How I set up a VPN connection

Set up a VPN connection in System Settings, Network Connections.

Press the + to add a new connection.

Scroll to the very bottom and chose “import new connection” and choose your downloaded openVPN config file. I used UDP but TCP might also work.

Enter your username, password, and select store for all users or single user, if you want to be prompted for your password each time.

EDIT - thanks to a user comment (Musicguy182), I learned that NordVPN no longer uses your email and password for OpenVPN. If this is your VPN provider, log in to your account, go to Services, Nord VPN, then manual setup. Your credentials to use will be generated there.

Save. When you try to connect, it should say VPN Plugin is missing.

To fix this, you need to run some konsole commands that modify the filesystem.

I created these into a script for myself so I could do it painlessly after each system update, as the updates will remove this plugin.

**Make sure you have a sudo password set before beginning!** You can type passwd to do this. You never see what you’re typing as you’re entering a password; be careful. Press enter after each line, they’re separate commands.

sudo steamos-readonly disable

sudo pacman-key --init

sudo pacman-key --populate

sudo pacman -S networkmanager-openvpn

sudo steamos-readonly enable

Install packages when it asks (Y) or (N).
Now the OpenVPN plugin should be installed and your connection should work.

Then if you want, you can create additional scripts to add as non-Steam games to enable and disable your VPN connection in game mode.

nmcli connection up "Connection Name"

(This enables the connection).

nmcli connection down "Connection Name"

(This disables it)

Connection name is whatever it’s called in Network Connections. I changed mine to NordVPN (Toronto), but obviously choose whatever you like.

If you want to make them into scripts, add the above texts, but preface it with:

#!/usr/bin/bash

on its own line at the start of the file in kwrite.

Save the file as whateveryouwant.sh, and then edit the properties to make them executable.

If you add them to Steam you can add you own artwork and access them in Game Mode, meaning you don’t have to always go over to Desktop Mode to activate your VPN.

Sleep and Resume disables the connection, so it’s a beneficial way to turn it back on quickly.

If you ALWAYS want the VPN active on a connection, then you can set that in desktop mode in Network Settings and it’ll autoconnect when resuming from sleep.

Edit - adding this section in case anyone comes across the issue of /usr being read-only and saying not enough free disk space, despite disabling read-only in the first step. This seems to be a result of having the TunnelDeck plugin installed and then updating the OS.

sudo systemd-sysext status

sudo systemd-sysext unmerge

sudo pacman -S networkmanager-openvpn

sudo systemctl restart NetworkManager

sudo systemd-sysext merge

After doing this and restarting, your VPN should work again.

Hilariously enough, I’m coming back here to fix my own problems with vpn access lol. Thank you, self!

Sucks this got buried, it’s such a good and thorough guide, even for the steamdeck specific stuff for people comfortable with Linux.

Thank you OP!

Hope u/quidamphx doesn’t mind me making two top level comments. I wanted to document some issues that I ran into most likely as a result of using wireguard instead of openvpn.

First issue that I ran into was that I couldn’t get the scripts for enabling and disabling the vpn working. See this comment from me on how I addressed it.

Second issue is that I wasn’t able to make the vpn auto connect whenever I joined a certain network. I didn’t want the vpn to auto connect all the time (for instance when I’m already on my home network). I found the reason for this is that there is a bug in Network Manager. Following the suggestions in there, you can write a script as a workaround; now the script in the bug ticket only checks for a certain network interface, so I adjusted it to enable vpn on a list of wifi networks. You can put the script in /etc/NetworkManager/dispatcher.d/ where it will automatically be picked up; you can name it anything, but note that if you have multiple scripts, it will run them in alphabetical order. To use the network name in your script, use the env variable $CONNECTION_ID. Here is a template of my script

​

#!/bin/bash

COMMAND="$2"
DEVICE="$1"

case $CONNECTION_ID in

    "Wifi 1" | "Wifi 2")
        if [[ ${COMMAND} == "up" && ${DEVICE} == "wlan0" ]]
        then
            nmcli connection up Name-of-wireguard-connection
        elif [[ ${COMMAND} == "down" && ${DEVICE} == "wlan0" ]]
        then
            nmcli connection down Name-of-wireguard-connection
        fi
        ;;

    *)
        echo "No VPN needed"
        ;;

esac

I realise that I’m late to the party, but I’d like to say “thank you” for posting this.

