Tuesday, July 28th, 2009 at 10:45am

OpenVPN and Gnome Network Manager

Posted by Jordan Erickson

The open source world never ceases to amaze me. Tools emerge from the community that seemingly can do anything their commercial counterparts can, and usually better. There are sometimes a few kinks to iron out, and one of them I will address with this post.

I use OpenVPN Zerina add-on ( http://www.zerina.de/zerina/ ) along with my IPCop firewall ( http://www.ipcop.org ) to access my office from home and on the road. I have also deployed many of the same systems for my clients, which works seamlessly and without issue, for years on end. This is a fantastic combination. The open source community has provided a freely available OpenVPN client for Windows ( http://openvpn.se/ ) which works great with IPCop’s Zerina add-on (which provides a client .zip file that you simply extract into a single directory and you’re ready to rock).

What I have found, which is semi-peculiar to me, is that the .p12 file (which contains all of the encryption certificates and other necessary components in a single container file) is currently not compatible with a very popular Gnome-based VPN manager called network-manager-openvpn in Ubuntu’s package manager). It contains the files necessary, but a few extra steps are required to extract them and configure. Here are the steps for Ubuntu (I’ve verified this works on 8.04, 8.10 and 9.04) (and a special thanks to http://keystoneit.wordpress.com/2007/11/08/ubuntu-network-manager-and-openvpn/ for the great run down on necessary steps):

sudo apt-get install network-manager-openvpn

cd (path to .p12 file) (If you have a .zip file created by IPCop’s Zerina add-on, simply extract it with the ‘unzip’ command to get your .p12 file)

openssl pkcs12 -nocerts -in (filename).p12 -out userkey.pem

openssl pkcs12 -nokeys -clcerts -in (filename).p12 -out usercert.pem

openssl pkcs12 -nokeys -cacerts -in (filename).p12 -out userca.pem

Then all you need to do is open the VPN connection manager from within your Network Manager GUI in Gnome and configure the necessary parameters. In my experience, this can be kind of tricky – so make sure you have all of the information you need (for instance, the compression type, IP address of the IPCop gateway’s RED interface, etc.). Most of this info can be obtained simply by looking at the .ovpn file itself with any text viewer/editor).

I hear the 2.x version of IPCop will have Zerina integrated, which is really nice to hear. This will make it even easier to deploy these setups and get people telecommuting even more, saving fuel costs, time, energy and rising climate. For now, it’s still a tremendous step forward for those who wish to optimize their time and energy, being able to work from just about anywhere with an Internet connection.


© 2009 Logical Networking Solutions: I.T. and Networking Specialist, Lake County, CA