diff options
Diffstat (limited to 'posts/nm_12_openvpn.md')
| -rw-r--r-- | posts/nm_12_openvpn.md | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/posts/nm_12_openvpn.md b/posts/nm_12_openvpn.md new file mode 100644 index 0000000..e5a2e77 --- /dev/null +++ b/posts/nm_12_openvpn.md @@ -0,0 +1,50 @@ +--- +title: OpenVPN and NetworkManager 1.2 +published: 2016-05-15 +--- + +Doing a new round of tests for OpenVPN client support I decided to test how +well Fedora 24 Beta and Ubuntu 16.04 work. They both have NetworkManager +1.2 which brings a lot of improvements to the OpenVPN plugin, particularly +when importing configurations. Particularly I was testing the way imports from +[eduvpn](https://github.com/eduvpn), a managed VPN service worked. + +It turned out it works pretty well, with a minor issue that is already fixed in +the development branch of NetworkManager. Ubuntu has some issues with DNS +servers provided over the VPN. + +Importing a configuration using NetworkManager 1.2 resulted in a +small [issue](https://bugzilla.gnome.org/show_bug.cgi?id=739519) +with `comp-lzo` that was fixed the same day, for release in a next +point release of NetworkManager 1.2. In the case of eduvpn, the server pushed +`comp-lzo`: + +``` +comp-lzo no +push "comp-lzo no" +``` + +The client had the following: + +``` +comp-lzo no +``` + +The issue was that OpenVPN import in NetworkManager saw `comp-lzo no` as having +compression *disabled*, which is only kind of correct: having this option, even +if it is set to `no` allows the server to override it. Even if the +server again overrides it with `no` it still does not work when +`comp-lzo` is missing: + +``` +WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' +``` + +Using `comp-lzo yes` in the client configuration allows for the +import to work correctly and the VPN to work perfectly on Fedora. + +On Ubuntu +there is an additional issue with DNS, particularly in the part that integrates with `dnsmasq`. It was [reported](https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1211110) almost 3 years ago, but hasn't been fixed yet. + +The work-around is not difficult, but still cumbersome and requires `root`. Disable `dnsmasq` for +NetworkManager which is used by default on Ubuntu by modifying `/etc/NetworkManager/NetworkManager.conf`. Add a `#` in front of the `dns=dnsmasq` line. Then restart NetworkManager, or simply reboot the system. That should be all! |