{"id":95,"date":"2012-11-22T16:50:56","date_gmt":"2012-11-23T00:50:56","guid":{"rendered":"http:\/\/blog.ls-al.com\/?p=95"},"modified":"2012-11-22T17:32:23","modified_gmt":"2012-11-23T01:32:23","slug":"openvpn-with-gnome-networkmanager-plug-in","status":"publish","type":"post","link":"https:\/\/blog.ls-al.com\/openvpn-with-gnome-networkmanager-plug-in\/","title":{"rendered":"OpenVPN with Gnome NetworkManager plug-in"},"content":{"rendered":"<p>Instructions how to use the OpenVPN plug-in with the Gnome NetworkManager.<\/p>\n<p><strong>Details:<\/strong><\/p>\n<p>- In this case the OpenVPN server hands out dynamic IP addresses.<br \/>\n- Ubuntu 12.10 64-bit client.<\/p>\n<p><strong>Get your user configuration file:<\/strong><\/p>\n<p>In a browser visit your OpenVPN server webpage at https:\/\/server.domain\/<br \/>\nFollow Login &gt; Download \u201cYourself (user-locked profile)\u201d &gt; Save As client.ovpn<br \/>\n<em>** I renamed the file to client_29.ovpn since I have multiple servers I connect to.<\/em><\/p>\n<p><strong>Split client.ovpn into several files:<\/strong><\/p>\n<p>The Gnome NetworkManager does not like using one big configuration file, although the command line OpenVPN client does work fine with one file (client.ovpn). \u00a0For NetworkManager you can break out manually with an editor or as follow. I used my personal home folder to store the files.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nsed -n '\/\/,\/&lt;\\\/tls-auth&gt;\/p' client_29.ovpn &gt; sitename_ovpn_29tls.key\r\nsed -n '\/\/,\/&lt;\\\/cert&gt;\/p' client_29.ovpn &gt; sitename_ovpn_29.crt\r\nsed -n '\/\/,\/&lt;\\\/ca&gt;\/p' client_29.ovpn &gt; sitename_ovpn_29ca.cer\r\nsed -n '\/\/,\/&lt;\\\/key&gt;\/p' client_29.ovpn &gt; sitename_ovpn_29.key\r\n<\/pre>\n<p><em>** After you split the configuration up remember to edit the files and remove the lines containing the open &lt;&gt; and close &lt;\/&gt; tags.<\/em><\/p>\n<p><strong>Install the OpenVPN plugin for NetworkManager:<\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# aptitude install network-manager-openvpn-gnome\r\n<\/pre>\n<p>Below are some screen shots showing some configuration settings fro this particular setup. Your mileage may vary depending on how your administrator configured the server.<\/p>\n<hr \/>\n<p>Add a new VPN Connection in GNOME:<\/p>\n<p><a href=\"http:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-102 aligncenter\" title=\"Gnome add new VPN Connection\" src=\"http:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn3-300x185.png\" alt=\"\" width=\"300\" height=\"185\" srcset=\"https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn3-300x185.png 300w, https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn3-150x92.png 150w, https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn3.png 332w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<hr \/>\n<p>Reference certificates and keys:<\/p>\n<p><a href=\"http:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-103 aligncenter\" title=\"ovpn4\" src=\"http:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn4-252x300.png\" alt=\"\" width=\"252\" height=\"300\" srcset=\"https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn4-252x300.png 252w, https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn4-126x150.png 126w, https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn4.png 508w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\" \/><\/a><\/p>\n<hr \/>\n<p>General Settings:<\/p>\n<p><a href=\"http:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-104 aligncenter\" title=\"ovpn5\" src=\"http:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn5-300x268.png\" alt=\"\" width=\"300\" height=\"268\" srcset=\"https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn5-300x268.png 300w, https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn5-150x134.png 150w, https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn5.png 451w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<hr \/>\n<p>TLS Key:<br \/>\n<a href=\"http:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-105 aligncenter\" title=\"ovpn6\" src=\"http:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn6-300x269.png\" alt=\"\" width=\"300\" height=\"269\" srcset=\"https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn6-300x269.png 300w, https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn6-150x134.png 150w, https:\/\/blog.ls-al.com\/wp-content\/uploads\/2012\/11\/ovpn6.png 453w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><strong>Showing syslog while connecting (snipped):<\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nNov 22 08:49:42 u12 NetworkManager&#x5B;660]:  Starting VPN service 'openvpn'...