openSUSE Leap 42.2 setup (using NetworkManager 1.0.12)

edited April 2017 in Linux VPN Setup
Having read through all of the Linux VPN setup information in the PIA Client Support Area, it seems to me it's all geared mainly for setting up and using openvpn on an elevated privilege command line. Setup information for NetworkManager exists but either references a rather old version or the information is not quite complete.

Hopefully, I can explain it all here. Leap 42 is a KDE UI distro which provides NetworkManager for users. Route merits, disadvantages, and opinions about KDE and/or NetworkManager to /dev/null, please. It is what it is.

It will help you past a hurdle if before you start setting up NetworkManager, you have run KDE Wallet at least once and have chosen the 'basic' configuration from the Wizard that runs that first time. The basic wallet setup will create a wallet for your user account and have you set a password for the wallet.

The second thing to do before you start setting up NetworkManager is to download and unzip the openvpn.zip file from PIA. I unzipped mine in /etc/openvpn/privateinternetaccess.com/ . The zip file contents gives you a collection of ovpn files and a ca.crt file.

...and to be sure you're ready to start, make sure your system has the packages NetworkManager-openvpn NetworkManager-openvpn-lang openvpn plasma-nm5-openvpn installed. Double-check with the Package Manager GUI or run the command zypper se NetworkManager-openvpn NetworkManager-openvpn-lang openvpn plasma-nm5-openvpn .

This forum appears to only allow images to be attached to a post. No inline images. So anyone trying to make sense of what I'm writing will have to refer to the images and back again to the text. I will try to attach the images in a sensible order.

To start, you will need to open NetworkManager's Connection editor [photo 1] -- right-click on the network icon in the system notification area and choose Configure Network Connections OR click on the network icon to open the Networks pop=up panel and then click on the configuration icon just below the top right corner of the panel.

[photo 2] Click the Add button over on the left side of Connection editor
[photo 3] Select VPN type OpenVPN
[photo 4] PIA provides you with a username and password. In the VPN (openvpn) tab, select Connection type : Password
[photo 5] Fill in the rest of the entries in the VPN tab. What you enter in these fields is extracted from whichever ovpn file you choose. Use the full path to the ca.crt file!
[photo 6] Be sure to click the floppy disc icon to the right of the eyeball icon in the account password field after you have filled it in.
[photo 7] Click the Advanced button. Fill in the fields in the General tab. Setting  LZO compression to Yes is required! Traffic won't pass without it, and the other two possible values cause the VPN link initialization to fail.
[photo 8] Click the Security tab and make the selections shown.
... Almost done...
[photo 9] Click the TLS Settings tab and enable server certificate varification (many tutorials don't mention this!). This setting guards against MITM subversion of your VPN link.
... Click at least two OK buttons (possibly three) to commit your settings. Select the new VPN entry in the Connection editor and click the Connect button.
Done!

edit: added package list


Comments

  • Hi, I have been using OpenVPN using OpenSUSE Leap for some time, but only ever using the command line. I'd like to use the network manager as it'd save a little bit of hassle. I've done the above but every time I go to connect it just says that the connection timed out. Can you think of any reason as to why this may be happening?

    Many thanks in advance
  • are you absolutely certain you chose VPN type OpenVPN ?

    also have a look at the log output using tail -50f /var/log/NetworkManager just before you poke at NetworkManager to try to bring the VPN up (leave the tail running)

  • edited June 2018
    Hi, and thanks for the reply.

    Definitely choce OpenVPN as the type. When I try using that command it says cannot open /var/log/NetworkManager for reading: no such file or directory.

    Does it matter that my .crt file is the 4096 "secure" version?

    Any thoughts?

    Thanks once again
  • check you match the security settings as per here for 4096 crt.
    fyi. from memory all of the older (ca.crt) connections require setting to 'default' for encryption, the newer 2048/4096 are as described.
  • I don't want to jinx it....but that appears to have worked! I wasn't using the correct port for the .crt file I was using (chose 1198, but I needed 501) and also chose to use a TCP connection as well as having to edit the security/encryption settings to suit.

    Thank you so much!! This saves me so much hassle. I'm a bit of a stickler for security and passwords.....I use LastPass for all my passwords, and all of them are not memorable (my PIA PW is around 50 characters long!) and to get LastPass up I need to open up VeraCrypt, unlock and encrypted spreadsheet which includes my LastPass password....log into LastPass, copy my PIA PW, open up a console and log in that way. Now I can just click on the NetworkManager icon and click "connect" <span>:smiley:</span>

    Really appreciate your quick, helpful and friendly replies!
  • edited June 2018
    yes, it matters if you use the larger keyed encryption since: 1) what I wrote was based on 'normal' keys (i'm pretty sure i said so in the details), and 2) PIA servers use different port numbers for the larger key VPN service (it's in their docs and also shown in their prepared ovpn files).

    my personal preference is Keepass for password management across the various platforms I use.

    ps: /var/log/NetworkManager should exist. recreate it as root, if something caused it to disappear.
Sign In or Register to comment.