Need help setting up NetworkManager as a VPN client, please

nooneknowspeter · August 6, 2025, 4:28pm

I’m trying to setup NetworkManager as a declarative vpn client(like native vpn network settings on a device); ipsec, l2tp, openvpn and wireguard.

I know wireguard is supported by default especially in the tui.

By adding the networking.networkmanager.plugins, it adds those options to the gui (nm-applet/nm-connection-editor) when adding a connection.

I tried ipsec(username, password, pre-shared key), l2tp(username, password) and openvpn(import .ovpn config) and connecting through nmcli(nmcli connection up vpnname), nmtui(activate a connection) and nm-applet(right click system tray icon, vpn connections, turn on vpn connection).

All fail.

I tried multiple vpns on vpngate(my go-to vpn source, works on my other devices through native networking settings) but to no avail.

I am setting it up in a module to be reused by my other nixos hosts, like here.

{ pkgs, ... }:
{
  networking.firewall.checkReversePath = "loose";
    
  networking.networkmanager = {
    enable = true;
    plugins = with pkgs; [
      networkmanager-fortisslvpn
      networkmanager-l2tp
      networkmanager-openvpn
      networkmanager_strongswan
    ];
  };
    
  programs = {
    nm-applet = {
      enable = true;
    };
    openvpn3 = {
      enable = true;
    };
  };
    
  services = {
    mullvad-vpn = {
      enable = true;
    };
    softether = {
      enable = true;
    };
    strongswan = {
      enable = true;
    };
    tailscale = {
      enable = true;
    };
    wg-netmanager = {
      enable = true;
    };
    xl2tpd = {
      enable = true;
    };
  };
}

logs from nmcli

❯ nmcli connection up vpngate_vpn973081969.opengw.net_udp_1931
Error: Connection activation failed: The connection attempt timed out
Hint: use 'journalctl -xe NM_CONNECTION=47745bf3-bbbe-4452-8b2a-714382e04a4d + NM_DEVICE=enp88s0' to get more details.

NetworkManager[2277]: <warn>  [1754281183.4190] vpn[0x1ee22830,47745bf3-bbbe-4452-8b2a-714382e04a4d,"vpngate_vpn973081969.opengw.net_udp_1931"]: connect timeout exceeded

when using openvpn outside of network manager

❯ openvpn3 session-start --config vpngate_vpn973081969.opengw.net_udp_1931.ovpn
Using pre-loaded configuration profile 'vpngate_vpn973081969.opengw.net_udp_1931.ovpn'
openvpn3/session-start: ** ERROR ** Could not start new VPN session: New tunnel did not respond