12VPX
OpenVPN with Network Manager

OpenVPN with Network Manager

Contents

Requirements

  • Basic command-line knowledge.
  • A Linux distribution with Network Manager.

Install OpenVPN and OpenVPN Plugin

Install the OpenVPN plugin for Network Manager. Exact commands will vary depending on your distribution.

Command for Debian/Ubuntu based distructions:

sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome

Command for CentOS:

sudo yum -y install openvpn NetworkManager-openvpn NetworkManager-openvpn-gnome

Command for Fedora:

sudo dnf -y install openvpn NetworkManager-openvpn NetworkManager-openvpn-gnome

Version Check

Let's double-check that we have OpenVPN 2.4 or newer:

❯ openvpn --version
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2019

OpenVPN Server Profile

Download an OpenVPN server profile from the list at the bottom of this page.

For our example, we're downloading AT Vienna.ovpn.

Import OpenVPN Config

❯ nmcli connection import type openvpn file AT\ Vienna.ovpn 
Connection 'AT Vienna' (3efdddf1-a89a-4872-ae6e-dc2c120a1387) successfully added.

Set VPN Username

❯ nmcli connection modify "AT Vienna" vpn.user-name neil

(Use your Auth Token as both username and password.)

Connecting / Disconnecting

At this point you can use the graphical interface of Network Manager to connect/disconnect the VPN.

If you prefer to use the command-line:

Connect to the VPN:

❯ nmcli connection up "AT Vienna"
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/39)

Disconnect from the VPN:

❯ nmcli connection down "AT Vienna"
Connection 'AT Vienna' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/39)

Deleting Connections

We recommend you delete unused, old or redundant OpenVPN servers:

❯ nmcli connection show
NAME                         UUID                                  TYPE       DEVICE 
Wired connection 1           dd530962-d349-353f-abaa-a81595677d23  ethernet   enp4s0 
AT Vienna                    3efdddf1-a89a-4872-ae6e-dc2c120a1387  vpn        --    

❯ nmcli connection delete "AT Vienna"
Connection 'AT Vienna' (3efdddf1-a89a-4872-ae6e-dc2c120a1387) successfully deleted.

❯ nmcli connection show
NAME                         UUID                                  TYPE       DEVICE     
Wired connection 1           dd530962-d349-353f-abaa-a81595677d23  ethernet   enp4s0

Optional: Connection Details

There are a number of properties that you can change for each connection.

Let's see what we have:

❯ nmcli connection show "AT Vienna"
connection.id:                          AT Vienna
connection.uuid:                        b6b3f8b2-5e4f-4adf-b95c-311b29c87fc1
connection.stable-id:                   --
connection.type:                        vpn
connection.interface-name:              --
connection.autoconnect:                 no
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
...etc.

Optional: Automatically Connect

You may have noticed the connection.autoconnect option there. It does exactly what you think it does: automatically connect to the VPN when the computer starts.

To enable this option:

❯ nmcli connection modify "AT Vienna" connection.autoconnect yes

And to disable it again:

❯ nmcli connection modify "AT Vienna" connection.autoconnect no

Note: we recommend you do not use this on laptops. It doesn't play well with login screens (captive portals) used in hotels, starbucks, etc.

Optional: Abbreviated Commands

We've been showing you the full nmcli commands for clarity. Most of them can be abbreviated for efficiency.

Some examples:

❯ nmcli c i type openvpn file AT\ Vienna.ovpn
Connection 'AT Vienna' (71639a6e-fe83-4003-986c-6aef946fd39b) successfully added.

❯ nmcli c d "AT Vienna"
Connection 'AT Vienna' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/29)

❯ nmcli c de "AT Vienna"
Connection 'AT Vienna' (71639a6e-fe83-4003-986c-6aef946fd39b) successfully deleted.

Etc.

Server Profiles

Hidden Account Details

Account-specific details are hidden. Sign in to view them.