OpenVPN and NetworkManager 1.2
Published on 2016-05-15
Doing a new round of tests for OpenVPN client support I decided to test how well Fedora 24 Beta and Ubuntu 16.04 work. They both have NetworkManager 1.2 which brings a lot of improvements to the OpenVPN plugin, particularly when importing configurations. Particularly I was testing the way imports from eduvpn, a managed VPN service worked.
It turned out it works pretty well, with a minor issue that is already fixed in the development branch of NetworkManager. Ubuntu has some issues with DNS servers provided over the VPN.
Importing a configuration using NetworkManager 1.2 resulted in a
comp-lzo that was fixed the same day, for release in a next
point release of NetworkManager 1.2. In the case of eduvpn, the server pushed
comp-lzo no push "comp-lzo no"
The client had the following:
The issue was that OpenVPN import in NetworkManager saw
comp-lzo no as having
compression disabled, which is only kind of correct: having this option, even
if it is set to
no allows the server to override it. Even if the
server again overrides it with
no it still does not work when
comp-lzo is missing:
WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
comp-lzo yes in the client configuration allows for the
import to work correctly and the VPN to work perfectly on Fedora.
there is an additional issue with DNS, particularly in the part that integrates with
dnsmasq. It was reported almost 3 years ago, but hasn't been fixed yet.
The work-around is not difficult, but still cumbersome and requires
NetworkManager which is used by default on Ubuntu by modifying
/etc/NetworkManager/NetworkManager.conf. Add a
# in front of the
dns=dnsmasq line. Then restart NetworkManager, or simply reboot the system. That should be all!