🐧 NymVPN Linux — Feedback / bugs / features requests

Hello Nym Community!

We’re excited about the upcoming paid launch of NymVPN! We’d love to hear your thoughts on our : Linux app—your feedback is essential in helping us improve its privacy and usability.

How you can help:

• Share your experience: Let us know how the app is performing on your device. Is the connection stable? How’s the speed?
• Report issues: Encounter any bugs or glitches? Please detail them so we can address them promptly.
• Suggest features: Have ideas for new features or improvements? We’re eager to hear your suggestions.

How to provide feedback:

• Reply to this thread: Share your insights directly by replying below.
• Join our Community channels: Connect with us on Matrix, Discord or Telegram for real-time discussions.
• Get in touch with our Support team. Don’t forget to check our Help Center first.

Reminder: Never share your 24-word passphrase with anyone—not even with Nym Support!

Thank you for being an essential part of the Nym community. Together, we’re building a more private and secure internet.

I have installed NymVPN client on MX Linux.

1. Why does the daemon keep reporting my declining WireGuard bandwidth for the day and then resets with a corresponding break in my VPN connection? Not good for streaming.
   EDIT: After further streaming monitoring it seems like the gateways reset their bandwidth at about 100MB remaining to 500Mb approx…no further streaming breaks so far…maybe this is correct behaviour???
2. Why do I have to manually start the daemon each time for NymVPN. Is it foreseen to include this in the app going forward?

Thanks for the feedback!

Let me get back to you on this one.

This is something we want to address.

I’ve installed the client on Debian 12.
When I try to connect, I get a “Storage backend error”. Tried the deb package and the AppImage.

Any ideas?

I have a strong suspicion that the “Storage backend error” is related to JWT timestamp being out of sync. We’ll have a fix for that shortly

If you have the ability to drop down to a terminal, you could get the logs with

sudo journalctl -u nym-vpnd.service --since="yesterday"

I’d be curious to see the lines leading up to that error

As a side note, there is also some work underway to make the logs accessible from within the app

Hi jon-nym

thanks for your reply.

Here the log snippet between the last boot and the error:

********************** systemd[1]: Started nym-vpnd.service - nym-vpnd daemon.
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.120747Z  INFO nym_vpnd::logging: nym-vpnd 1.5.3 (3b3df3b5229d98d77029b5eee19a4db144190bb1)
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.123680Z  INFO nym_vpnd::service::config: Creating config file at /etc/nym/config.toml
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.146411Z  WARN nym_http_api_client::dns: primary DNS failed w/ error proto error: io error: Network is unreachable (os error 101): using system fallback
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.146896Z  WARN hickory_resolver::system_conf::unix: no nameservers found in config
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.147718Z  WARN nym_vpn_network_config::envs: Failed to update envs file: Failed to fetch envs
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.148116Z  WARN nym_vpn_network_config::envs: Attempting to read envs file instead
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.149054Z  INFO nym_vpnd::environment: Setting up environment by discovering the network: mainnet
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.151773Z  WARN nym_http_api_client::dns: primary DNS failed w/ error proto error: io error: Network is unreachable (os error 101): using system fallback
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.152238Z  WARN nym_vpn_network_config::discovery: Failed to refresh discovery file: Failed to read response text
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.152255Z  WARN nym_vpn_network_config::discovery: Attempting to use existing discovery file
********************** nym-vpnd[1342]: 2025-03-19T08:59:33.155050Z  WARN nym_http_api_client::dns: primary DNS failed w/ error proto error: io error: Network is unreachable (os error 101): using system fallback
********************** nym-vpnd[1342]: Error: Discovery endpoint returned error response
********************** nym-vpnd[1342]: Caused by:
********************** nym-vpnd[1342]:     0: there was an issue with the REST request: error sending request for url (https://validator.nymtech.net/api/v1/network/details)
********************** nym-vpnd[1342]:     1: error sending request for url (https://validator.nymtech.net/api/v1/network/details)
********************** nym-vpnd[1342]:     2: client error (Connect)
********************** nym-vpnd[1342]:     3: dns error: No connections available
********************** nym-vpnd[1342]:     4: No connections available
********************** systemd[1]: nym-vpnd.service: Main process exited, code=exited, status=1/FAILURE
********************** systemd[1]: nym-vpnd.service: Failed with result 'exit-code'.
********************** systemd[1]: nym-vpnd.service: Scheduled restart job, restart counter is at 1.
********************** systemd[1]: Stopped nym-vpnd.service - nym-vpnd daemon.
********************** systemd[1]: Started nym-vpnd.service - nym-vpnd daemon.
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.221647Z  INFO nym_vpnd::logging: nym-vpnd 1.5.3 (3b3df3b5229d98d77029b5eee19a4db144190bb1)
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.221766Z  INFO nym_vpnd::service::config: Creating config file at /etc/nym/config.toml
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.225339Z  WARN nym_http_api_client::dns: primary DNS failed w/ error proto error: io error: Network is unreachable (os error 101): using system fallback
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.225383Z  WARN hickory_resolver::system_conf::unix: no nameservers found in config
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.225761Z  WARN nym_vpn_network_config::envs: Failed to update envs file: Failed to fetch envs
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.225787Z  WARN nym_vpn_network_config::envs: Attempting to read envs file instead
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.225813Z  INFO nym_vpnd::environment: Setting up environment by discovering the network: mainnet
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.227132Z  WARN nym_http_api_client::dns: primary DNS failed w/ error proto error: io error: Network is unreachable (os error 101): using system fallback
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.227487Z  WARN nym_vpn_network_config::discovery: Failed to refresh discovery file: Failed to read response text
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.227493Z  WARN nym_vpn_network_config::discovery: Attempting to use existing discovery file
********************** nym-vpnd[2037]: 2025-03-19T08:59:35.229214Z  WARN nym_http_api_client::dns: primary DNS failed w/ error proto error: io error: Network is unreachable (os error 101): using system fallback
********************** nym-vpnd[2037]: Error: Discovery endpoint returned error response
********************** nym-vpnd[2037]: Caused by:
********************** nym-vpnd[2037]:     0: there was an issue with the REST request: error sending request for url (https://validator.nymtech.net/api/v1/network/details)
********************** nym-vpnd[2037]:     1: error sending request for url (https://validator.nymtech.net/api/v1/network/details)
********************** nym-vpnd[2037]:     2: client error (Connect)
********************** nym-vpnd[2037]:     3: dns error: No connections available
********************** nym-vpnd[2037]:     4: No connections available
********************** systemd[1]: nym-vpnd.service: Main process exited, code=exited, status=1/FAILURE
********************** systemd[1]: nym-vpnd.service: Failed with result 'exit-code'.
********************** systemd[1]: nym-vpnd.service: Scheduled restart job, restart counter is at 2.
********************** systemd[1]: Stopped nym-vpnd.service - nym-vpnd daemon.
********************** systemd[1]: Started nym-vpnd.service - nym-vpnd daemon.
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.316566Z  INFO nym_vpnd::logging: nym-vpnd 1.5.3 (3b3df3b5229d98d77029b5eee19a4db144190bb1)
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.316611Z  INFO nym_vpnd::service::config: Creating config file at /etc/nym/config.toml
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.319619Z  WARN nym_http_api_client::dns: primary DNS failed w/ error proto error: io error: Network is unreachable (os error 101): using system fallback
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.319644Z  WARN hickory_resolver::system_conf::unix: no nameservers found in config
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.320071Z  WARN nym_vpn_network_config::envs: Failed to update envs file: Failed to fetch envs
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.320085Z  WARN nym_vpn_network_config::envs: Attempting to read envs file instead
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.320115Z  INFO nym_vpnd::environment: Setting up environment by discovering the network: mainnet
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.321328Z  WARN nym_http_api_client::dns: primary DNS failed w/ error proto error: io error: Network is unreachable (os error 101): using system fallback
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.321698Z  WARN nym_vpn_network_config::discovery: Failed to refresh discovery file: Failed to read response text
