Linux with OpenVPN? This can quickly become dangerous if you don't know what you're doing

When OpenVPN paralyzes your Linux - and how to save it again

A field report with OpenVPN, DNS problems and broken routes

Many people think that Linux is more stable and controllable than Windows. But woe betide anyone who connects to OpenVPN, shoots up their routes and realizes when the VPN is disconnected: the Internet is gone. Completely. No DNS, no ping, no curl. Welcome to the world of network management under Linux.

With this article, I would like to draw your attention to a problem that mainly affects VPN users under Linux concerns: After the use of OpenVPN the Internet connection via WLAN no longer works. This is not a trivial problem and can be very frustrating. Here I'll show you the steps I took to fix my network. Fully restored have - without reinstall the system.


Requirements / tools that I had installed

Before we get into solving the problem, here is my technical setup:

  • SystemZorin OS 17.3 (based on Ubuntu 22.04 LTS)
  • OpenVPN version: 2.5.11
  • Network Manager: NetworkManager
  • DNS management: systemd-resolved
  • VPN configuration: .ovpn File with certificates and auth-user-pass
  • Editor: nano
  • Network tools: nmcli, ip, resolvectl, ping, curl
  • Using the terminal: bash

I also had the following files in the VPN directory:

  • openvpn.ovpn
  • auth.txt
  • ca.crt, client.crt, client.key

The problem: No Internet after VPN connection

After successfully establishing a connection with OpenVPN, I initially had the feeling that "everything was working". But after a short time I realized:

  • Web pages no longer load
  • ping google.com fails
  • curl ifconfig.io hangs or delivers nothing
  • DNS resolution no longer worked
  • resolv.conf showed outdated or incorrect entries
  • do0 was not removed cleanly after separation

The solution: Step-by-step to network recovery

In the following, I will show the individual steps that were necessary to restore the Internet connection under Linux after a failed OpenVPN use - without reinstalling or abandoning the system.

The solution is divided into five logical areas:

  1. Routing repair
  2. DNS fix
  3. VPN cleanup
  4. Restarting the network stack
  5. Validation

1. routing repair: get rid of the old default route

After exiting the OpenVPN client, the route via the VPN tunnel interface (do0) is often received. As a result, all traffic continues to run into the void, even if the WLAN is reconnected.

Target: Remove the incorrect routes and set the correct default route again.

Steps:

# Terminate VPN tunnel completely
sudo pkill openvpn

Deactivate and remove # TUN interface
sudo ip link set tun0 down
sudo ip link delete tun0

We then check the routes with:

ip route

If routes such as 0.0.0.0/1 or 128.0.0.0/1 are present, then remove them:

sudo ip route del 0.0.0.0/1
sudo ip route del 128.0.0.0/1

Then restore the default route (in my case via the WLAN router):

sudo ip route add default via 192.168.178.1 dev wlo1

2nd DNS fix: Resolve names again

After an OpenVPN disconnect, the DNS servers from the VPN are often left behind. This means that no more domains can be resolved (e.g. google.com does not work, 1.1.1.1 already).

Reset DNS and reset correctly:

# Reset DNS configuration to default
sudo resolvectl revert wlo1
Set # DNS server (Cloudflare + Google)
sudo resolvectl dns wlo1 1.1.1.1 8.8.8.8
# Set DNS domain completely
sudo resolvectl domain wlo1 "~."

# Restart network services
sudo systemctl restart systemd-resolved
sudo systemctl restart NetworkManager

Then check with :

resolvectl status wlo1

Whether everything works is shown, for example:

resolvectl query google.com

3. VPN cleanup (optional but recommended)

If, like me, you realize that OpenVPN or the CyberGhost CLI has caused too much chaos (I use CyberGhost as a VPN, but on Linux there is only an install.sh without GUI) or you want to switch to a more stable setup (e.g. WireGuard with GUI), you can remove the package cleanly:

# Only if you really no longer need OpenVPN:
sudo apt remove --purge openvpn
sudo rm -rf /etc/openvpn

Optional: If CyberGhost was installed as a CLI and you no longer have any use for it:

sudo rm -rf /opt/cyberghostvpn /etc/opt/cyberghostvpn ~/.cyberghostvpn

4. restart the network stack

A restart of the services involved can help if, for example, the NetworkManager has become blocked or a connection is no longer being established.

sudo systemctl restart systemd-resolved
sudo systemctl restart NetworkManager

If the WLAN adapter still hangs, a reconnect can also help:

nmcli device disconnect wlo1
nmcli device connect wlo1

5. validation: Is the connection working again?

After recovery, you should perform the following checks:

  • WLAN shows "connected"
  • ip addr show tun0 no longer shows anything (has been removed)
  • ip route only shows the route via your local WLAN
  • resolvectl status wlo1 shows your DNS servers

Then test:

ping -c2 1.1.1.1
ping -c2 google.com
curl -s ifconfig.io

If everything works again - congratulations! Your Linux system is back online and you have learned a lot about network configuration.


My personal conclusion

After hours of debugging, countless terminal commands, DNS repairs, routing corrections and a network that suddenly refused to work at all, my realization is quite clear:

I will keep my hands off OpenVPN and the Linux command line integration of CyberGhost in the future.

What looks like a flexible, controlled setup on paper quickly turns out to be a fragile construct in practice - especially if the VPN does not terminate cleanly and leaves system services such as DNS resolvers or routing tables in chaos.

For me it is clear: If I want to use VPN under Linux, then only via graphical tools with clean lifecycle management (e.g. NetworkManager + WireGuard) or with prefabricated Snap-/Flatpak solutions that can be completely removed without leaving any residue.

Yes, I have learned a lot. But I've also seen how quickly a functioning Linux network can go down - just because of an incorrectly configured OpenVPN profile. If you didn't know what you were doing, you would have had the VPN tunnel, but you wouldn't have routed the normal network traffic (websites, streaming, etc.) via the VPN tunnel, but still unencrypted without a VPN tunnel and every website could see your IP address.

My advice to anyone who is not deeply involved in routing, DNS and NetworkManager: don't bother. Use simple VPN apps or WireGuard with GUI support - your nerves will thank you. (The repair alone took me about 1 hour with OpenAI ChatGPT o4-mini-high, without AI I could have reinstalled Linux).

I hope this article helps others who have fallen into a similar trap.

And if you are a Logitech MX Master 3S mouse user, you can find an article on how to use the Bluetooth Logitech mouse without USB dongle can be used.

You like this article? Share it!

Posted by Petr Kirpeit

All articles are my personal opinion and are written in German. In order to offer English-speaking readers access to the article, they are automatically translated via DeepL. Facts and sources will be added where possible. Unless there is clear evidence, the respective article is considered to be my personal opinion at the time of publication. This opinion may change over time. Friends, partners, companies and others do not have to share this position.

Leave a Reply