Here's a thing I've been poking around with. I've noticed there's a package called Network Manager in Ubuntu 12.04 that works much like Mac OS X's Network configuration panel. You can set up connections, wired, WiFi, and of course VPN. By installing the "network-manager-openvpn-gnome" addon that is available through the Ubuntu Software Center, it's pretty easy to get support for OpenVPN in the Network Manager. Incidentally, I was just struck by how much the network panel looks like how the Macintosh panel works, judge for yourself:

Mac OS X 10.8 network preferences versus Ubuntu 12.04 network settings

Mac OS X 10.8 network preferences Ubuntu 12.04 network settings

 

Installing the required OpenVPN configuration add-on for the Network Manager

Start by opening the Ubuntu Software Center so we can find and install the software we need.

Start by opening the Ubuntu Software Center so we can find and install the software we need.

In the search field at the top right enter the search term 'network-manager-openvpn-gnome' and hit enter.

In the search field at the top right enter the search term 'network-manager-openvpn-gnome' and hit enter.

There should be only one result - click it and hit the 'install' button. You'll be asked for your password to approve the installation.

There should be only one result - click it and hit the 'install' button. You'll be asked for your password to approve the installation.

 

Getting the required separated files from the Access Server

By default the OpenVPN Access Server provides all clients with a single unified .ovpn file that contains all the certificates and items required. However, the interface on Ubuntu doesn't provide a method to load this unified file. While it is of course possible to just call the OpenVPN binary executable directly with some parameters to load the unified .ovpn configuration profile, this is not a very pretty solution for an operating system with such a nice GUI like Ubuntu Lucid has. It'd be much nicer to be able to handle this through the Network Manager. Fortunately the Access Server has a command line script bundled that can export a profile for a user directly to 5 separate files. For clarity, I will list these 5 files and briefly indicate what they do:

  • client.ovpn - the configuration: what server to contact, how to connect, and so on.
  • client.crtclient certificate: proof of identity of the client, will be used for authentication.
  • ca.crt - certificate authority: proof of identity of the server, will be used for authentication.
  • client.keyclient private key: the private key for the client, will be used during authentication.
  • ta.keyTLS authentication key used for HMAC, to further enhance security of the connection.

We'll start by opening the program called 'Terminal' so we can get a Bash session going and SSH into the OpenVPN Access Server's console.

 We'll start by opening the program called 'Terminal' so we can get a Bash session going and SSH into the OpenVPN Access Server's console.

To log in with SSH we need to accept the RSA key and add it to the known_hosts list. Answer 'yes' to do this.

To log in with SSH we need to accept the RSA key and add it to the known_hosts list. Answer 'yes' to do this.

Run the following commands to create a directory to export files to, and to retrieve separate files for the user 'testuser':

Run the following commands to create a directory to export files to, and to retrieve separate files for the user 'testuser':

mkdir /export
/usr/local/openvpn_as/scripts/sacli -o /export --cn testuser Get5
exit

Note: for autologin user profiles, tack _AUTOLOGIN to the username (testuser_AUTOLOGIN)

Now we're back on our own machine and we'll use SCP to retrieve the files to a newly created directory for this purpose.

Now we're back on our own machine and we'll use SCP to retrieve the files to a newly created directory for this purpose. We'll need to authenticate again.

mkdir openvpnfiles
scp root@youraccessserver.address.goeshere:/export/* ./openvpnfiles/
exit

 

Importing the resulting files into the Network Manager so you can connect to it

Now the files are in /home/(username)/openvpnfiles/. Next click on the network icon and go to 'Edit Connections'.

Now the Terminal program will close and the files are in /home/(username)/openvpnfiles/. Next click on the network icon and go to 'Edit Connections'.

Go to the tab labeled 'VPN' and click on 'Import'.

Go to the tab labeled 'VPN' and click on 'Import'.

You should start in the correct folder - the openvpnfiles folder will be here; open it.

You should start in the correct folder - the openvpnfiles folder will be here; open it.

Select the client.ovpn file that is in that folder - that contains all the necessary settings - and click 'Open'.

Select the client.ovpn file that is in that folder - that contains all the necessary settings - and click 'Open'.

Enter a description, and username and password (unless it's an autologin profile) and then click 'Save'.

I am using a profile that requires username and password on top of the certificates so I entered username/password. For autologin profiles this is not necessary. Click 'Save'.

You can see the OpenVPN connection now listed under 'VPN'. You can close this window now.

You can see the OpenVPN connection now listed under 'VPN'. You can close this window now.

Go back to the Network icon at the top and you can start the VPN connection from there.

Go back to the Network icon at the top and you can start the VPN connection from there.

If done right, you should see a confirmation pop up. You can disconnect using the same menu option you used to connect.

If done right, you should see a confirmation pop up. You can disconnect using the same menu option you used to connect.

 
 

The internet stops working while I'm connected to OpenVPN on Ubuntu?

There are a number of reasons why this can happen - for example if a route is being pushed by the remote server to send stuff through the VPN tunnel, and the remote side doesn't pass it through correctly, then you could end up with stuff not working. Or if for example DNS servers are pushed by the OpenVPN server and they don't work, then there's an issue right there. However in Ubuntu there is also the possibility that the Network Manager is overriding your default gateway without OpenVPN's involvement. If that is the case, check this:

  1. Click on the Network Manager icon and choose "VPN Connections" -> "Configure VPN...".
  2. Then choose the connection name and click "Edit".
  3. Go to "IPv4 Settings" tab and click the "Routes" button at the lower-right corner.
  4. Check off "Use this connection only for resources on its network".

Hopefully that will then resolve the case for you. Otherwise, check your routes and DNS settings.