via TCP...
[!] There was an error connecting to the ProtonMail API.
[!] Please make sure your connection is working properly!

So I have installed protonvpn with pip3 as root and have the error:

[root@localhost]# protonvpn c
[!] The program was not executed as root.
[!] Please run as root.

protonvpn in in my root $PATH.

[Rafficer]

Yes, sorry, I have not read the manual and have used the site credentials. Now I have not login error but API error:

There is already a VPN connection running.
Terminating previous connection...
Connecting to NL-FREE#1 via TCP...
[!] There was an error connecting to the ProtonMail API.
[!] Please make sure your connection is working properly!

Can you access https://api.protonmail.ch/tests/ping in your browser? It could be that your access to this site is blocked for some reason. If not, you can run PVPN_DEBUG=1 protonvpn connect nl-free-1 and get more debug information. Or view the file ~/.pvpn-cli/pvpn-cli.log which contains the same information. That additional information would be needed to debug this further.

So I have installed protonvpn with pip3 as root and have the error:

[root@localhost]# protonvpn c
[!] The program was not executed as root.
[!] Please run as root.

What did you do different, it seemed to work in the previous example you posted? The CLI checks for the running user with Python's built-in getpass.getuser() function, so getting this error when executing as root means your environment variables aren't what they should be. Can you send me the output of the following command, executed as root:

python3 -c "import getpass; print(getpass.getuser())"

[sandrokensan]

Can you access https://api.protonmail.ch/tests/ping in your browser? It could be that your access to this site is blocked for some reason.

Yes, I can.
https://api.protonmail.ch/tests/ping {"Code":1000}

If not, you can run PVPN_DEBUG=1 protonvpn connect nl-free-1 and get more debug information. Or view the file ~/.pvpn-cli/pvpn-cli.log which contains the same information. That additional information would be needed to debug this further.

log.txt
log file ~/.pvpn-cli/pvpn-cli.log

python3 -c "import getpass; print(getpass.getuser())"

[user@localhost ~]$ python3 -c "import getpass; print(getpass.getuser())"
user
[user@localhost ~]$ sudo python3 -c "import getpass; print(getpass.getuser())"
root
[root@localhost user]# python3 -c "import getpass; print(getpass.getuser())"
user
[root@localhost user]# whoami
root

Is It a Mageia 7 bug? It returns the user in root mode and not superuser, only sudo works correctly.

[Rafficer]

Thanks for the log file, I definitely need to improve logging a bit and noted this.

The error seems to be that you can't connect to the ProtonVPN API after the connection was successfully initiated by OpenVPN itself, so you should be connected, but the CLI might break because there's still some information missing (especially in the config file). To be precise, this line seems to be the issue. I will look into improving this.

 [user@localhost ~]$ python3 -c "import getpass; print(getpass.getuser())"
user
[user@localhost ~]$ sudo python3 -c "import getpass; print(getpass.getuser())"
root
[root@localhost user]# python3 -c "import getpass; print(getpass.getuser())"
user

Is It a Mageia 7 bug? It returns the user in root mode and not superuser, only sudo works correctly.

Might be. How exactly do you switch to the root user? Maybe I can reproduce this on another distro as well.

[sandrokensan]

Thanks for the log file, I definitely need to improve logging a bit and noted this.

The error seems to be that you can't connect to the ProtonVPN API after the connection was successfully initiated by OpenVPN itself, so you should be connected, but the CLI might break because there's still some information missing (especially in the config file). To be precise, this line seems to be the issue. I will look into improving this.

Tanx for your efforts.

Might be. How exactly do you switch to the root user? Maybe I can reproduce this on another distro as well.

Mageia has not sudo implemented by default. So I ( and every mageia user) do:

$ su
password:
#

Another little issue is that after:

[user@localhost ~]$ sudo /usr/local/bin/protonvpn connect

I get:

Connecting to JP-FREE#3 via UDP...
[!] There was an error connecting to the ProtonMail API.
[!] Please make sure your connection is working properly!

and Internet is blocked via browser (maybe DNS (resolv.conf file) problem?) so I do

[user@localhost ~]$ sudo /usr/local/bin/protonvpn d
Disconnected.

and all goes fine. Internet works.

[Rafficer]

Mageia has not sudo implemented by default. So I ( and every mageia user) do:

$ su
password:
#

Tried this on Ubuntu and Fedora and I don't have this issue. Using su correctly sets the environment variables. At first glance now, there seems to be something off with Mageia.

and Internet is blocked via browser (maybe DNS (resolv.conf file) problem?)

