Network-manager can't store secrets on debian 13

User Support General

solene January 6, 2026, 9:03pm 1

I was getting started writing a guide for OpenVPN VPN on debian 13 (tried minimal and xfce) on R4.3 but I face a blocking issue and I really can’t figure the fix, so here am I asking for help

After importing the openvpn config, I can’t use it as it can’t find the secrets. Here is the error message in the logs

Jan 06 21:54:32 sys-openvpn-test2 NetworkManager[873]: <warn>  [1767732872.3245] vpn[xxxx,"xxx.tcp"]: secrets: failed to request VPN secrets #3: No agents were available for this request.

Seems like gnome-keyring got started (by default the systemd socket of gnome-keyring is started)

Jan 06 21:54:32 sys-openvpn-test2 NetworkManager[873]: <warn>  [1767732872.3245] vpn[0x5e819fb80710,35cce92f-86ad-4f4a-9a51-25003764c8ba,"gr-50.protonvpn.tcp"]: secrets: failed to request VPN secrets #3: No agents were available for this request.

any idea?

solene January 6, 2026, 9:12pm 2

When using a fedora 43 template, network manager asks me the credentials and then saves them. This does not happen in Debian

barto January 6, 2026, 10:10pm 3

Quick SWAG: do you have polkit running? NetworkManager is very fond of polkit

EDIT:
nmcli general permissions
… shows the polkit permissions or throws errors.

solene January 6, 2026, 10:17pm 4

Is this an extra step? I never had to enable a polkit service on any OS I used.

I’ll try soon the network manager command. I can’t do it now.

renehoj January 6, 2026, 10:21pm 5

Don’t know if it works in D13, but this is what I use in D12

nmcli con up $id passwd-file pass.txt

pass.txt contains the password, here is the format:
vpn.secret.password:PASSWORD

1 Like

Zrubi January 7, 2026, 5:55am 6

And how it is better than simply let the NM to save the password? - just asking.

solene January 7, 2026, 7:06am 7

Actually, my issue is that network manager NEED this secret manager service to store secrets.

renehoj January 7, 2026, 7:07am 8

I couldn’t get NM to set the password without human interaction.

I needed a way to apply the same password to a very long list of ovpn config files, without having to enter password everytime a new config was used.

Zrubi January 7, 2026, 7:34am 9

Might be that they don’t told me that - I can simply write the pw in the config file - and boom - it works

Zrubi January 7, 2026, 7:37am 10

in the GUI, if you set to store the pw ‘for all users’ then it will actually write to the config directly without any other magic needed.

If you set it to the ‘only this user’ - then it’s trying to use some secret managing services, like gnome keyring.

1 Like

Zrubi January 7, 2026, 7:38am 11

surely make sense in such case - thanks

DVM January 7, 2026, 9:55am 12

I tested a Mullvad OpenVPN configuration on a standalone qube based on debian-13-xfce, and it seems to work fine with the keyring. The only thing I did was install the network-manager-openvpn-gnome package, as I usually do on Debian.

Do you import the config with the GUI or CLI?

solene January 7, 2026, 9:57am 13

I imported it from CLI and GUI I had network-manager-openvpn-gnome installed as well.

barto January 7, 2026, 9:59am 14

“Hello, IT, have you tried turning it off and on again?”

DVM January 7, 2026, 10:30am 15

I downloaded the latest debian-13-xfce template to see if it was broken, since mine was from August. However, it seems to work as well.

Could you try using Mullvad? You don’t need to pay for the service. Just create a new numbered account and download a random OpenVPN configuration file from the website. It will refuse to connect, but that’s just to test if the keyring step works.

solene January 7, 2026, 12:22pm 16

everything is reported as correct

solene January 7, 2026, 12:29pm 17

I was indeed missing network-manager-openvpn-gnome although I was sure to have installed it. Solved!

2 Likes