Jan 18 01:02:48 shook3r nm-openvpn[3642]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

and later

Jan 18 01:03:48 shook3r nm-openvpn[3642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

I think the permissions of /home/matteol/.local/share/networkmanagement/certificates/it.protonvpn.com.udp/tls_auth.key need to be 0600. (You can change that using chmod). Also it might be required to manually copy tls_auth.key to /home/matteol/.cert/. See

https://ask.fedoraproject.org/en/questi … pn-server/

If you have selinux installed, maybe this applies too. (But please check other things first)
https://unix.stackexchange.com/question … es-on-cert

dpkg --list |grep libpolkit
ii  libpolkit-agent-1-0:amd64
ii  libpolkit-backend-1-0
ii  libpolkit-backend-elogind-1-0:amd64
ii  libpolkit-gobject-1-0
ii  libpolkit-gobject-elogind-1-0:amd64
ii  libpolkit-qt-1-1:amd64
ii  libpolkit-qt5-1-1:amd64

loginctl show-session 2
Id=2
User=1000                                                                                                                               
Name=matteol                                                                                                                           
Timestamp=Fri 2019-01-18 00:25:00 CET                                                                                                   
TimestampMonotonic=13969528                                                                                                       
VTNr=7                                                                                                                               
Seat=seat0
Display=:0
Remote=no
Service=sddm
Leader=2654
Audit=2
Type=x11
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
LockedHint=no

the graphical popup on KDE notification tell me "The connection attempt to the VPN service timed out.
The service providing the VPN connection was stopped"

& i found this daemon.conf

Jan 18 01:02:48 shook3r NetworkManager[2336]: <info>  [1547769768.4113] audit: op="connection-activate" uuid="d5e36906-c70a-43d5-b23b-759c76f3decc" name="it.protonvpn.com.udp" pid=2829 uid=1000 result="success"
Jan 18 01:02:48 shook3r NetworkManager[2336]: <info>  [1547769768.4159] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: Started the VPN service, PID 3635
Jan 18 01:02:48 shook3r NetworkManager[2336]: <info>  [1547769768.4299] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: Saw the service appear; activating connection
Jan 18 01:02:48 shook3r NetworkManager[2336]: <info>  [1547769768.4415] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN plugin: state changed: starting (3)
Jan 18 01:02:48 shook3r nm-openvpn[3642]: WARNING: file '/home/matteol/.local/share/networkmanagement/certificates/it.protonvpn.com.udp/tls_auth.key' is group or others accessible
Jan 18 01:02:48 shook3r nm-openvpn[3642]: OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Jan 18 01:02:48 shook3r nm-openvpn[3642]: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.08
Jan 18 01:02:48 shook3r nm-openvpn[3642]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan 18 01:02:48 shook3r nm-openvpn[3642]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 18 01:02:48 shook3r nm-openvpn[3642]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.128.27.100:5060
Jan 18 01:02:48 shook3r nm-openvpn[3642]: UDP link local: (not bound)
Jan 18 01:02:48 shook3r nm-openvpn[3642]: UDP link remote: [AF_INET]185.128.27.100:5060
Jan 18 01:02:48 shook3r nm-openvpn[3642]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Jan 18 01:02:48 shook3r nm-openvpn[3642]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jan 18 01:02:48 shook3r ModemManager[2454]: <info>  Creating modem with plugin 'Generic' and '1' ports
Jan 18 01:02:48 shook3r ModemManager[2454]: <warn>  Could not grab port (tty/ttyACM0): 'Cannot add port 'tty/ttyACM0', unhandled serial type'
Jan 18 01:02:48 shook3r ModemManager[2454]: <warn>  Couldn't create modem for device at '/sys/devices/pci0000:00/0000:00:14.0/usb1/1-8': Failed to find primary AT port
Jan 18 01:03:48 shook3r nm-openvpn[3642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 18 01:03:48 shook3r nm-openvpn[3642]: TLS Error: TLS handshake failed
Jan 18 01:03:48 shook3r nm-openvpn[3642]: SIGUSR1[soft,tls-error] received, process restarting
Jan 18 01:03:48 shook3r nm-openvpn[3642]: SIGTERM[hard,init_instance] received, process exiting
Jan 18 01:03:48 shook3r NetworkManager[2336]: <warn>  [1547769828.7206] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN connection: connect timeout exceeded.
Jan 18 01:03:48 shook3r NetworkManager[2336]: <warn>  [1547769828.7231] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN plugin: failed: connect-failed (1)
Jan 18 01:03:48 shook3r NetworkManager[2336]: <info>  [1547769828.7231] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN plugin: state changed: stopping (5)
Jan 18 01:03:48 shook3r NetworkManager[2336]: <info>  [1547769828.7233] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN plugin: state changed: stopped (6)
Jan 18 01:03:48 shook3r NetworkManager[2336]: <info>  [1547769828.7245] vpn-connection[0x55e9c8f94260,d5e36906-c70a-43d5-b23b-759c76f3decc,"it.protonvpn.com.udp",0]: VPN service disappeared
Jan 18 01:03:49 shook3r PackageKit: get-updates transaction /65_ebecebec from uid 1000 finished with success after 384ms

In the meanwhile, please check that elogind, libpolkit*elogind and polkit is installed. (Re-login if you had to install one of these) Then please run:

$ loginctl

should show a list of session (one probably). From that list get session number and run

$ loginctl show-session <session number here>

and post output of that command here.

If you had to install one of the packages above, please try again configuring the vpn through gui. (After re-login!)

Packages installed:
network-manager
network-manager-openconnect
network-manager-openvpn
network-manager-vpnc
openvpn
plasma-nm

i import the .opvn file with the username & password copied on graphical KDE network but not work
i do the same thing with openvpn on terminal but same thing (ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1))

but with sudo openvpn work fine, so maybe some permission/polkit is wrong ?

Please help me, i need the vpn i use it very frequently for my job, thanks a lot for all possible answer