I’ve not really messed around with Linux before now and wasn’t really looking forward to the aggro of flashing steamos back onto my deck when I inevitably cocked something up.

That said, I installed the ProtonVPN gui from discovery whilst in desktop mode. Unfortunately, it threw up errors and wouldn’t connect. Search results ranged from mildly informative, to far too technical with far more information than I needed at that moment.

I finally came across your guide which is both concise and coherent. I have only gone as far as getting my vpn running correctly by following your guide up to the point of writing the script for gaming mode (I’m happy to connect manually when I need it). After taking it one step at a time, I am happy to report that it worked straight off the bat with no issues.

So again, my thanks for the guide and for your time in making it.

Thank you for this but it did not work for me until I changed it to:

 #!/bin/bash

I had the scripts saved on my sd card so maybe that’s why?

EDIT: I guess it only works in desktop mode. In gaming mode vpn doesn’t connect…

after i put “sudo pacman -S networkmanager-openvpn”, it show me “partition /usr is mounted read only” “Not enough free disk space”. Any ideas? (ps with “sudo steamos-readonly disable” and other commands there is no problem. )

I am having an issue trying to connect to a NordVPN server. If anyone has any thoughts please let me know.

I downloaded the UDP file off the Nord website.

I followed guide and got OpenVPN plugin installed, and when I click connect it loads, then I get prompted to enter a password to authenticate the connection. The wording is “Provide the secrets for the VPN connection” Top of the window prompt says “VPN secrets (openvpn) dialog --KDE Daemon”

My first thought was this was probably prompting me for my Duel Factor authentication code, but that does not work. I tried disabling MFA on my account and that does not work. I have also tried my Nord accounts password, which also fails to authenticate. I also tried my SteamOS admin password which does not work. What else could this be?

Anyone else run into this?

You just saved my Sunday. I was looking so much for a solutions like this. Thank you so much!

I set the .sh file as an executable, but double clicking on it doesn’t seem to open anything. I have to right click and click “Run in Konsole”. Any ideas? This is for the pacman stuff, not bringing up a connection

I’ve created the scripts and confirm they work in desktop mode. I’ve added it to the steam library and confirmed that in desktop mode, launching it from the steam gui works.

However, when I go into game mode and launch the script, it just hangs and launching chrome side by side, I confirm that I’m NOT on the vpn. Any thoughts? Also, when I try to abort the script, my deck crashes and goes into reboot.

The only way I was able to get the vpn connection to work in game mode was add Konsole as a non steam game, then go in there and issue the connection up command.

sudo pacman -S networkmanager-openvpn returns 404 error

Do you have a recommendation on which openVPN config file to get?

My regular vpn, expressVPN doesn’t seem to have an open vpn config file to download, or maybe i am just too inexperienced to understand what to get.

I am ready to switch to a different vpn if you have a better one in mind? Honestly i just want a set and forget vpn that i can turn on and off easily.

Does this still work for you? Something changed and nothing will connect anymore. It just spins forever saying “Connecting…”. I tried re-running all of the commands and even re-installing the openVPN profile.

First of all thanks a lot for this guide. Really helpful!
Can you give more details on the always connect option? I saw that optiom in the system setting but somehow its disabled for me and I cant activate the checkbox.

Does anyone know how to activate or make a script for the killswitch, I download a lot of torrents.
And I don’t want to take a risk.

This is an amazing guide. A quick question though - when I write the Pac-Man init command i get the “gpg: running with fake system time” error. I’m new to Deck and Linux. So any help will be appreciated.

The importance of documentation

That’s the main reason why I document stuff - just so I can get it out of my mind and be able to come back to it later. If someone else benefits, that is a bonus

Super helpful. Hopefully this resource stays easy to find for others that need help in the future until VPN functionality is a little more built-in, if it ever is.