I'm probably 95% of the way there. If anyone can help with this last 5% I'd appreciate it!
Hopefully these screenshots will help. This is my exact setup (Mint 18.1 Serena, network-manager-openvpn version 1.1.93-1ubuntu1.1).
Connection settings for VPN tab (fill in username, optionally save password or prompt every time)
TLS Authentication Tab
Everything else is left at the default.
Just to re-iterate some basics for those who may stumble upon this.
The keys referenced in the first image are extracted from the client.ovpn file you get when going to https://ovpn.sonic.net
, entering your credentials, selecting "Login" from the dropdown, and then downloading your user-locked profile (yourself).
Ignore all the lines beginning with a "#" - these are comments and irrelevant.
First, extract and save the contents of the CA certificate to a file. This is the data inside the <ca>...</ca> tags. The content saved to the file should include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. This is saved as sonic-ca.crt.
Next, extract the user certificate, found in the <cert></cert> tags. This is saved as ovpn.sonic.net.crt.
Then, get the user certificate private key found in the <key></key> tags. This is saved as ovpn.sonic.net.key.
grab the TLS auth key found just below the "key-direction 1" line, inside the <tls-auth></tls-auth> tags. Save the content starting from -----BEGIN OpenVPN Static key V1----- and ending with -----END OpenVPN Static key V1-----.
With those certificates and the settings shown above, the connection should work.
One important thing to keep in mind is, the above certificate and key is locked to your Sonic account with the VPN server. All this means is, whatever user you logged in with and downloaded the VPN config with is who you should auth as. Auth will fail if you tried to use a different Sonic account name and password (even if it is correct).
I hope that helps, let me know if it works for you.
That said, I still like connecting the VPN from the command line more that NM by using "sudo openvpn --config client.ovpn". You can make it such that you don't have to type your account password every time if you want by adding a line to your config like "auth-user-pass /home/you/sonic-credentials.txt". In the credentials file, put your username on the first line and password on the second. chmod the file to 400 so no one else on the system can read it and you're set. The main reason for this is because I know the OpenVPN client honors every option in the file, connects security, and minimizes the risk of DNS leaks.