Might be. Can you try protonvpn configure -> 4 -> 3 to disable DNS management? or 4 -> 2 and then add 1.1.1.1 as DNS Server. Maybe this helps, although this will result in DNS Leaks.

[sandrokensan]

Tried this on Ubuntu and Fedora and I don't have this issue. Using su correctly sets the environment variables. At first glance now, there seems to be something off with Mageia.

I have not enough knowledge to open a bug into mageia bugzilla, I have understand only that python have an issue into mageia environment. I can post only this.

and Internet is blocked via browser (maybe DNS (resolv.conf file) problem?)

Might be. Can you try protonvpn configure -> 4 -> 3 to disable DNS management? or 4 -> 2 and then add 1.1.1.1 as DNS Server. Maybe this helps, although this will result in DNS Leaks.

nope. protonvpn configure -> 4 -> 3 same behaviour, 4 -> 2 and then add 1.1.1.1 same behaviour: I must disconnect to have Internet into firefox.

protonvpn configure -> 4 -> 3
protonvpn connect (API error)
Firefox isn't connected to Internet
protonvpn d
Firefox is connected to Internet

[Rafficer]

I have not enough knowledge to open a bug into mageia bugzilla, I have understand only that python have an issue into mageia environment. I can post only this.

To be honest, the easiest thing to do would probably to install sudo. It's recommended for security reasons anyway to disable the root account itself so you can't log in with it and only use sudo. But you have to decide for yourself.

nope. protonvpn configure -> 4 -> 3 same behaviour, 4 -> 2 and then add 1.1.1.1 same behaviour: I must disconnect to have Internet into firefox.

Can you maybe try following this guide and see if it works if you just go through the normal setup with OpenVPN config files? I'm not sure if it's something with OpenVPN then that doesn't seem to work for you.

[sandrokensan]

Can you maybe try following this guide
https://protonvpn.com/support/linux-vpn-setup/ and see if it works if
you just go through the normal setup with OpenVPN config files? I'm not
sure if it's something with OpenVPN then that doesn't seem to work for you>

The guida that I can follow is this:

Option B: VPN setup for Linux using the Terminal (CLI)

with this config file:

ProtonVPN_server_configs.zip

and this file:

wget
“https://raw.githubusercontent.com/ProtonVPN/scripts/master/update-resolv-conf.sh”
-O “/etc/openvpn/update-resolv-conf”

?

[Rafficer]

Yes. I just want to know if this will work for you.

[pamputt]

Hi, I also use Mageia 7 and I also experienced the same issue. I reproduced all the step described in this thread and get exactly the same output.
So I tried to follow the procedure given two messages before and here is what I got

# openvpn de-03.protonvpn.com.udp.ovpn 
Fri Dec  6 23:11:53 2019 OpenVPN 2.4.7 x86_64-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 17 2019
Fri Dec  6 23:11:53 2019 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
Enter Auth Username: MyUserName
Enter Auth Password: *************
Fri Dec  6 23:12:09 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Dec  6 23:12:09 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Dec  6 23:12:09 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Dec  6 23:12:09 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]37.58.58.231:80
Fri Dec  6 23:12:09 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Dec  6 23:12:09 2019 UDP link local: (not bound)
Fri Dec  6 23:12:09 2019 UDP link remote: [AF_INET]37.58.58.231:80
Fri Dec  6 23:12:09 2019 TLS: Initial packet from [AF_INET]37.58.58.231:80, sid=b282d0c0 a54e4ad6
Fri Dec  6 23:12:09 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Dec  6 23:12:10 2019 VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
Fri Dec  6 23:12:10 2019 VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
Fri Dec  6 23:12:10 2019 VERIFY KU OK
Fri Dec  6 23:12:10 2019 Validating certificate extended key usage
Fri Dec  6 23:12:10 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Dec  6 23:12:10 2019 VERIFY EKU OK
Fri Dec  6 23:12:10 2019 VERIFY OK: depth=0, CN=de-03.protonvpn.com
Fri Dec  6 23:12:10 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Dec  6 23:12:10 2019 [de-03.protonvpn.com] Peer Connection Initiated with [AF_INET]37.58.58.231:80
Fri Dec  6 23:12:11 2019 SENT CONTROL [de-03.protonvpn.com]: 'PUSH_REQUEST' (status=1)
Fri Dec  6 23:12:16 2019 SENT CONTROL [de-03.protonvpn.com]: 'PUSH_REQUEST' (status=1)
Fri Dec  6 23:12:16 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.0.5 255.255.255.0,peer-id 5,cipher AES-256-GCM'
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: timers and/or timeouts modified
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: explicit notify parm(s) modified
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: compression parms modified
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Fri Dec  6 23:12:16 2019 Socket Buffers: R=[212992->425984] S=[212992->425984]
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: --ifconfig/up options modified
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: route options modified
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: route-related options modified
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: peer-id set
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: adjusting link_mtu to 1657
Fri Dec  6 23:12:16 2019 OPTIONS IMPORT: data channel crypto options modified
Fri Dec  6 23:12:16 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Dec  6 23:12:16 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Dec  6 23:12:16 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Dec  6 23:12:16 2019 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=enp8s0 HWADDR=8c:89:a5:64:ae:25
Fri Dec  6 23:12:16 2019 TUN/TAP device tun0 opened
Fri Dec  6 23:12:16 2019 TUN/TAP TX queue length set to 100
Fri Dec  6 23:12:16 2019 /usr/sbin/ifconfig tun0 10.8.0.5 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Fri Dec  6 23:12:16 2019 /etc/openvpn/update-resolv-conf tun0 1500 1585 10.8.0.5 255.255.255.0 init
dhcp-option DNS 10.8.8.1
resolvconf: Error: Command not recognized
Usage: resolvconf (-d IFACE|-a IFACE|-u|--enable-updates|--disable-updates|--updates-are-enabled)
Fri Dec  6 23:12:16 2019 /usr/sbin/route add -net 37.58.58.231 netmask 255.255.255.255 gw 192.168.1.254
Fri Dec  6 23:12:16 2019 /usr/sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
Fri Dec  6 23:12:16 2019 /usr/sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
Fri Dec  6 23:12:16 2019 Initialization Sequence Completed

