Page 1 of 2

Configuring Linux VPN connecction

Posted: Sat Feb 11, 2017 4:33 pm
by dsgsonic
Does anyone know the best way to run the OpenVPN Linux setup? If I use the command-line method suggested at the site Sonic refers us to:

https://openvpn.net/index.php/access-se ... ients.html

I have to enter my logon/pwd every time. How would I set it up using Network Manager in Ubuntu (16.04)?

Re: Configuring Linux VPN connecction

Posted: Sat Feb 11, 2017 4:45 pm
by amayfield
A quick Google search yielded this result:

http://askubuntu.com/questions/760664/u ... 04-openvpn

They suggest making sure the "network-manager-openvpn-gnome" package is installed. I have a machine running the Ubuntu-based variant of Linux Mint 18, I'll play around with it tonight and report back here tomorrow morning if I am able to get it to work.

Re: Configuring Linux VPN connecction

Posted: Sat Feb 11, 2017 6:25 pm
by dsgsonic
Yes I have it installed. My issue is setting it up from the Network Manager Configure VPN/Add -- it's not clear at all how the downloaded client.ovpn file should be used there.

Re: Configuring Linux VPN connecction

Posted: Mon Feb 13, 2017 5:52 am
by lzi
There is a simple workaround for known bug in 16.04 but I have no Ubuntu to test. HTH
https://bugs.launchpad.net/ubuntu/+sour ... omments/77
For what it's worth, an out-of-the-box OpenVPN 2.1.3 Access Server user-locked configuration file only needs 1 parameter changed to import with the "network-manager-openvpn-gnome" tool.

The line that says:
reneg-sec 604800

Comment that out.
# reneg-sec 604800

Imports without issue now.

Re: Configuring Linux VPN connecction

Posted: Mon Feb 13, 2017 9:00 am
by dsgsonic
Hi, thanks. This isn't the issue I'm having but I appreciate your note.

Re: Configuring Linux VPN connecction

Posted: Tue Feb 14, 2017 9:18 am
by SonicGuest
This link provides instructions how to setup OpenVPN with network manager and if you scroll through some posts someone mentions how to setup if the import doesn't work on your .ovpn file. Hopefully this helps. If not, post back with more specifics on where you are having problems. You can get your ovpn file from ovpn.sonic.net.

http://askubuntu.com/questions/187511/h ... rk-manager
dsgsonic wrote:Yes I have it installed. My issue is setting it up from the Network Manager Configure VPN/Add -- it's not clear at all how the downloaded client.ovpn file should be used there.

Re: Configuring Linux VPN connecction

Posted: Tue Feb 14, 2017 3:44 pm
by drew.phillips
There are some tricky parts to configuring network manager and OpenVPN with Sonic. Namely, most online documentation doesn't talk about tls-auth keys (which we use) and how to set them up in network manager.

If you're happy using the command line, you can modify the configuration to not prompt for credentials every time by making the following change:

In your config, there's a single line that reads "auth-user-pass".

If you change this to "auth-user-pass /home/you/vpn-creds.txt" or something to that effect, and create that file such that the first line is your Sonic username, and the second line is your Sonic account password, OpenVPN will automatically use the credentials from that file without the need to type it every time.

I have helped someone configure our OpenVPN service with network manager on Linux Mint so it's possible, but I'd have to run through it again because there were one or two gotchas that most only documentation I found doesn't address. The .ovpn importer fails miserably (last time I tried).

Re: Configuring Linux VPN connecction

Posted: Tue Feb 14, 2017 3:53 pm
by dsgsonic
That worked like a charm, thanks.

I think I figured out how to use Network Manager (Ubuntu) -- by cutting/pasting various parts of client.ovpn file into separate user, cert, key and TLS files and direction 1. I may do a post showing this.

Re: Configuring Linux VPN connecction

Posted: Tue Feb 14, 2017 4:07 pm
by drew.phillips
dsgsonic wrote:That worked like a charm, thanks.

I think I figured out how to use Network Manager (Ubuntu) -- by cutting/pasting various parts of client.ovpn file into separate user, cert, key and TLS files and direction 1. I may do a post showing this.
Glad that helped.

I think you may have hit the nail on the head there as well. The common stumbling points converting our configs to work with network manager is extracting the appropriate keys from the file and knowing which box to put them in (and not getting confused that we don't use client certs so they're left blank), the TLS auth key (never mentioned anywhere in most tutorials, and hidden tabs deep in network mgr), and finally the key direction.

I've been wanting for a while to come up with a Linux OpenVPN guide for our wiki to document the process of using network manager, OpenVPN on the command line, as well as other concerns.

Heads up, you might want to make sure you have a firewall enabled (e.g. ufw) when you use the VPN. Connecting to the VPN will expose any services you may have running on your computer (e.g. web server, SMB/CIFS) to the world. Connecting to the VPN is like putting your computer on a DMZ, all ports from the public VPN IP are forwarded to your computer, so any exposed, non-firewalled services WILL be accessible to the outside world. I rarely see this mentioned anywhere so I thought I'd mention it to you here.

Re: Configuring Linux VPN connecction

Posted: Tue Feb 14, 2017 4:16 pm
by dsgsonic
Yes, thanks, ufw is enabled. Thanks again.