aboutsummaryrefslogtreecommitdiffstats
path: root/posts/nm_12_openvpn.md
blob: e5a2e77499b366dcb8eca4f3dcd531cdac91be99 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
---
title: OpenVPN and NetworkManager 1.2
published: 2016-05-15
---

Doing a new round of tests for OpenVPN client support I decided to test how
well Fedora 24 Beta and Ubuntu 16.04 work. They both have NetworkManager 
1.2 which brings a lot of improvements to the OpenVPN plugin, particularly 
when importing configurations. Particularly I was testing the way imports from
[eduvpn](https://github.com/eduvpn), a managed VPN service worked.

It turned out it works pretty well, with a minor issue that is already fixed in 
the development branch of NetworkManager. Ubuntu has some issues with DNS
servers provided over the VPN.

Importing a configuration using NetworkManager 1.2 resulted in a 
small [issue](https://bugzilla.gnome.org/show_bug.cgi?id=739519)
with `comp-lzo` that was fixed the same day, for release in a next 
point release of NetworkManager 1.2. In the case of eduvpn, the server pushed 
`comp-lzo`:

```
comp-lzo no
push "comp-lzo no"
```

The client had the following:

```
comp-lzo no
```

The issue was that OpenVPN import in NetworkManager saw `comp-lzo no` as having 
compression *disabled*, which is only kind of correct: having this option, even
if it is set to `no` allows the server to override it. Even if the
server again overrides it with `no` it still does not work when 
`comp-lzo` is missing: 

```
WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
```

Using `comp-lzo yes` in the client configuration allows for the 
import to work correctly and the VPN to work perfectly on Fedora. 

On Ubuntu 
there is an additional issue with DNS, particularly in the part that integrates with `dnsmasq`. It was [reported](https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1211110) almost 3 years ago, but hasn't been fixed yet.

The work-around is not difficult, but still cumbersome and requires `root`. Disable `dnsmasq` for 
NetworkManager which is used by default on Ubuntu by modifying `/etc/NetworkManager/NetworkManager.conf`. Add a `#` in front of the `dns=dnsmasq` line. Then restart NetworkManager, or simply reboot the system. That should be all!