Then, I tried to connect to a website on Firefox but I was not able to reach it.
I hope it can help.

[Rafficer]

It looks like Mageia has some weird anomalies/issues with OpenVPN itself. If the config files don't work the CLI can't either. So this does not seem to be a bug with the CLI.

[gramo44]

It is different to be conected as root using su than using su -. When you connect using su - you enter as root using environment variables of root. If you omit the - you becomes root but with the same environment variables of the previous user.

[gramo44]

The process I follow was:
urpmi openvpn dialog python-setuptools python3-pip python-pip python3 -m pip install --upgrade pip python3 -m pip install protonvpn-cli protonvpn init
And place the credentials showed in the section OpenVPN / IKEv2 Username

Then I'm getting the very same error after protonvpn c:

Connecting to US-FREE#1 via TCP... [!] There was an error connecting to the ProtonMail API. [!] Please make sure your connection is working properly!

Into this machine I have squid, dhcpd, bind and shorewall, they works fine and share the internet network with my LAN desktops. Do you think the problem is that I can't share my VPN connection to a LAN.

When I look into ~root/.pvpn-cli/pvpn-cli.log i get
2019-12-12 11:39:16,283 — protonvpn-cli — DEBUG — cli:83 — ########################### 2019-12-12 11:39:16,284 — protonvpn-cli — DEBUG — cli:84 — ### NEW PROCESS STARTED ### 2019-12-12 11:39:16,284 — protonvpn-cli — DEBUG — cli:85 — ########################### 2019-12-12 11:39:16,284 — protonvpn-cli — DEBUG — cli:86 — ['/usr/bin/protonvpn', 'c'] 2019-12-12 11:39:16,284 — protonvpn-cli — DEBUG — cli:87 — USER: root 2019-12-12 11:39:16,284 — protonvpn-cli — DEBUG — cli:88 — CONFIG_DIR: /root/.pvpn-cli 2019-12-12 11:39:16,288 — protonvpn-cli — DEBUG — cli:91 — Arguments {'--cc': None, '--fastest': False, '--help': False, '--p2p': False, '--random': False, '--sc': False, '--tor': False, '--version': False, '-p': None, '<servername>': None, 'c': True, 'configure': False, 'connect': False, 'd': False, 'disconnect': False, 'examples': False, 'init': False, 'r': False, 'reconnect': False, 'refresh': False, 's': False, 'status': False} 2019-12-12 11:39:16,293 — protonvpn-cli — DEBUG — dialog:45 — Starting dialog connect 2019-12-12 11:39:16,294 — protonvpn-cli — DEBUG — call_api:31 — Initiating API Call: https://api.protonmail.ch/vpn/logicals 2019-12-12 11:39:18,157 — protonvpn-cli — DEBUG — call_api:55 — Successful json response 2019-12-12 11:39:18,188 — protonvpn-cli — DEBUG — pull_server_data:77 — SERVER_INFO_FILE written 2019-12-12 11:39:18,191 — protonvpn-cli — DEBUG — pull_server_data:84 — last_api_call updated 2019-12-12 11:39:18,192 — protonvpn-cli — DEBUG — get_servers:91 — Reading servers from file 2019-12-12 11:39:18,198 — protonvpn-cli — DEBUG — show_dialog:35 — Showing Dialog: Choose a country: 2019-12-12 11:39:19,337 — protonvpn-cli — DEBUG — dialog:83 — Country Choice: United States 2019-12-12 11:39:19,339 — protonvpn-cli — DEBUG — show_dialog:35 — Showing Dialog: Choose the server to connect: 2019-12-12 11:39:20,729 — protonvpn-cli — DEBUG — dialog:112 — Server Choice: US-FREE#1 2019-12-12 11:39:20,730 — protonvpn-cli — DEBUG — show_dialog:35 — Showing Dialog: Choose a protocol: 2019-12-12 11:39:21,881 — protonvpn-cli — DEBUG — dialog:120 — Protocol Choice: TCP 2019-12-12 11:39:21,883 — protonvpn-cli — DEBUG — openvpn_connect:442 — Initiating OpenVPN connection 2019-12-12 11:39:21,883 — protonvpn-cli — DEBUG — openvpn_connect:444 — Connecting to US-FREE#1 via TCP 2019-12-12 11:39:21,883 — protonvpn-cli — DEBUG — get_servers:91 — Reading servers from file 2019-12-12 11:39:21,888 — protonvpn-cli — DEBUG — openvpn_connect:460 — IPs: ['108.59.0.37', '108.59.0.38', '108.59.0.39', '192.96.203.69', '192.96.203.70', '207.244.109.179', '207.244.109.180', '209.58.142.154', '209.58.142.155', '209.58.142.157', '209.58.142.158', '209.58.142.159', '209.58.142.161', '209.58.147.210', '209.58.147.238', '209.58.147.239', '209.58.147.241', '209.58.147.242', '209.58.147.244', '209.58.147.245'] 2019-12-12 11:39:21,888 — protonvpn-cli — DEBUG — openvpn_connect:461 — connect.ovpn written 2019-12-12 11:39:21,888 — protonvpn-cli — DEBUG — disconnect:302 — Initiating disconnect 2019-12-12 11:39:21,893 — protonvpn-cli — DEBUG — is_connected:179 — Checking connection Status. OpenVPN processes: 0 2019-12-12 11:39:21,894 — protonvpn-cli — DEBUG — manage_dns:608 — Restoring DNS 2019-12-12 11:39:21,894 — protonvpn-cli — DEBUG — manage_dns:625 — No Backupfile found 2019-12-12 11:39:21,894 — protonvpn-cli — DEBUG — manage_ipv6:690 — Restoring IPv6 2019-12-12 11:39:21,894 — protonvpn-cli — DEBUG — manage_ipv6:692 — No Backupfile found 2019-12-12 11:39:21,894 — protonvpn-cli — DEBUG — manage_killswitch:761 — Restoring iptables 2019-12-12 11:39:21,894 — protonvpn-cli — DEBUG — manage_killswitch:770 — No Backupfile found 2019-12-12 11:39:21,894 — protonvpn-cli — DEBUG — disconnect:342 — No connection found 2019-12-12 11:39:21,894 — protonvpn-cli — DEBUG — get_ip_info:133 — Getting IP Information 2019-12-12 11:39:21,894 — protonvpn-cli — DEBUG — call_api:31 — Initiating API Call: https://api.protonmail.ch/vpn/location 2019-12-12 11:39:22,917 — protonvpn-cli — DEBUG — call_api:55 — Successful json response 2019-12-12 11:39:22,919 — protonvpn-cli — DEBUG — openvpn_connect:479 — OpenVPN process started 2019-12-12 11:39:33,642 — protonvpn-cli — DEBUG — set_config_value:124 — Writing dns_server to [metadata] in config file 2019-12-12 11:39:33,643 — protonvpn-cli — DEBUG — manage_dns:559 — Leak Protection initiated 2019-12-12 11:39:33,643 — protonvpn-cli — DEBUG — manage_dns:573 — DNS Leak Protection is enabled 2019-12-12 11:39:33,643 — protonvpn-cli — DEBUG — manage_dns:579 — /etc/resolv.conf (resolv.conf) backed up 2019-12-12 11:39:33,643 — protonvpn-cli — DEBUG — manage_dns:587 — Removed existing DNS Servers 2019-12-12 11:39:33,643 — protonvpn-cli — DEBUG — manage_dns:595 — Added ProtonVPN or custom DNS 2019-12-12 11:39:33,644 — protonvpn-cli — DEBUG — set_config_value:124 — Writing resolvconf_hash to [metadata] in config file 2019-12-12 11:39:33,647 — protonvpn-cli — DEBUG — manage_ipv6:644 — Disabling IPv6 2019-12-12 11:39:33,651 — protonvpn-cli — DEBUG — manage_ipv6:665 — No IPv6 present 2019-12-12 11:39:33,651 — protonvpn-cli — DEBUG — get_ip_info:133 — Getting IP Information 2019-12-12 11:39:33,651 — protonvpn-cli — DEBUG — call_api:31 — Initiating API Call: https://api.protonmail.ch/vpn/location 2019-12-12 11:39:33,653 — protonvpn-cli — DEBUG — call_api:41 — Error connecting to ProtonMail API

