Networkmanager and openvpn

This is a quick howto on how to set up an openvpn connection using Networkmanager.

I am connecting to an IPCOP firewall to access my company network. This is a breeze in Windows, using the excellent OpenVPN GUI for Windows However, using Networkmanager under Linux, I found this not to be equally easy.

OpenVPN GUI for Windows uses a PKCS12 file containing both the certificate and the private key. Now, Networkmanager does not support pkcs files, even though openvpn does support this, and therefore we need to extract the cert and key from the pkcs file before setting up Networkmanager.

Now, grab the .ovpn file and the .p12 from windows. (Or from IPCOP Managment Interface).

Using the .p12 files, issue the following commands.

openssl pkcs12 -nocerts -in default.p12 -out userkey.pem
openssl pkcs12 -nokeys -clcerts -in default.p12 -out usercert.pem
openssl pkcs12 -nokeys -cacerts -in default.p12 -out userca.pem

Now you have all the files needed to put into Networkmanager. Use the ovpn file to find the ipadr/hostname to your openvpn server.

Thats all, you should be good to go.

11 thoughts on “Networkmanager and openvpn

  1. Pingback: Ubuntu Network Manager and openvpn « Keystone IT Tech

  3. You have saved my life. This was exactly what I was looking for – I didn’t know network-manager-openvpn couldn’t use the .p12 file and you had to extract the individual certs/keys from it. Not something someone everyone would know. Thanks!!

  4. thanks for da info .. my ovpn got connected to ipcop, but i didnt have actual route, can ya help me?

    $ netstat -rn
    Kernel IP routing table
    Destination Gateway Genmask Flags MSS Window irtt Iface
    21x.xx.xxx.x2 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
    172.16.85.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    192.168.27.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
    0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0

    $ ifconfig tun0
    tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:10.193.196.6 P-t-P:10.193.196.5 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1412 Metric:1
    RX packets:12 errors:0 dropped:0 overruns:0 frame:0
    TX packets:109 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:314 (314.0 b) TX bytes:12706 (12.4 KB)
    $

    i got connected .. but i cant ping my network behind the ipcop ..
    i think because of this:

    0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0

  5. if i connected manually using console, i got this result :

    $ netstat -rn
    Kernel IP routing table
    Destination Gateway Genmask Flags MSS Window irtt Iface
    10.193.196.1 10.193.196.5 255.255.255.255 UGH 0 0 0 tun0
    2xx.xx.xxx.x2 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
    10.193.196.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
    172.16.85.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    172.16.1.0 10.193.196.5 255.255.255.0 UG 0 0 0 tun0
    192.168.27.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
    0.0.0.0 10.193.196.5 128.0.0.0 UG 0 0 0 tun0
    128.0.0.0 10.193.196.5 128.0.0.0 UG 0 0 0 tun0
    0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

  6. I am not a network expert, but you must check your logs, since it appears that when NM is calling ovpn, it does not push route information.

    Does this work in a windows environment, and have others been able to connect to this IPcop server?

  7. Pingback: Ubuntu, Network Manager und OpenVPN at they made me do it

  8. What is a PEM Passphrase? Sorry but when I try to extract files from the p12 file they don’t want to come.

  9. The p12 file is encrypted, and you need to enter the password in order to decrypt the p12 file and its content. It’s not possible to extract the certificates and keys while they are encrypted.

    Hope you get it working!

  10. Thanks guys, i first was trying to create a vpn connection with kvpnc but couldn’ t get it to work anymore. When i followed your instructions i was online in less then 2 minutes!

    Grts, Ron

  11. Hi this has got me far closer to getting things working but I am not quite there yet!
    I can connect to ipcop using openvpn by feeding it the .ovpn file at the command line but NM won’t play.
    the .ovpn says I am a tls-client so I am guessing I need something in NM set up to authorise by tls but I don’t know what to put in here (I tried each of the files extracted from the p12 file but nothing worked)
    at no point does NM ask for a passphrase and it returns a failed to connect error after reaching ’80% activation stage: getting ip configuration’
    Anyone any ideas what to do next?

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">