aboutsummaryrefslogtreecommitdiffstats
path: root/posts/nm_12_openvpn.md
diff options
context:
space:
mode:
Diffstat (limited to 'posts/nm_12_openvpn.md')
-rw-r--r--posts/nm_12_openvpn.md50
1 files changed, 50 insertions, 0 deletions
diff --git a/posts/nm_12_openvpn.md b/posts/nm_12_openvpn.md
new file mode 100644
index 0000000..e5a2e77
--- /dev/null
+++ b/posts/nm_12_openvpn.md
@@ -0,0 +1,50 @@
+---
+title: OpenVPN and NetworkManager 1.2
+published: 2016-05-15
+---
+
+Doing a new round of tests for OpenVPN client support I decided to test how
+well Fedora 24 Beta and Ubuntu 16.04 work. They both have NetworkManager
+1.2 which brings a lot of improvements to the OpenVPN plugin, particularly
+when importing configurations. Particularly I was testing the way imports from
+[eduvpn](https://github.com/eduvpn), a managed VPN service worked.
+
+It turned out it works pretty well, with a minor issue that is already fixed in
+the development branch of NetworkManager. Ubuntu has some issues with DNS
+servers provided over the VPN.
+
+Importing a configuration using NetworkManager 1.2 resulted in a
+small [issue](https://bugzilla.gnome.org/show_bug.cgi?id=739519)
+with `comp-lzo` that was fixed the same day, for release in a next
+point release of NetworkManager 1.2. In the case of eduvpn, the server pushed
+`comp-lzo`:
+
+```
+comp-lzo no
+push "comp-lzo no"
+```
+
+The client had the following:
+
+```
+comp-lzo no
+```
+
+The issue was that OpenVPN import in NetworkManager saw `comp-lzo no` as having
+compression *disabled*, which is only kind of correct: having this option, even
+if it is set to `no` allows the server to override it. Even if the
+server again overrides it with `no` it still does not work when
+`comp-lzo` is missing:
+
+```
+WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
+```
+
+Using `comp-lzo yes` in the client configuration allows for the
+import to work correctly and the VPN to work perfectly on Fedora.
+
+On Ubuntu
+there is an additional issue with DNS, particularly in the part that integrates with `dnsmasq`. It was [reported](https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1211110) almost 3 years ago, but hasn't been fixed yet.
+
+The work-around is not difficult, but still cumbersome and requires `root`. Disable `dnsmasq` for
+NetworkManager which is used by default on Ubuntu by modifying `/etc/NetworkManager/NetworkManager.conf`. Add a `#` in front of the `dns=dnsmasq` line. Then restart NetworkManager, or simply reboot the system. That should be all!