More OpenVPN Options On NetworkManager
- by Joe Jr Yamut
In a previous post I wrote about how NetworkManager on Ubuntu 16.04 LTS (Xenial Xerus) lacked some options that are needed to support newer versions of OpenVPN, particularly on versions 2.4 and 2.5. This meant that one would not be able to create a connection configuration to an OpenVPN server using those unsupported options through NetworkManager’s GUI.
The NetworkManager version on Xenial Xerus is not up to date. Obviously so. Right now it is still using version 1.2.6. Quite behind in features, and unless there was a way to upgrade to the later versions, it is partly handicapped. I haven’t actually researched on whether upgrading to a newer version is possible on Xenial. Perhaps. But the backend OpenVPN binary packages can be upgraded easily without pulling in dependencies that will alter the entire desktop experience.
That’s why without that upgrade on the NetworkManager side, it is either use the command line to connect to the OpenVPN server, or use an alternative OpenVPN GUI client such as Pritunl-client.
I said (I think) I would verify if the newer NetworkManager version’s supported newer OpenVPN features. And I did just now. I fired up an Ubuntu 20.04 LTS on VMWare recently to check it out.
The version of NetworkManager on the latest Ubuntu LTS is 1.22.10. That’s how many iterations more from what I have on the Xenial right now. As I suspected, it also had more support for OpenVPN newer features too.
In a nutshell, it supports tls-crypt feature out of the box which I was having issues with on Xenial.
Yes, I can now import a .ovpn configuration file with tls-crypt option directly, and it just works right from NetworkManager’s GUI.
This is what the .ovpn file looks like below.
client dev tun proto udp remote <IP address> <port> resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun remote-cert-tls server ca /path/to/ca/file cert /path/to/cert/file key /path/to/key/file tls-crypt /path/to/tls-crypt/file cipher AES-256-CBC auth SHA512 verb 3
*Check updated client configuration here: https://www.joseyamut.xyz/2020/12/27/creating-my-own-vpn-with-openvpn-on-aws/
Using NetworkManager GUI, you can simply import it as a VPN configuration. I did not have to do any additional things. Once imported, it got it all correctly. I was able to connect to my VPN server immediately afterwards.
Below are screenshots of the newer NetworkManager (version 1.22.10) + OpenVPN running on Ubuntu 20.04 LTS.
Note: That is not an official Ubuntu 20.04, but a Ubuntu Unity remix from – https://ubuntuunity.org – thus it looks not like the regular vanilla desktop.
- > OpenVPN GUI Client For Linux December 28, 2020
- > Creating My Own VPN With OpenVPN On AWS December 27, 2020
- > Upgrading Ubuntu LTS, PHP and WordPress May 17, 2020
- > can’t connect to all Yahoo! accounts on Kopete November 13, 2009
- > Bug #1592669 May 4, 2019
In a previous post I wrote about how NetworkManager on Ubuntu 16.04 LTS (Xenial Xerus) lacked some options that are needed to support newer versions of OpenVPN, particularly on versions 2.4 and 2.5. This meant that one would not be able to create a connection configuration to an OpenVPN server using those unsupported options through…