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.321704Z  WARN nym_vpn_network_config::discovery: Attempting to use existing discovery file
********************** nym-vpnd[2516]: 2025-03-19T08:59:37.322810Z  WARN nym_http_api_client::dns: primary DNS failed w/ error proto error: io error: Network is unreachable (os error 101): using system fallback
********************** nym-vpnd[2516]: Error: Discovery endpoint returned error response
********************** nym-vpnd[2516]: Caused by:
********************** nym-vpnd[2516]:     0: there was an issue with the REST request: error sending request for url (https://validator.nymtech.net/api/v1/network/details)
********************** nym-vpnd[2516]:     1: error sending request for url (https://validator.nymtech.net/api/v1/network/details)
********************** nym-vpnd[2516]:     2: client error (Connect)
********************** nym-vpnd[2516]:     3: dns error: No connections available
********************** nym-vpnd[2516]:     4: No connections available
********************** systemd[1]: nym-vpnd.service: Main process exited, code=exited, status=1/FAILURE
********************** systemd[1]: nym-vpnd.service: Failed with result 'exit-code'.
********************** systemd[1]: nym-vpnd.service: Scheduled restart job, restart counter is at 3.
********************** systemd[1]: Stopped nym-vpnd.service - nym-vpnd daemon.
********************** systemd[1]: Started nym-vpnd.service - nym-vpnd daemon.
********************** nym-vpnd[3419]: 2025-03-19T08:59:39.439955Z  INFO nym_vpnd::logging: nym-vpnd 1.5.3 (3b3df3b5229d98d77029b5eee19a4db144190bb1)
********************** nym-vpnd[3419]: 2025-03-19T08:59:39.440025Z  INFO nym_vpnd::service::config: Creating config file at /etc/nym/config.toml
********************** nym-vpnd[3419]: 2025-03-19T08:59:40.089679Z  INFO nym_vpnd::environment: Setting up environment by discovering the network: mainnet
********************** nym-vpnd[3419]: 2025-03-19T08:59:40.837969Z  INFO nym_vpn_api_client::client: Not enabling DNS resolver overrides because static addresses are not set
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.487799Z  INFO nym_vpnd::command_interface::start: Starting socket listener on: /var/run/nym-vpn.sock
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.488046Z  INFO nym_vpn_account_controller::controller: Starting account controller
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.488340Z  INFO nym_vpn_account_controller::controller: Account controller: data directory: "/var/lib/nym-vpnd/mainnet"
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.488348Z  INFO nym_vpn_account_controller::controller: Account controller: credential mode: true
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.499218Z  INFO nym_vpn_account_controller::storage::credentials::pending_credential_requests: Setting up pending credential requests storage: "/var/lib/nym-vpnd/mainnet/pending_credential_requests.db"
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.501473Z  INFO nym_vpn_api_client::client: Not enabling DNS resolver overrides because static addresses are not set
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.505254Z  INFO nym_vpn_account_controller::controller: Account id: (unset)
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.505284Z  INFO nym_vpn_account_controller::controller: Device id: ***************************************
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.507474Z  INFO nym_vpn_account_controller::storage::credentials: Ticketbooks stored: 0
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.509637Z  INFO nym_vpn_account_controller::controller: ← SyncAccountState
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.509699Z  INFO nym_vpn_account_controller::controller: ← SyncDeviceState
********************** nym-vpnd[3419]: 2025-03-19T08:59:41.512380Z  INFO nym_firewall: Resetting firewall policy
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.123426Z  INFO grpc_vpnd: ← Info ()
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.124304Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=218µs time.idle=663µs req="Info"
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.130247Z  INFO grpc_vpnd: ← GetTunnelState ()
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.130532Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=144µs time.idle=145µs req="GetTunnelState"
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.130656Z  INFO grpc_vpnd: ← Info ()
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.130813Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=58.0µs time.idle=100µs req="Info"
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.131661Z  INFO grpc_vpnd: ← ListenToEvents ()
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.132163Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=412µs time.idle=89.2µs req="ListenToEvents"
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.146838Z  INFO grpc_vpnd: ← GetNetworkCompatibility ()
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.147094Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=125µs time.idle=132µs req="GetNetworkCompatibility"
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.794549Z  INFO grpc_vpnd: ← GetTunnelState ()
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.794706Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=53.1µs time.idle=106µs req="GetTunnelState"
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.795363Z  INFO grpc_vpnd: ← IsAccountStored ()
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.795500Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=57.4µs time.idle=79.9µs req="IsAccountStored"
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.797362Z  INFO grpc_vpnd: ← GetAccountLinks ()
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.797818Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=377µs time.idle=81.5µs req="GetAccountLinks"
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.798445Z  INFO grpc_vpnd: ← GetSystemMessages ()
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.798617Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=72.8µs time.idle=102µs req="GetSystemMessages"
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.959135Z  INFO grpc_vpnd: ← ListGateways ()
********************** nym-vpnd[3419]: 2025-03-19T08:59:43.959519Z  INFO grpc_vpnd: nym_vpn_api_client::client: Not enabling DNS resolver overrides because static addresses are not set req="ListGateways"
********************** nym-vpnd[3419]: 2025-03-19T08:59:44.789637Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=8.26ms time.idle=822ms req="ListGateways"
********************** nym-vpnd[3419]: 2025-03-19T09:00:12.502873Z  INFO grpc_vpnd: ← StoreAccount ()
********************** nym-vpnd[3419]: 2025-03-19T09:00:12.503245Z  INFO nym_vpn_account_controller::controller: ← StoreAccount
********************** nym-vpnd[3419]: 2025-03-19T09:00:13.687451Z  WARN nym_vpnd::service::vpn_service: StoreAccount took 1184 ms to execute
********************** nym-vpnd[3419]: 2025-03-19T09:00:13.687574Z  INFO grpc_vpnd: nym_vpnd::command_interface::start: close time.busy=73.1µs time.idle=1.18s req="StoreAccount"

Thanks, I will have a look!

Those errors are mostly due to some of account syncing failing as network is not available that early during boot. We are working on making these steps aware of connectivity, which should solve that

I notice today that UK connections are either not working or they connect but do not decode for example BBC iPlayer ‘not available in your region’. Any info would be welcome.

Thanks for reporting. Can you share your choice of location or exit gateway? We’ll try to reproduce.

I’ve had a compatibility issue on Manjaro using Wayland.

Logs

2025-06-13T10:46:12.609826Z  INFO nym_vpn_app: os: Linux (Manjaro Linux 25.0.3) 6.12.28-1-MANJARO x86_64
2025-06-13T10:46:12.609844Z  INFO nym_vpn_app: display server: Wayland
2025-06-13T10:46:12.609845Z  INFO nym_vpn_app: gpu: NVIDIA
2025-06-13T10:46:12.610503Z  INFO nym_vpn_app: app version: 1.10.0
2025-06-13T10:46:12.610514Z  INFO nym_vpn_app: Starting tauri app
2025-06-13T10:46:12.682582Z  INFO nym_vpn_app: app setup
2025-06-13T10:46:12.682594Z  INFO nym_vpn_app: Creating k/v embedded db
2025-06-13T10:46:12.682604Z  INFO new: nym_vpn_app::fs::path: app data dir: /home/yweb/.local/share/nym-vpn-app
2025-06-13T10:46:12.682611Z  INFO new: nym_vpn_app::db: opening db at /home/yweb/.local/share/nym-vpn-app/db
2025-06-13T10:46:12.699976Z  INFO new: nym_vpn_app::db: using existing db at /home/yweb/.local/share/nym-vpn-app/db
2025-06-13T10:46:12.752089Z  WARN set_max_size: nym_vpn_app::window: failed to get current monitor details
2025-06-13T10:46:12.752116Z  INFO nym_vpn_app::fs::path: app config dir: /home/yweb/.config/nym-vpn-app

(nym-vpn-app:178581): libayatana-appindicator-WARNING **: 12:46:12.762: libayatana-appindicator is deprecated. Please use libayatana-appindicator-glib in newly written code.
2025-06-13T10:46:12.763741Z  INFO nym_vpn_app: starting vpnd spy
2025-06-13T10:46:12.764211Z  INFO vpnd_info: nym_vpn_app::grpc::client: vpnd UP
2025-06-13T10:46:12.764223Z  INFO vpnd_info: nym_vpn_app::grpc::client: vpnd version: 1.10.0, network env: mainnet
2025-06-13T10:46:12.772553Z  INFO vpnd_info: nym_vpn_app::grpc::client: user agent: UserAgent { application: "NymVPN", version: "1.10.0 (1.10.0)", platform: "linux; 25.0.3; x86_64", git_commit: "23e2655 (59a28868674126e022b70ad91d0f6d1c3aa0bce0)" }
2025-06-13T10:46:12.772907Z  INFO update_vpnd_state:set_vpnd_status: nym_vpn_app::state::app: daemon version compatibility check OK info=VpndInfo { version: "1.10.0", network: "mainnet", git_commit: "59a28868674126e022b70ad91d0f6d1c3aa0bce0" } info=VpndInfo { version: "1.10.0", network: "mainnet", git_commit: "59a28868674126e022b70ad91d0f6d1c3aa0bce0" }
2025-06-13T10:46:12.772923Z  INFO update_vpnd_state:set_network_compat: nym_vpn_app::state::app: core version is compatible with the network, local version: [1.10.0], network version: [1.9.0] info=VpndInfo { version: "1.10.0", network: "mainnet", git_commit: "59a28868674126e022b70ad91d0f6d1c3aa0bce0" } network_compat=Some(NetworkCompatVersions { core: "1.9.0", tauri: "1.9.0" }) pkg_version=Version { major: 1, minor: 10, patch: 0 } info=VpndInfo { version: "1.10.0", network: "mainnet", git_commit: "59a28868674126e022b70ad91d0f6d1c3aa0bce0" }
2025-06-13T10:46:12.772929Z  INFO update_vpnd_state:set_network_compat: nym_vpn_app::state::app: tauri version is compatible with the network, local version: [1.10.0], network version: [1.9.0] info=VpndInfo { version: "1.10.0", network: "mainnet", git_commit: "59a28868674126e022b70ad91d0f6d1c3aa0bce0" } network_compat=Some(NetworkCompatVersions { core: "1.9.0", tauri: "1.9.0" }) pkg_version=Version { major: 1, minor: 10, patch: 0 } info=VpndInfo { version: "1.10.0", network: "mainnet", git_commit: "59a28868674126e022b70ad91d0f6d1c3aa0bce0" }
2025-06-13T10:46:12.773148Z  INFO tunnel_state: nym_vpn_app::grpc::client: tunnel state [disconnected]
2025-06-13T10:46:12.773157Z  INFO nym_vpn_app: watching vpn tunnel events
2025-06-13T10:46:12.983597Z  INFO js: nym_vpn_app::commands::log: starting UI
2025-06-13T10:46:13.000199Z  INFO get_tunnel_state:tunnel_state: nym_vpn_app::grpc::client: tunnel state [disconnected]
2025-06-13T10:46:13.000208Z  INFO is_account_stored: nym_vpn_app::commands::account: account stored: true
2025-06-13T10:46:13.004958Z  INFO js: nym_vpn_app::commands::log: show main window
2025-06-13T10:46:13.013068Z  INFO js: nym_vpn_app::commands::log: no entry node saved, using default country {"name":"Switzerland","code":"CH"}
2025-06-13T10:46:13.013082Z  INFO js: nym_vpn_app::commands::log: no exit node saved, using default country {"name":"Switzerland","code":"CH"}
Gdk-Message: 12:46:13.160: Error 71 (Erreur de protocole) dispatching to Wayland display.

I had to modify nym-vpn.desktop and add

WEBKIT_DISABLE_DMABUF_RENDERER=1

As an argument in order to be able to launch the client.

Hi @krag-held-smeh and welcome to the Nym forum! Thanks for the feedback - I’ll make sure our Dev team sees this.

Is there an arm based architecture in the works? I need it to be able to install nym on my Raspberry Pi.

there will be a community RFP to help build an ARM build soon!

I bought a 1-year subscription using the Black Friday offer and have been running some on-off experiments with it. As a client application, it seems to work as advertised but my main requirement is that I want to run Nym VPN on a gateway VM and, when I wish to use the VPN from a client machine or VM, I selectively route some or all of my traffic to the Nym VM. This is proving to be considerably more complicated that I was expecting it to be.

In my set-up, Nym is running on a KVM/libvirt VM and the VM’s OS is Debian 13. It’s a headless instance and doesn’t have any graphical environment installed, so all interaction with Nym is via the CLI binary nym-vpnc. All the necessary sysctl forwarding stuff has been done and, when the VPN tunnel is down, a client machine/VM can access the Internet via the Nym VM. However, the moment I start the Nym VPN tunnel (using wg), the client’s access to the Internet is lost. This is where the “fun” starts…

It turns out that the moment I run nym-vpnc connect-v2 (with or without --wait) a whole raft of nft rules get applied, which result in the client’s traffic, which is coming in on interface enp1s0 (previously known as eth0), getting dropped. I have battled with this for over two days but the nft rules are pretty complicated and, so far, all attempts at getting client traffic on enp1s0 to pass through to the VPN tunnel have failed.

