openSUSE Leap 42.2 setup (using NetworkManager 1.0.12)
Having read through all of the Linux VPN setup information in the PIA Client Support Area, it seems to me it's all geared mainly for setting up and using openvpn on an elevated privilege command line. Setup information for NetworkManager exists but either references a rather old version or the information is not quite complete.
Hopefully, I can explain it all here. Leap 42 is a KDE UI distro which provides NetworkManager for users. Route merits, disadvantages, and opinions about KDE and/or NetworkManager to /dev/null, please. It is what it is.
It will help you past a hurdle if before you start setting up NetworkManager, you have run KDE Wallet at least once and have chosen the 'basic' configuration from the Wizard that runs that first time. The basic wallet setup will create a wallet for your user account and have you set a password for the wallet.
The second thing to do before you start setting up NetworkManager is to download and unzip the openvpn.zip file from PIA. I unzipped mine in /etc/openvpn/privateinternetaccess.com/ . The zip file contents gives you a collection of ovpn files and a ca.crt file.
...and to be sure you're ready to start, make sure your system has the packages NetworkManager-openvpn NetworkManager-openvpn-lang openvpn plasma-nm5-openvpn installed. Double-check with the Package Manager GUI or run the command zypper se NetworkManager-openvpn NetworkManager-openvpn-lang openvpn plasma-nm5-openvpn .
This forum appears to only allow images to be attached to a post. No inline images. So anyone trying to make sense of what I'm writing will have to refer to the images and back again to the text. I will try to attach the images in a sensible order.
To start, you will need to open NetworkManager's Connection editor [photo 1] -- right-click on the network icon in the system notification area and choose Configure Network Connections OR click on the network icon to open the Networks pop=up panel and then click on the configuration icon just below the top right corner of the panel.
[photo 2] Click the Add button over on the left side of Connection editor
[photo 3] Select VPN type OpenVPN
[photo 4] PIA provides you with a username and password. In the VPN (openvpn) tab, select Connection type : Password
[photo 5] Fill in the rest of the entries in the VPN tab. What you enter in these fields is extracted from whichever ovpn file you choose. Use the full path to the ca.crt file!
[photo 6] Be sure to click the floppy disc icon to the right of the eyeball icon in the account password field after you have filled it in.
[photo 7] Click the Advanced button. Fill in the fields in the General tab. Setting LZO compression to Yes is required! Traffic won't pass without it, and the other two possible values cause the VPN link initialization to fail.
[photo 8] Click the Security tab and make the selections shown.
... Almost done...
[photo 9] Click the TLS Settings tab and enable server certificate varification (many tutorials don't mention this!). This setting guards against MITM subversion of your VPN link.
... Click at least two OK buttons (possibly three) to commit your settings. Select the new VPN entry in the Connection editor and click the Connect button.
Done!
edit: added package list
Hopefully, I can explain it all here. Leap 42 is a KDE UI distro which provides NetworkManager for users. Route merits, disadvantages, and opinions about KDE and/or NetworkManager to /dev/null, please. It is what it is.
It will help you past a hurdle if before you start setting up NetworkManager, you have run KDE Wallet at least once and have chosen the 'basic' configuration from the Wizard that runs that first time. The basic wallet setup will create a wallet for your user account and have you set a password for the wallet.
The second thing to do before you start setting up NetworkManager is to download and unzip the openvpn.zip file from PIA. I unzipped mine in /etc/openvpn/privateinternetaccess.com/ . The zip file contents gives you a collection of ovpn files and a ca.crt file.
...and to be sure you're ready to start, make sure your system has the packages NetworkManager-openvpn NetworkManager-openvpn-lang openvpn plasma-nm5-openvpn installed. Double-check with the Package Manager GUI or run the command zypper se NetworkManager-openvpn NetworkManager-openvpn-lang openvpn plasma-nm5-openvpn .
This forum appears to only allow images to be attached to a post. No inline images. So anyone trying to make sense of what I'm writing will have to refer to the images and back again to the text. I will try to attach the images in a sensible order.
To start, you will need to open NetworkManager's Connection editor [photo 1] -- right-click on the network icon in the system notification area and choose Configure Network Connections OR click on the network icon to open the Networks pop=up panel and then click on the configuration icon just below the top right corner of the panel.
![[photo 1]](https://www.dropbox.com/s/tvxdapaica4kedm/Screenshot_20170406_160847.png?dl=0){kind=link}
[photo 2] Click the Add button over on the left side of Connection editor
![[photo 2]](https://www.dropbox.com/s/skqn3p7i58hs9np/Screenshot_20170406_160934.png?dl=0){kind=link}
[photo 3] Select VPN type OpenVPN
![[photo 3]](https://www.dropbox.com/s/ypmwew8j8565qqf/Screenshot_20170406_160915.png?dl=0){kind=link}
[photo 4] PIA provides you with a username and password. In the VPN (openvpn) tab, select Connection type : Password
![[photo 4]](https://www.dropbox.com/s/ie3wtimrh872y7l/Screenshot_20170406_161142.png?dl=0){kind=link}
[photo 5] Fill in the rest of the entries in the VPN tab. What you enter in these fields is extracted from whichever ovpn file you choose. Use the full path to the ca.crt file!
![[photo 5]](https://www.dropbox.com/s/mc0hwkg1vz5mzpl/Screenshot_20170406_161637.png?dl=0){kind=link}
[photo 6] Be sure to click the floppy disc icon to the right of the eyeball icon in the account password field after you have filled it in.
![[photo 6]](https://www.dropbox.com/s/7iw1sftwf8grlfx/Screenshot_20170406_161706.png?dl=0){kind=link}
[photo 7] Click the Advanced button. Fill in the fields in the General tab. Setting LZO compression to Yes is required! Traffic won't pass without it, and the other two possible values cause the VPN link initialization to fail.
![[photo 7]](https://www.dropbox.com/s/leo3j3m83np6gv9/Screenshot_20170406_161814.png?dl=0){kind=link}
[photo 8] Click the Security tab and make the selections shown.
![[photo 8]](https://www.dropbox.com/s/viyxmrfyv25qptz/Screenshot_20170406_161850.png?dl=0){kind=link}
... Almost done...
[photo 9] Click the TLS Settings tab and enable server certificate varification (many tutorials don't mention this!). This setting guards against MITM subversion of your VPN link.
![[photo 9]](https://www.dropbox.com/s/fjoau5gpvtxm4la/Screenshot_20170406_161916.png?dl=0){kind=link}
... Click at least two OK buttons (possibly three) to commit your settings. Select the new VPN entry in the Connection editor and click the Connect button.
Done!
edit: added package list
Comments
Many thanks in advance
Definitely choce OpenVPN as the type. When I try using that command it says cannot open /var/log/NetworkManager for reading: no such file or directory.
Does it matter that my .crt file is the 4096 "secure" version?
Any thoughts?
Thanks once again
fyi. from memory all of the older (ca.crt) connections require setting to 'default' for encryption, the newer 2048/4096 are as described.
Thank you so much!! This saves me so much hassle. I'm a bit of a stickler for security and passwords.....I use LastPass for all my passwords, and all of them are not memorable (my PIA PW is around 50 characters long!) and to get LastPass up I need to open up VeraCrypt, unlock and encrypted spreadsheet which includes my LastPass password....log into LastPass, copy my PIA PW, open up a console and log in that way. Now I can just click on the NetworkManager icon and click "connect" <span>
Really appreciate your quick, helpful and friendly replies!