Maxim Cournoyer <maxim.courno...@gmail.com> writes: Thanks for this! I've been using openvpn to manually connect, and I'm leaking DNS queries. Thanks!
> Over the weekend, I spent a bit of time figuring how to use OpenVPN with > NetworkManager, especially its command line interface, 'nmcli'. > > If you are using the Guix System, the first thing to do is to add the > openvpn plugin to your network-manager-service-type configuration, like > this: > > (services > ... > (modify-services %my-desktop-services > (network-manager-service-type config => > (network-manager-configuration > (inherit config) > (vpn-plugins > (list network-manager-openvpn))))) > > Then you'll want to reconfigure your machine, *and* reboot (restarting > the networking service and dbus-session were not enough, for some reason > I couldn't figure out). > > My base file looked like this: > > --8<---------------cut here---------------start------------->8--- > client > dev tun > proto udp > remote some-server.net 5912 > resolv-retry infinite > nobind > persist-key > persist-tun > auth-user-pass > comp-lzo > verb 3 > remote-cert-tls server > > <ca> > -----BEGIN CERTIFICATE----- > some-long-cert-string... > -----END CERTIFICATE----- > </ca> > > <cert> > -----BEGIN CERTIFICATE----- > some-long-cert-string > -----END CERTIFICATE----- > </cert> > > <key> > -----BEGIN PRIVATE KEY----- > some-long-private-key-string > -----END PRIVATE KEY----- > </key>-- > 8<---------------cut here---------------end--------------->8--- > > To import this with nmcli, it's easy: > > $ sudo nmcli connection import type openvpn file your-openvpn-config-file.ovpn > > And if, like me, this configuration requires inputing a username and > password for authenticating, and you don't want to be bothered to, you > can embed those secrets in the connection configuration with: > > $ sudo nmcli connection modify $your-connection vpn.user-name $your-username > $ sudo nmcli connection modify $your-connection vpn.secrets > password=$your-password > $ sudo nmcli connection modify $your-connection $your-username +vpn.data > password-flags=0 > > The password-flags=0 disables some integration with the GNOME keyring, > which I don't use. > > This has the benefit of automatically adding the VPN DNS server to your > /etc/resolv.conf, compared with connecting directly with openvpn (or our > Guix openvpn service). > > HTH! > > Maxim > -- Joshua Branson Sent from Emacs and Gnus