There is a “lan set” option in nym-vpnc that allows me to “Set local network access policy”, with the options being either “block” or “allow”. What I am blocking or allowing access to is unclear from that wording, so I was hoping that it would allow/block LAN access to the Nym VPN tunnel. Unfortunately, as I learned the hard way, it just shut off SSH access, which was rather unhelpful.

So, I have two requests:

1. That someone with ninja-level nft skills can provide me with a workaround to the current blocking of access from the LAN to the VPN tunnel. Ideally, this would be something that I could run at VM startup and would survive VPN connects and disconnects.
2. That the developers provide an official method, via nym-vpnc, to toggle access from the LAN on/off. Once this is available, the nft workaround would no longer be necessary. (This assumes that the blocking of LAN access was not accidental.)

I don’t know why traffic from the LAN is being blocked - or even if it is deliberate - but it runs counter to my requirement of creating a VPN gateway, a requirement that will, I am sure, be shared by many other people. Feedback from the developers would be most welcome.

Hi there,

I’ve been interested in the same setup (and I am impatiently awaiting the wireguard configuration option for routers etc.).

I’ve setup an LXC container using debian13 on PVE on which I’ve had to add a few configurations lines (/etc/pve/lxc/xxx.conf) in order for the tun0/1 interfaces to be created correctly:

lxc.cgroup.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

On the nym container itself, I’d then added the followings (eth0 being the untrusted interface while eth1 being a internal/trusted adapter) (I’m no nft expert at all so that may be dirty…):

echo 1 > /proc/sys/net/ipv4/ip_forward

nft add table nat
nft – add chain nat prerounting { type nat hook prerouting priority 0 ; }
nft add chain ip nat postrouting { type nat hook postrouting priority 100 ; }
nft add rule nat postrouting oifname “tun1” masquerade

For the records, I have disabled IPv6 on that nym-lxc node. Hence had to specify that fact within my nym-vpnc directives:

/usr/bin/nym-vpnc lan set allow
/usr/bin/nym-vpnc tunnel set --ipv6 off
/usr/bin/nym-vpnc connect-v2 --wait

Then I fired another LXC within the same broadcast domain as the eth1 interface on the nym-lxc node and tested connectivity using the nym-lxc as the local gateway – all flying out perfectly here. As a note, Without the nft entries above, I’d have seen traffic sent torward the tun1 interface although not source NAT’ed, hence without much chances to succeed.

Hope this helps a bit.

Hey NYM team, thanks for what you do it’s awesome! Please help us hooking up our routers, I can’t wait =]

image1429×694 178 KB

Hi solarninja, so it looks like you are the ninja-level nft expert I was looking for. Your fix worked like a charm. Many thanks! (Love the name, BTW.)

Your code needed a bit of cleaning up because it was throwing syntax errors, but no biggie. Specifically, the long hyphen before “add”, the unescaped semicolons and the double quotes around tun1 which were probably transformed by (I think it’s) Markdown into 66-99 quotes. It looks like I can run this at VM startup even though tun1 doesn’t exist then, so SUCCESS!

Slightly off-topic, I read the recent post titled “Some Criticisms of NymVPN” and some of the points are well made. Support does seem currently to be a little “thin”. I don’t use X/Twitter or Telegram, so this forum would seem to be the most suitable place for questions and discussions. It’s not exactly overrun with either so replies from the Nym team should have a relatively quick turnaround. I posted a question 3 days ago and nobody from Nym has replied, even to say “we’re looking into it”. All the technical excellence in the world is not going to succeed without solid support from the vendor. They were a free service at the beginning of the year but by moving onto a paid-for basis, responsibilities change and IMO they need to up their game in supporting their customer base. It’s great that you were able to step in an help another member of this community, but some feedback from the team would also be appreciated.

Yeah for some reasons the double dash are swallowed up by the forum platform it seems.. so the 2nd line reads: nft <double dash> add chain nat prerounting { type nat hook prerouting priority 0 ; }