Re: [kb] Using an OpenVPN config with nmcli

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [kb] Using an OpenVPN config with nmcli

From:	Joshua Branson
Subject:	Re: [kb] Using an OpenVPN config with nmcli
Date:	Tue, 17 Mar 2020 10:47:30 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Maxim Cournoyer <address@hidden> writes:

Thanks for this!  I've been using openvpn to manually connect, and I'm
leaking DNS queries.  Thanks!


> Over the weekend, I spent a bit of time figuring how to use OpenVPN with
> NetworkManager, especially its command line interface, 'nmcli'.
>
> If you are using the Guix System, the first thing to do is to add the
> openvpn plugin to your network-manager-service-type configuration, like
> this:
>
> (services
>  ...
>  (modify-services %my-desktop-services
>    (network-manager-service-type config =>
>                              (network-manager-configuration
>                               (inherit config)
>                               (vpn-plugins
>                                (list network-manager-openvpn)))))
>
> Then you'll want to reconfigure your machine, *and* reboot (restarting
> the networking service and dbus-session were not enough, for some reason
> I couldn't figure out).
>
> My base file looked like this:
>
> --8<---------------cut here---------------start------------->8---
> client
> dev tun
> proto udp
> remote some-server.net 5912
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> auth-user-pass
> comp-lzo
> verb 3
> remote-cert-tls server
>
> <ca>
> -----BEGIN CERTIFICATE-----
> some-long-cert-string...
> -----END CERTIFICATE-----
> </ca>
>
> <cert>
> -----BEGIN CERTIFICATE-----
> some-long-cert-string
> -----END CERTIFICATE-----
> </cert>
>
> <key>
> -----BEGIN PRIVATE KEY-----
> some-long-private-key-string
> -----END PRIVATE KEY-----
> </key>--
> 8<---------------cut here---------------end--------------->8---
>
> To import this with nmcli, it's easy:
>
> $ sudo nmcli connection import type openvpn file your-openvpn-config-file.ovpn
>
> And if, like me, this configuration requires inputing a username and
> password for authenticating, and you don't want to be bothered to, you
> can embed those secrets in the connection configuration with:
>
> $ sudo nmcli connection modify $your-connection vpn.user-name $your-username
> $ sudo nmcli connection modify $your-connection vpn.secrets 
> password=$your-password
> $ sudo nmcli connection modify $your-connection $your-username +vpn.data 
> password-flags=0
>
> The password-flags=0 disables some integration with the GNOME keyring,
> which I don't use.
>
> This has the benefit of automatically adding the VPN DNS server to your
> /etc/resolv.conf, compared with connecting directly with openvpn (or our
> Guix openvpn service).
>
> HTH!
>
> Maxim
>

-- 
Joshua Branson
Sent from Emacs and Gnus

[Prev in Thread]

Current Thread

[Next in Thread]

[kb] Using an OpenVPN config with nmcli, Maxim Cournoyer, 2020/03/16
- Re: [kb] Using an OpenVPN config with nmcli, Joshua Branson <=

Prev by Date: Problem with guix offload
Next by Date: Re: Scheduling and getting notifications in a desktop or window manager environment
Previous by thread: [kb] Using an OpenVPN config with nmcli
Next by thread: Re: Could anyone please package RStudio?
Index(es):
- Date
- Thread