OpenVPN GUI Client For Linux

Not that long ago, I wrote about creating my own VPN (Virtual Private Network) for personal use with OpenVPN. In that post I also recounted how I used it for work purposes back when I was still in Singapore. That was several years ago. That time I had no issues connecting to the VPN server without having to pull up a Linux terminal and typing in commands. Not that connecting to an OpenVPN server would be very hard via command line. There is no difficult-to-remember options as long as you have everything written down in a configuration file (To which I say, is the sensible way to connect). Yet, I do try to avoid the command line on daily and repetitive tasks on my desktop as much as possible, that includes shell scripts if I had to.

Thanks, of course to, Network Manager. I just point and click.

Network Manager has additional modules for OpenVPN that can be installed. From there one can add the VPN configuration via its GUI. It is also possible to import a .ovpn client configuration file from it. These packages would be:

  • network-manager-openvpn
  • network-manager-openvpn-gnome (on a Gnome-based desktop)

Unfortunately, this won’t be the case for my current OpenVPN setup. The server is configured to use the newer tls-crypt option which is said to be better over tls-auth. I could of course configure the server to use the latter or have it not use TLS at all. That’s another story some time perhaps.

Network Manager, on its GUI, does not have a way to use tls-crypt. Unless I missed it. There is one for tls-auth. Perhaps in the Network Manager on 18.04 or 20.04 there might be one. I have not checked those 2 out, yet. I am still on Xenial Xerus because of Unity Desktop.

On Windows, OpenVPN has an official GUI client. Maybe there are other third party clients or one built-in directly within Windows. But on Linux there is like almost zero outside of Network Manager. This has been my experience for 16.04. On Gnome-based desktops at the least too. It is possible that KDE has it?

However, I found another OpenVPN GUI client that supports tls-crypt. It works. Simple to use. Free as in “free beer”. Lastly it is open source.

Pritunl OpenVPN GUI Client

Lucky for me, Ubuntu 16.04 is supported. It does not say so directly on its install page but it is. The oldest LTS listed in that page is 18.04.

Head on over to its client website, or check out their code repository, to learn more about it. It can be found at https://client.pritunl.com and https://github.com/pritunl/pritunl-client-electron, respectively.

Install on Ubuntu 16.04

For my case, I just needed to change the apt repository details.

Assuming I already have the file /etc/apt/sources.list.d/pritunl.list, open and modify it with the line below:

deb https://repo.pritunl.com/stable/apt xenial main

Then just update and install.

:~$ sudo apt update && sudo apt install pritunl-client-electron

Find it in your apps list, click on it, then configure away.

Note: Other distros are supported of course. I’m just an Ubuntu fanboy. 😝

Configuring and Connecting

  • Click on Import Profile. That should be the green button on the bottom left.
  • Point to the .ovpn file and select it.
  • Hit that hamburger icon at the top right corner then press Connect.

That’s it! There are also other options from the hamburger menu such as Edit Config and View Logs.

Bugs???

When importing the client profile Pritunl works flawlessly for “in-lined” configuration values in <> tags, e.g. <ca>, <cert>.

However, I have noticed that importing does not work 100% if you have the certificates and keys lying somewhere else that is NOT in the same directory as the .ovpn file. Even if you select the correct directory where those files are located, the application will prepend the current working directory to the location path.

Thus, if you have the cert file named my-cert.crt in /home/foobar/vpn/secret and your client config file is in /home/foobar/vpn/client, Pritunl will assume that that file is in this path:

/home/foobar/vpn/client/home/foobar/vpn/secret/my-cert.crt

The workaround is to put those referenced files in the same directory as the config file.

Secondly, it fails to load the tls-crypt key file being referenced in the config. It is able to read and extract the ca, cert and key values from their respective file location paths. Haven’t tried it with tls-auth, although I should be able to quickly test it out (Will update when I have the time).

In sum, it only works partially for the different configurations.

Similar Posts: