Re: How to setup NM VPN ?

[Dan Williams <dcbw redhat com>]

On Sat, 2009-02-07 at 17:12 -0300, Miguel Rozsas wrote:
> Hi,
>  I am using Fedora 10, Network manager openvpn plugin
> (NetworkManager-openvpn-0.7.0-18.svn11.fc10.i386) and
> openvpn-2.1-0.29.rc15.fc10.i386.
> 
> I can connect to the remote openvpn server using the openvpn command line: 
> [code]
> # openvpn --config myvpn.ovpn --script-security 2
> ....
> Enter Private Key Password:
> ...
> Initialization Sequence Completed
> [/code]
> 
> 
> ..and I access all hosts on VPN side. No problems at all.
> 
> The question is: How to setup a similar connection using NM ?
> 
> 
> 
> The command above uses 2 files: myvpn.ovpn and mypkcs-file.p12
> 
> 
> 
> myvpn.ovpn:
> [code]
> 
> #OpenVPN Server conf
> tls-client
> client
> dev tun
> proto udp
> tun-mtu 1400
> remote 12.13.14.15 1194
>  #obfuscated OVPN IP gateway
> pkcs12 mypkcs-file.p12
> cipher BF-CBC
> comp-lzo
> verb 3
> ns-cert-type server
> [/code]
> 
> mypkcs-file.p12 is in the same directory is myvpn.ovpn and it is a
> data/binary file. I got both files from my OVPN server (a smoothwall
> with the zerina mod)
> 
> On windows, I am using openVPNGUI from http://openvpn.se. On windows, I need just 
> to drop both files on a config file and I am ready to go.
> 
> Any ideas about how to configure NM-openvpn ? It has several options and types 
> and it request several files I don't have....

I think you want the "Certificates (TLS)" option.  However, the NM
OpenVPN client doesn't handle PKCS12 files yet.  For the moment, you
could try converting the PKCS#12 file to openssl-style PEM files, which
break the private key and client certificate up into two files.  You'll
also want to extract the CA certificate from the pkcs12 file and use
that as well.  In the near future, we can support PKCS12 files too.

Dan