--- title: OpenVPN and NetworkManager 1.2 published: 2016-05-15 --- Doing a new round of tests for OpenVPN client support I decided to test how well Fedora 24 Beta and Ubuntu 16.04 work. They both have NetworkManager 1.2 which brings a lot of improvements to the OpenVPN plugin, particularly when importing configurations. Particularly I was testing the way imports from [eduvpn](https://github.com/eduvpn), a managed VPN service worked. It turned out it works pretty well, with a minor issue that is already fixed in the development branch of NetworkManager. Ubuntu has some issues with DNS servers provided over the VPN. Importing a configuration using NetworkManager 1.2 resulted in a small [issue](https://bugzilla.gnome.org/show_bug.cgi?id=739519) with `comp-lzo` that was fixed the same day, for release in a next point release of NetworkManager 1.2. In the case of eduvpn, the server pushed `comp-lzo`: ``` comp-lzo no push "comp-lzo no" ``` The client had the following: ``` comp-lzo no ``` The issue was that OpenVPN import in NetworkManager saw `comp-lzo no` as having compression *disabled*, which is only kind of correct: having this option, even if it is set to `no` allows the server to override it. Even if the server again overrides it with `no` it still does not work when `comp-lzo` is missing: ``` WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' ``` Using `comp-lzo yes` in the client configuration allows for the import to work correctly and the VPN to work perfectly on Fedora. On Ubuntu there is an additional issue with DNS, particularly in the part that integrates with `dnsmasq`. It was [reported](https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1211110) almost 3 years ago, but hasn't been fixed yet. The work-around is not difficult, but still cumbersome and requires `root`. Disable `dnsmasq` for NetworkManager which is used by default on Ubuntu by modifying `/etc/NetworkManager/NetworkManager.conf`. Add a `#` in front of the `dns=dnsmasq` line. Then restart NetworkManager, or simply reboot the system. That should be all!