More OpenVPN Options On NetworkManager

In a previous post I wrote about how NetworkManager on Ubuntu 16.04 LTS (Xenial Xerus) lacked some options that are needed to support newer versions of OpenVPN, particularly on versions 2.4 and 2.5. This meant that one would not be able to create a connection configuration to an OpenVPN server using those unsupported options through NetworkManager’s GUI.

The NetworkManager version on Xenial Xerus is not up to date. Obviously so. Right now it is still using version 1.2.6. Quite behind in features, and unless there was a way to upgrade to the later versions, it is partly handicapped. I haven’t actually researched on whether upgrading to a newer version is possible on Xenial. Perhaps. But the backend OpenVPN binary packages can be upgraded easily without pulling in dependencies that will alter the entire desktop experience.

That’s why without that upgrade on the NetworkManager side, it is either use the command line to connect to the OpenVPN server, or use an alternative OpenVPN GUI client such as Pritunl-client.

I said (I think) I would verify if the newer NetworkManager version’s supported newer OpenVPN features. And I did just now. I fired up an Ubuntu 20.04 LTS on VMWare recently to check it out.

The version of NetworkManager on the latest Ubuntu LTS is 1.22.10. That’s how many iterations more from what I have on the Xenial right now. As I suspected, it also had more support for OpenVPN newer features too.

In a nutshell, it supports tls-crypt feature out of the box which I was having issues with on Xenial.

Yes, I can now import a .ovpn configuration file with tls-crypt option directly, and it just works right from NetworkManager’s GUI.

This is what the .ovpn file looks like below.

client
dev tun
proto udp
remote <IP address> <port>
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
ca /path/to/ca/file
cert /path/to/cert/file
key /path/to/key/file
tls-crypt /path/to/tls-crypt/file
cipher AES-256-CBC
auth SHA512
verb 3

*Check updated client configuration here: https://www.joseyamut.xyz/2020/12/27/creating-my-own-vpn-with-openvpn-on-aws/

Using NetworkManager GUI, you can simply import it as a VPN configuration. I did not have to do any additional things. Once imported, it got it all correctly. I was able to connect to my VPN server immediately afterwards.

Below are screenshots of the newer NetworkManager (version 1.22.10) + OpenVPN running on Ubuntu 20.04 LTS.

Note: That is not an official Ubuntu 20.04, but a Ubuntu Unity remix from – https://ubuntuunity.org – thus it looks not like the regular vanilla desktop.

Similar Posts: