Configuring Linux VPN connecction

Advanced feature discussion, beta programs and unsupported "Labs" features.
17 posts Page 1 of 2
by dsgsonic » Sat Feb 11, 2017 4:33 pm
Does anyone know the best way to run the OpenVPN Linux setup? If I use the command-line method suggested at the site Sonic refers us to:

https://openvpn.net/index.php/access-se ... ients.html

I have to enter my logon/pwd every time. How would I set it up using Network Manager in Ubuntu (16.04)?
by amayfield » Sat Feb 11, 2017 4:45 pm
A quick Google search yielded this result:

http://askubuntu.com/questions/760664/u ... 04-openvpn

They suggest making sure the "network-manager-openvpn-gnome" package is installed. I have a machine running the Ubuntu-based variant of Linux Mint 18, I'll play around with it tonight and report back here tomorrow morning if I am able to get it to work.
Andrew M.
Community & Escalations Lead
Sonic
by dsgsonic » Sat Feb 11, 2017 6:25 pm
Yes I have it installed. My issue is setting it up from the Network Manager Configure VPN/Add -- it's not clear at all how the downloaded client.ovpn file should be used there.
by lzi » Mon Feb 13, 2017 5:52 am
There is a simple workaround for known bug in 16.04 but I have no Ubuntu to test. HTH
https://bugs.launchpad.net/ubuntu/+sour ... omments/77

For what it's worth, an out-of-the-box OpenVPN 2.1.3 Access Server user-locked configuration file only needs 1 parameter changed to import with the "network-manager-openvpn-gnome" tool.

The line that says:
reneg-sec 604800

Comment that out.
# reneg-sec 604800

Imports without issue now.
by dsgsonic » Mon Feb 13, 2017 9:00 am
Hi, thanks. This isn't the issue I'm having but I appreciate your note.
by SonicGuest » Tue Feb 14, 2017 9:18 am
This link provides instructions how to setup OpenVPN with network manager and if you scroll through some posts someone mentions how to setup if the import doesn't work on your .ovpn file. Hopefully this helps. If not, post back with more specifics on where you are having problems. You can get your ovpn file from ovpn.sonic.net.

http://askubuntu.com/questions/187511/how-can-i-use-a-ovpn-file-with-network-manager

dsgsonic wrote:
Yes I have it installed. My issue is setting it up from the Network Manager Configure VPN/Add -- it's not clear at all how the downloaded client.ovpn file should be used there.
by drew.phillips » Tue Feb 14, 2017 3:44 pm
There are some tricky parts to configuring network manager and OpenVPN with Sonic. Namely, most online documentation doesn't talk about tls-auth keys (which we use) and how to set them up in network manager.

If you're happy using the command line, you can modify the configuration to not prompt for credentials every time by making the following change:

In your config, there's a single line that reads "auth-user-pass".

If you change this to "auth-user-pass /home/you/vpn-creds.txt" or something to that effect, and create that file such that the first line is your Sonic username, and the second line is your Sonic account password, OpenVPN will automatically use the credentials from that file without the need to type it every time.

I have helped someone configure our OpenVPN service with network manager on Linux Mint so it's possible, but I'd have to run through it again because there were one or two gotchas that most only documentation I found doesn't address. The .ovpn importer fails miserably (last time I tried).
Drew Phillips
Programmer / System Operations, Sonic.net
by dsgsonic » Tue Feb 14, 2017 3:53 pm
That worked like a charm, thanks.

I think I figured out how to use Network Manager (Ubuntu) -- by cutting/pasting various parts of client.ovpn file into separate user, cert, key and TLS files and direction 1. I may do a post showing this.
by drew.phillips » Tue Feb 14, 2017 4:07 pm
dsgsonic wrote:
That worked like a charm, thanks.

I think I figured out how to use Network Manager (Ubuntu) -- by cutting/pasting various parts of client.ovpn file into separate user, cert, key and TLS files and direction 1. I may do a post showing this.


Glad that helped.

I think you may have hit the nail on the head there as well. The common stumbling points converting our configs to work with network manager is extracting the appropriate keys from the file and knowing which box to put them in (and not getting confused that we don't use client certs so they're left blank), the TLS auth key (never mentioned anywhere in most tutorials, and hidden tabs deep in network mgr), and finally the key direction.

I've been wanting for a while to come up with a Linux OpenVPN guide for our wiki to document the process of using network manager, OpenVPN on the command line, as well as other concerns.

Heads up, you might want to make sure you have a firewall enabled (e.g. ufw) when you use the VPN. Connecting to the VPN will expose any services you may have running on your computer (e.g. web server, SMB/CIFS) to the world. Connecting to the VPN is like putting your computer on a DMZ, all ports from the public VPN IP are forwarded to your computer, so any exposed, non-firewalled services WILL be accessible to the outside world. I rarely see this mentioned anywhere so I thought I'd mention it to you here.
Drew Phillips
Programmer / System Operations, Sonic.net
by dsgsonic » Tue Feb 14, 2017 4:16 pm
Yes, thanks, ufw is enabled. Thanks again.
17 posts Page 1 of 2

Who is online

In total there are 6 users online :: 0 registered, 0 hidden and 6 guests (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: No registered users and 6 guests