Arch Linux User Repository

The problems connecting to openvpn are unrelated to the kernel version. They occur if one uses the updated default /etc/sudoers content.

There has been an update recently: https://gitlab.archlinux.org/archlinux/packaging/packages/sudo/-/commit/4791df5c3deb6355e6a1fe0b40a13ef27ad060b0

that changes

# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

to

Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

Activating the secure_path setting will prevent cyberghostvpn from running the /usr/local/cyberghost/openvpn wrapper. This means the original /usr/bin/openvpn wrapper gets called with the unsupported --ncp-disable parameter again - and fails.

To make cyberghostvpn work again with openvpn

a) either comment out the Defaults secure_path=... line in /etc/sudoers again

b) or add /usr/local/cyberghost to the beginning of that line

/etc/sudoers

Defaults secure_path="/usr/local/cyberghost:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

c) or downgrade openvpn to <2.6 - that makes it support the --ncp-disable command line parameter again

I contacted the support these issues a few months ago, and i had a very poor answer (it seems they didn't care, at least at that time).

So on my side, as a consequence i've not renewed my CyberghostVPN subscription anymore and i went for another provider (in case you would be interested : i chose AirVPN - working flawlessly with Wireguard + compatible out-of-the-box with the gluetun docker container + allowing ports redirections). And for now i think this choice was the good one (for me as a linux users willing a CLI / docker wireguard client), after so much time lost with CyberghostVPN.

Is anyone else having issues with connecting? Worked fine yesterday.

The problems connecting to openvpn are unrelated to the kernel version. They occur if one uses the updated default /etc/sudoers content.

There has been an update recently: https://gitlab.archlinux.org/archlinux/packaging/packages/sudo/-/commit/4791df5c3deb6355e6a1fe0b40a13ef27ad060b0

that changes

# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

to

Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

Activating the secure_path setting will prevent cyberghostvpn from running the /usr/local/cyberghost/openvpn wrapper. This means the original /usr/bin/openvpn wrapper gets called with the unsupported --ncp-disable parameter again - and fails.

To make cyberghostvpn work again with openvpn

a) either comment out the Defaults secure_path=... line in /etc/sudoers again

b) or add /usr/local/cyberghost to the beginning of that line

/etc/sudoers

Defaults secure_path="/usr/local/cyberghost:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

c) or downgrade openvpn to <2.6 - that makes it support the --ncp-disable command line parameter again

In my observation the kernel cannot be the problem here. Even if I install the cyberghostvpn client on an ubuntu 22.04 system and upgrade its kernel to the mainline version 6.10.3 cyberghostvpn is still able to connect - same behaviour as on my arch machine:

$ sudo cyberghostvpn --openvpn --country-code RU --connect
Prepare OpenVPN connection ...
Select server ... moscow-s409-i04
Connecting ... 
VPN connection established.
$ curl http://ip-api.com/json
{"status":"success","country":"Russia","countryCode":"RU","region":"MOW","regionName":"Moscow","city":"Moscow","zip":"","lat":55.7929,"lon":37.4845,"timezone":"Europe/Moscow","isp":"M247 Europe SRL","org":"M247 Ltd Moscow","as":"AS9009 M247 Europe SRL","query":"146.70.52.246"}
$ uname -r
6.10.3-061003-generic

Since the cyberghostvpn client is closed source people at cyberghostvpn are the only ones being able to fix or analyse problems regarding their client. Submitting log files containing the openvpn error messages to the cyberghostvpn support is the only way - there is nothing that can be fixed on the packaging side.

$ uname -r
6.9.10-arch1-1
$ sudo cyberghostvpn --torrent --openvpn --server-type torrent --country-code CA --connect
Perform authentication ...
Prepare OpenVPN connection ...
Select server ... montreal-s433-i23
Connecting ... 
An error occured! The VPN connection failed!

I would normally contact cyberghostvpn's support when they break their linux package, but when they broke wireguard connecting in mid 2023 they were most rude Needless to say, I am also affected by this, downgrading kernel to 6.9.10-arch1-1 did not provide an easy fix.

Same problem here: I just updated to the 6.10 kernel, now cyberghost won't connect anymore:

sudo cyberghostvpn --country-code BY --connect
Prepare OpenVPN connection ...
Select server ... minsk-s403-i06
Connecting ... 
An error occured! The VPN connection failed!

I tried to uninstall/reinstall, run a fresh --setup but nothing seems to help.

I cannot reproduce it - openvpn connections are working fine for me on on ArchLinux using kernel 6.10.1:

$ uname -r
6.10.1-arch1-1

$ sudo cyberghostvpn --openvpn --country-code RU --connect
Prepare OpenVPN connection ...
Select server ... moscow-s407-i01
Connecting ... 
VPN connection established.

$ curl http://ip-api.com/json/
{"status":"success","country":"Russia","countryCode":"RU","region":"MOW","regionName":"Moscow","city":"Moscow","zip":"","lat":55.7929,"lon":37.4845,"timezone":"Europe/Moscow","isp":"M247 Europe SRL","org":"M247 Ltd Moscow","as":"AS9009 M247 Europe SRL","query":"146.70.52.211"}

Hi ! I've been using this tool for a long time without any problems, but since the last kernel update to version 6.10.1.arch1-1, no openvpn connection can be established. I only get the following message: An error occurred! The VPN connection failed! I use EndeavorOS. It worked with the kernel 6.9.9.arch1-1.

Thanks! All works well. Cyberghost passwords with $ are not accepted, it appears.