[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: openvpn with networkmanager
From: |
Maxim Cournoyer |
Subject: |
Re: openvpn with networkmanager |
Date: |
Tue, 08 Jan 2019 15:48:57 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Hello,
Adam Massmann <address@hidden> writes:
> Hi Ben,
>
> Benjamin Slade <address@hidden> writes:
>
>>
>> What is a recommended/working way of using OpenVPN on GuixSD?
>
> I do not know what the recommended way of working with
> openvpn is, but I do have a working way. Attached is a bash
> script that takes a wireless interface as an argument and
> starts up a vpn, adjusting dns to avoid dns leaks (you will
> need to modify to add the dns for your setup). So if I have
> a wifi connection called "interface" I just run
> ```vpn-launcher-example.sh interface``` to start my vpn
> session, and then ```vpn-killer-example.sh interface```
> to cleanup the connection after I have finished
> openvpn. Also depending on your setup you might need to
> either run as root, or sprinkle sudos before the nmcli
> calls.
>
> This works well for me, but I strongly doubt it is the
> recommended way using openvpn. If anyone has a better way
> I'd also love to hear it.
>
> Best,
> Adam
Thanks Adam, it seems a good workaround that I hadn't thought
about. Avenues I have explored so far are:
1. Purely config based. Example:
--8<---------------cut here---------------start------------->8---
client
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
comp-lzo #t
persist-key #t
persist-tun #t
verb 3
remote-cert-tls server
nobind
resolv-retry infinite
remote someserver.net 9999
auth-user-pass
script-security 2 # calling of built-in executables and user-defined scripts.
# Accept DNS changes from the server
# TODO: Need to package "resolvconf"
# The following script comes from
#
https://github.com/masterkorp/openvpn-update-resolv-conf/blob/master/update-resolv-conf.sh
#up /etc/openvpn/update-resolv-conf.sh
#down /etc/openvpn/update-resolv-conf.sh
--8<---------------cut here---------------end--------------->8---
As one can see, the solution here would be to have some external script
called which task would be to update /etc/resolv.conf so that DNS
work. Another problem is that the /etc/resolv.conf file is managed by
NetworkManager, so any changes could be lost or reset by it at times.
2. Define a openvpn service as part of your GuixSD config, such as:
--8<---------------cut here---------------end--------------->8---
(openvpn-client-service
#:config (openvpn-client-configuration
(remote
(list
(openvpn-remote-configuration
(name "someserver.net")
(port 9999))))))
--8<---------------cut here---------------end--------------->8---
Some problems with this second option:
a. It's on by default (I'd prefer it off -- must be easy but I'm
not very knowledgeable about services yet)
b. It doesn't address the DNS question.
3. I've tried using the tools provided by network-manager, and
apparently only 'nmcli' proposes creating a VPN connection. It seems the
parameters it accepts are insufficient to define completely the setup (I
didn't see a parameter to store the remote server for example), so I'm
not sure how it's supposed to work.
Anyway, after creating the connection, I tried activating it, only to
get the error:
Error: Failed to activate 'vpn-wlp0s20f0u1'
(718af83f-9553-4805-9140-4dfd28e46a07) connection: The VPN service
'org.freedesktop.NetworkManager.openvpn' was not installed.
I'll try your solution next. Thank you!
Maxim
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: openvpn with networkmanager,
Maxim Cournoyer <=