I would like to revive this bug report. I will describe the problem in detail. I run an ovpn script from the command line and everything goes well. The ovpn file: client dev tun remote nl.vpn.******.org 443 resolv-retry infinite nobind persist-key persist-tun auth-nocache mute-replay-warnings route 10.0.1.0 255.255.255.0 10.0.2.136 route 10.0.0.0 255.255.255.0 10.0.2.136 route-delay 5 verb 3 explicit-exit-notify 5 remote-cert-tls server cipher AES-256-CBC comp-lzo no proto udp key-direction 1 I left out certivicates because they are here irrelevant. The route table before the execution of openvpn is: Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.136 0.0.0.0 UG 100 0 0 enp3s0 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp3s0 10.0.2.136 is my home router. After the execution of sudo openvpn the route table is: Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.17.76.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 10.0.2.136 0.0.0.0 UG 100 0 0 enp3s0 10.0.0.0 10.0.2.136 255.255.255.0 UG 0 0 0 enp3s0 10.0.1.0 10.0.2.136 255.255.255.0 UG 0 0 0 enp3s0 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp3s0 10.17.76.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 128.0.0.0 10.17.76.1 128.0.0.0 UG 0 0 0 tun0 213.152.162.73 10.0.2.136 255.255.255.255 UGH 0 0 0 enp3s0 This looks a bit complicated to me but it is working. Note the two lines for the networks 10.0.1.0/24 and 10.0.0.0/24. They are needed to divert traffic for those networks to my home router 10.0.2.136. Traffic for my home network 10.0.2.0/24 stays in the home network. All other traffic goes to the tun0 device (the vpn provider). In the Network Manager I imported the ovpn file and the resulting network manager file /etc/NetworkManager/system-connections/vpnnl file is: id=provider_UDP-443 uuid=88baf716**** type=vpn autoconnect=false permissions= [vpn] cert-pass-flags=0 cipher=AES-256-CBC comp-lzo=no-by-default connection-type=tls dev=tun key=***.pem remote=nl.vpn.provider.org:443 remote-cert-tls=server ta-dir=1 service-type=org.freedesktop.NetworkManager.openvpn [ipv4] dns-search= method=auto route1=10.0.1.0/24,10.0.2.136 route2=10.0.0.0/24,10.0.2.136 [ipv6] addr-gen-mode=stable-privacy dns-search= ip6-privacy=0 method=auto I left out some statements concerning security and privacy. Note the two route statements. When I make the vpn connection with this connections file I get the error message: connection failed because VPN service returned invalid configuration. When I remove the two route statements in the network-manager/ edit connections section the connection is properly made but ofcourse without the two route statements in the route table: Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.136 0.0.0.0 UG 100 0 0 enp3s0 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp3s0 10.0.2.136 0.0.0.0 255.255.255.255 UH 100 0 0 enp3s0 10.27.44.0 0.0.0.0 255.255.255.0 U 50 0 0 tun0 213.152.162.148 10.0.2.136 255.255.255.255 UGH 100 0 0 enp3s0 there are more differences that I don't fully understand. I can, ofcourse, add these route statements by hand but that is not the point. (I can also live for a short moment with an unreachable network). When I change the 2 extra route statement (10.0.2.136 changed in 0.0.0.0) (in the vpnnl file) the error message disappears but the two route statements (in the route table) divert the traffic then to tun0 (should be enp3s0). If you want to know more please ask.