Brave VPN connection failed initially with Failed to write the VPN config error in the VPN panel and then connected successfully with intermittent failures

[MadhaviSeelam]

Description

Brave VPN connection failed initially with Failed to write the VPN config error in the VPN panel. Tried to connect again and it connected successfully. Tested the connection with no other VPN entries (i.e Brave VPN Beta) and with other Brave VPN entries in the OS/Network settings. Fwiw, I have noticed that when VPN was not connected, phonebook entry was populated with BraveVPN entry (previously for issue #30291, phonebook entry was not populated).

Steps to Reproduce

Scenario 1: New install

1. Install 1.52.112
2. launch Brave
3. connect to VPN with a new purchase in staging

Scenario 2: Upgrade from 1.51.x --> 1.52.x

1. Install 1.51.x
2. launch Brave
3. connect to VPN with a new purchase in staging
4. upgrade to 1.52.x
5. Disconnect and connect again

Actual result:

Failed to write the VPN config is shown in the VPN panel. Enabled again. Successfully connected.
However, there are subsequent failures like quickly disconnect again from connected state or when switching servers,
Fresh Install:

example	example	example	example

Upgrade:

2023-05-25_10h36_01.mp4

Expected result:

Brave VPN should connect successfully without errors

Reproduces how often:

Easily

Brave version (brave://version info)

Brave | 1.52.112 Chromium: 114.0.5735.35 (Official Build) (64-bit)
-- | --
Revision | 2295354895fa3652ae47b651481831484f16d1ff-refs/branch-heads/5735@{#713}
OS | Windows 11 Version 22H2 (Build 22621.1702)

Version/Channel Information:

• Can you reproduce this issue with the current release? N/A
• Can you reproduce this issue with the beta channel? No
• Can you reproduce this issue with the nightly channel? No

Other Additional Information:

• Does the issue resolve itself when disabling Brave Shields?
• Does the issue resolve itself when disabling Brave Rewards?
• Is the issue reproducible on the latest version of Chrome?

Miscellaneous Information:

@simonhong @bsclifton @rebron

cc: @brave/qa-team

[stephendonner]

Can confirm the same behavior using

Brave 1.52.112 Chromium: 114.0.5735.35 (Official Build) (64-bit) 
Revision 2295354895fa3652ae47b651481831484f16d1ff-refs/branch-heads/5735@{#713}
OS Windows 10 Version 22H2 (Build 19045.2965)

Seems to be tied to or at least correlated to how quickly we toggle Disconnected/Connected states. If you toggle quickly, you seem to see the Failed to write config error more often. If you wait a few seconds, in-between toggles, it seems to work fine/a lot fewer Failed to write config errors

example	example

[bsclifton]

Thanks @MadhaviSeelam for sharing logs over Slack - here is an example of what is logged when the config write failure happens:

[29704:26744:0525/144344.251:VERBOSE2:utils.cc(410)] CreateEntry Create Entry(BraveVPN) with sanjose-1.sgw.guardianapp.com
[29704:11184:0525/144344.262:VERBOSE2:brave_vpn_os_connection_api_base.cc(294)] SetLastConnectionError : failed to write "NumCustomPolicy" field to `rasphone.pbk`
[29704:11184:0525/144344.262:VERBOSE2:brave_vpn_os_connection_api_base.cc(239)] OnCreateFailed
[29704:11184:0525/144344.262:VERBOSE2:brave_vpn_os_connection_api_base.cc(333)] UpdateAndNotifyConnectionStateChange : changing from CONNECTING to CONNECT_NOT_ALLOWED
[29704:11184:0525/144344.262:VERBOSE2:brave_vpn_service.cc(133)] OnConnectionStateChanged CONNECT_NOT_ALLOWED

There may be a file lock issue. RasSetEntryProperties is touching this file and then we immediately call WritePrivateProfileString
https://github.com/brave/brave-core/blob/dd24dbe31d3015a7156facebb7d402fc1c2c92c8/components/brave_vpn/browser/connection/ikev2/win/ras_utils.cc#L493-L499

From the docs:

If the function successfully copies the string to the initialization file, the return value is nonzero.