[Rafficer]

Yeah, OpenVPN isn't working on Mageia. This isn't really an issue with ProtonVPN.

[rihoward]

Interesting that OpenVPN for Mageia 7 works fine with config files from PrivateInternetAccess.

[rihoward]

@gramo44 What happens when you attempt to use https://api.protonmail.ch/vpn/location in a browser on the host on which protonvpn is running? Do you get JSON returned similar to but not the same as
{"Code":1000,"IP":"98.204.105.56","Lat":37.619599999999998,"Long":-12.4816,"Country":"FR","ISP":"foo Cable"}

[gramo44]

Hi... I find the solution!!!!

I just enter to the firewall configuration and opened 443/tcp 443/udp

[gramo44]

So the complete process I did in order to get connected was as follows:

su -
urpmi openvpn python-setuptools python3-pip
urpmi python-pip
pip install --upgrade pip

pip3 install protonvpn-cli or maybe python3 -m pip install protonvpn-cli (choose one)

At MCC go to firewall and open 443/tcp 443/udp if you are still having problems do an iptables -F just to be sure
protonvpn init
(using the OpenVPN / IKEv2 username and OpenVPN / IKEv2 password from https://account.protonvpn.com/account)

protonvpn c
Connecting to NL-FREE#1 via UDP...
Connected!

[rihoward]

@Rafficer ProtonVPN needs to clearly document that port 443 needs to be opened in the firewall for it to be able work.

[sandrokensan]

My test. I have previously installed all the software, so I used only su - rather than su and then protonvpn works fine. I opened only 443/udp via MCC and not 443/tcp. Both udp and tcp into dialog of protonvpn c works fine. In protonvpn init I have set udp.

So I confirm that the firewall must be open at port 443 and it is a lack of protonvpn manual.

Bug closed?

[Rafficer]

What exactly is Mageia doing? I've just tested on Linux Mint and blocked all incoming ports and it still worked perfectly. If Mageia is blocking 443/tcp outgoing then yeah, kinda obvious that it doesn't work. But also why would it do that?

[Rafficer]

Mageia seems to have iptables policies in place that drop everything, even outgoing, that isn't from a known network interface. So honestly, this isn't ProtonVPN that needs to document that port 443 needs to be open, this is Mageia's default setting that doesn't allow any network interface to be introduced and connect to anything, which is what happens with OpenVPN. Anyway...

Solution

1. Connect to ProtonVPN via ProtonVPN-CLI and let it fail:

   [root@localhost ~]# protonvpn c -f
   Connecting to NL-FREE#2 via TCP...
   [!] There was an error connecting to the ProtonVPN API.
   [!] Please make sure your connection is working properly!
   

2. Open MCC and go to the Firewall Settings (Security > Set up your personal firewall)

3. Leave everything as it is in the first and second screen and proceed on both with Ok.

4. Make sure that it has tun0 checked in the third screen.

   

5. Press Ok once more to confirm.

   This will create a bunch of firewall rules that allows tun0 (OpenVPN interface) to function correctly.

6. Connect again and confirm that it works

   [root@localhost ~]# protonvpn c -f
   Connecting to NL-FREE#2 via TCP...
   Connected!
   

I guess this issue can be closed with this guide now. I will also notify the ProtonVPN support team about this so they can help future users that run into this issue with Mageia.

Thank you all.