\r\nNov 22 08:49:43 u12 nm-openvpn&#x5B;4791]: Control Channel Authentication: using '\/home\/rrosso\/sitename_ovpn_29tls.key' as a OpenVPN static key file\r\nNov 22 08:49:43 u12 nm-openvpn&#x5B;4791]: LZO compression initialized\r\nNov 22 08:49:47 u12 NetworkManager&#x5B;660]:  IPv4 configuration:\r\nNov 22 08:49:47 u12 NetworkManager&#x5B;660]:  Internal Gateway: 172.22.91.1\r\nNov 22 08:49:47 u12 NetworkManager&#x5B;660]:  Internal Address: 172.22.91.253\r\nNov 22 08:49:47 u12 NetworkManager&#x5B;660]:  Internal Prefix: 24\r\nNov 22 08:49:48 u12 NetworkManager&#x5B;660]:  VPN connection 'sitename device 29' (IP Config Get) complete.\r\nNov 22 08:49:48 u12 NetworkManager&#x5B;660]:  ((null)): writing resolv.conf to \/sbin\/resolvconf\r\nNov 22 08:49:49 u12 dbus&#x5B;402]: &#x5B;system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)\r\nNov 22 08:49:52 u12 nm-openvpn&#x5B;4791]: Initialization Sequence Completed\r\nNov 22 08:50:08 u12 ntpdate&#x5B;4876]: step time server 91.189.94.4 offset 9.301349 sec\r\n<\/pre>\n<p><strong><span style=\"color: #ff0000;\">Older (pre Ubuntu 12.04) information. \u00a0May or may not be useful to you.<\/span><\/strong><\/p>\n<p><strong>How to test a manual connection(no Network Manager plug-in):<\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nrrosso@u10:~$ sudo openvpn --config client.ovpn --script-security 2\r\nSat Mar 19 10:14:34 2011 OpenVPN 2.1.0 x86_64-pc-linux-gnu &#x5B;SSL] &#x5B;LZO2] &#x5B;EPOLL] &#x5B;PKCS11] &#x5B;MH] &#x5B;PF_INET6] &#x5B;eurephia] built on Jul 12 2010\r\nEnter Auth Username:rrosso\r\nEnter Auth Password:\r\n...\r\n<\/pre>\n<p><strong>Older versions of Ubuntu and NetworkManager this was a necessary addition to set DNS:<\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nrrosso@u10:~$ tail -3 client.ovpn\r\n#rrosso added for DNS resolver\r\nup \/etc\/openvpn\/update-resolv-conf\r\ndown \/etc\/openvpn\/update-resolv-conf\r\n<\/pre>\n<p><strong>Several problems I encountered with permissions on older versions:<\/strong><br \/>\n- NetworkManager: &lt;WARN&gt; vpn_service_watch_cb()<br \/>\n- VPN service 'org.freedesktop.NetworkManager.openvpn' exited with error: 1<br \/>\n- connection_need_secrets_cb()<\/p>\n<p>https:\/\/bugs.launchpad.net\/ubuntu\/+source\/network-manager-openvpn\/+bug\/360818<\/p>\n<p><strong>Debug NetworkManager as follow:<\/strong><br \/>\nhttp:\/\/live.gnome.org\/NetworkManager\/Debugging<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# OPENVPN_DEBUG=1 \/usr\/lib\/network-manager-openvpn\/nm-openvpn-service\r\n<\/pre>\n<p>http:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=527975<br \/>\nhttps:\/\/bugs.launchpad.net\/ubuntu\/+source\/network-manager-vpnc\/+bug\/360818<\/p>\n<p><em>** Not sure if tinkering with this next file helped but changed it to look as follow and could at least troubleshoot further after wards.<\/em><\/p>\n<p><strong>Permissions problem:<\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# cat \/etc\/dbus-1\/system.d\/nm-openvpn-service.conf\r\n&lt;!DOCTYPE busconfig PUBLIC\r\n&quot;-\/\/freedesktop\/\/DTD D-BUS Bus Configuration 1.0\/\/EN&quot;\r\n&quot;http:\/\/www.freedesktop.org\/standards\/dbus\/1.0\/busconfig.dtd&quot;&gt;\r\n&lt;busconfig&gt;\r\n&lt;policy user=&quot;root&quot;&gt;\r\n&lt;allow own=&quot;org.freedesktop.NetworkManager.openvpn&quot;\/&gt;\r\n&lt;allow send_destination=&quot;org.freedesktop.NetworkManager.openvpn&quot;\/&gt;\r\n&lt;\/policy&gt;\r\n&lt;\/busconfig&gt;\r\n<\/pre>\n<p><em>** I restored the original file and things are still working<\/em><\/p>\n<p><strong>Some older links on DNS resolver and OpenVPN:<\/strong><br \/>\nhttp:\/\/www.subvs.co.uk\/openvpn_resolvconf<br \/>\nhttp:\/\/forums.openvpn.net\/topic7109.html<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Instructions how to use the OpenVPN plug-in with the Gnome NetworkManager. Details: &#8211; In this case the OpenVPN server hands<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-95","post","type-post","status-publish","format-standard","hentry","category-vpn"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/95","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=95"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/95\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=95"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=95"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=95"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}