If the function fails, or if it flushes the cached version of the most recently accessed initialization file, the return value is zero. To get extended error information, call GetLastError.

We could definitely enhance by calling GetLastError to see the error message

[bsclifton]

The correct solution I think would be to get rid of the calls to WritePrivateProfileString.

For those, we can do what a lot of scripts do. PowerShell should be installed and we should be able to call a commandlet:
https://docs.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2019-ps

When calling this without parameters, it'll ask for the values. Here are the ones I provided:
AuthenticationTransformConstants: GCMAES256
CipherTransformConstants: GCMAES256
DHGroup: ECP384
IntegrityCheckMethod: SHA256
PfsGroup: None
EncryptionMethod: GCMAES256

Using the PowerShell method should work on Windows Arm64 also (this may fix #28942)

[spylogsster]

I cannot reproduce in both cases, it looks similar to brave/brave-core#18510 and seems this could be fixed there. @stephendonner @MadhaviSeelam please recheck on latest Nightly if issue still actual? thanks

[kjozwiak]

The above requires 1.52.119 or higher for 1.52.x verification 👍

[GeetaSarvadnya]

Verification PASSED on

Brave | 1.52.119 Chromium: 114.0.5735.90 (Official Build) (64-bit)
-- | --
Revision | 386bc09e8f4f2e025eddae123f36f6263096ae49-refs/branch-heads/5735@{#1052}
OS | Windows 10 Version 22H2 (Build 19045.2965)

Verified the STR's from the descriptionhttps://github.com//issues/30598#issue-1726279388

New User

• Verified the STR from the scenario 1
• Confirmed that Brave VPN can be connected without any issues in a new install
• Confirmed that there is no Failed to write the VPN config error message
  

1. Disable and Enable via Browser

• Confirmed that Brave VPN can be disable and reenabled without any issues in a new install

Disable	Enable

2. Disable and Enable via network settings

• Confirmed that Brave VPN can be disable and reenabled without any issues in a new install

n/w settings	Disable	n/w settings	Enable

2. Change the region

• Confirmed that Brave VPN region can be changed to other regions and VPN can be connected to other regions successfully. However I have seen Try again modal popuo when try to connect the VPN to other region, but click on try again in 1st attempt connects the VPN to other region successfully.

Brazil	Japan	Canada	Germany

Existing User

• Verified the STR for the scenario 2 from the description
• Installed 1.51.117
• Enabled Brave VPN in staging env
• Upgrade the profile to 1.52.119
• Confirmed that VPN is in connected state in an upgraded profile 1.52.119
• Confirmed that there is no Failed to write the VPN config error message
• Confirmed that Brave VPN is connected succesfully without any issues when VPN is disconnected and reconnected in an upgraded profile 1.52.119

1.51.117	1.51.117

1.52.119	1.52.119

Disconnect and reconnect in an upgraded profile 1.52.119

Disconnect	reconnect

[MadhaviSeelam]

Verification PASSED using

Brave | 1.52.119 Chromium: 114.0.5735.90 (Official Build) (64-bit)
-- | --
Revision | 386bc09e8f4f2e025eddae123f36f6263096ae49-refs/branch-heads/5735@{#1052}
OS | Windows 11 Version 22H2 (Build 22621.1702)

Verified using original STR #30598 (comment)

Fresh Install:

Confirmed connected to VPN successfully. No longer seeing Failed to write the VPN config error in the VPN panel.

ex	ex

Upgraded profile:

Confirmed connected to VPN successfully. No longer seeing Failed to write the VPN config error in the VPN panel.

ex	ex	ex

Connect/disconnect via OS settings

Confirmed connected to VPN successfully. No longer seeing Failed to write the VPN config error in the VPN panel.

ex	ex

Note: Have seen intermittent Can't connect to server in the VPN panel

[stephendonner]

Filed a followup issue for the Can't connect to server messages we're seeing: #30792