用的是什么vpn ,看下这个日志sudo journalctl -u NetworkManager -f

之前用openvpn  也出现过这样的情况, 不过日志是

NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only                 

 OpenSSL: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol                                                                                      TLS_ERROR: BIO read tls_read_plaintext error

TLS Error: TLS object -> incoming plaintext read error

 TLS Error: TLS handshake failed

 Fatal TLS error (check_tls_errors_co), restarting

SIGUSR1[soft,tls-error] received, process restarting

 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

分析

openvpn使用openssl的客户端和服务器端版本不一致

解决方案

更改 本地openssl最低支持版本为1.0

sudo  vim /etc/ssl/openssl.cnf

拖到最后面更改最低支持版本为v1.0,如下:

MinProtocol = TLSv1.0

我用的L2TP的