OpenVPN on Linux
The ZIH operates an OpenVPN service as an alternative for accessing the TU Dresden intranet. The instructions explain the installation and setup of the OpenVPN client under Linux. This guide is primarily for currently supported Ubuntu/Debian versions with Network Manager.
Table of contents
Installation
Debian 10 (Buster)/Ubuntu 18.04 (Bionic Beaver) or newer
- Install the OpenVPN software and the Network Manager plugin.
sudo apt-get update
sudo apt-get install openvpn network-manager-openvpn - Installing the graphical components:
- GNOME: Users of the Gnome desktop need to install one more component to be able to make settings through the user interface:
sudo apt-get install network-manager-openvpn-gnome - KDE: The KDE Plasma Network Manager program (plasma-nm) already includes support for OpenVPN.
- Other desktop environments: Other desktop environments mostly use the Gnome user interface of the NetworkManager. Here, the additional installation of the corresponding component is also required:
sudo apt-get install network-manager-openvpn-gnome
- GNOME: Users of the Gnome desktop need to install one more component to be able to make settings through the user interface:
Debian 9 (Stretch)
The versions of the OpenVPN program and the corresponding integrations for the Network Manager contained in the regular package sources are too old. However, newer versions are included in the so-called backports.
- If you do not use backports yet, add the following line
deb http://deb.debian.org/debian stretch-backports main
to the file /etc/apt/sources.list. - Install OpenVPN software and Network Manager plugin from backports:
sudo apt-get update
sudo apt-get install openvpn/stretch-backports network-manager-openvpn/stretch-backports - Installing the graphical components:
- GNOME: Install the graphical editor plugin component from the backports:
sudo apt-get install network-manager-openvpn-gnome/stretch-backports - KDE: Unfortunately, there is no sufficiently up-to-date version of plasma-nm in the backports either. However, starting and stopping the VPN connection should still be possible. However, you have to import the OpenVPN profile on the command line as described below using nmcli. Alternatively, you can also use the GNOME Network Manager interface under KDE.
- GNOME: Install the graphical editor plugin component from the backports:
Debian 8 (Jessie)/Ubuntu 16.04 (Xenial Xerus) or older
The versions of the OpenVPN program and the related integrations for the Network Manager included in the official package sources are too old. However, at least current versions of the OpenVPN program can be obtained as a package from the OpenVPN project, but unfortunately you have to do without the Network Manager integration.
- Add the release key of the OpenVPN project to your package management:
wget -O - https://build.openvpn.net/debian/openvpn/stable/pubkey.gpg | sudo apt-key add - - Add the repository of the OpenVPN project to your package manager:
echo "deb http://build.openvpn.net/debian/openvpn/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/openvpn.net.list - Install the OpenVPN program
sudo apt-get update
sudo apt-get install openvpn
Other Linux variants
Of course, the OpenVPN service also works with other Linux variants, provided that sufficiently up-to-date software is available there. You need
- Version 2.4 or newer of the OpenVPN program.
- Version 1.8.10 or newer of the Network Manager OpenVPN plugin for Network Manager support (optional).
- For the graphical user interface (optional):
- GNOME: Version 1.8.10 or newer of the Network Manager OpenVPN GNOME plugin.
- KDE: Version 5.11.95 or newer of KDE Plasma.
Import into Network Manager
Obtain an appropriate profile from the OpenVPN profile generator in the Self-Service Portal and save it. Remember the folder in which the file is located.
Import profile
Then import the downloaded file with the command:
sudo nmcli connection import type openvpn file <path to>/TUD.ovpn
Alternatively, you can import the file using the Network Manager graphical interface.
Set username
After that, open the Network Manager. In the VPN connections there should now be a new entry with the same name as the downloaded file. You can edit the entry in the Network Manager, to save your username with your profile. The username will be your ZIH login without extensions like @tu-dresden.de or similar. When you start the VPN connection you may be asked for username and password. Always use the ZIH login and the password for the ZIH login.
Known errors
Error: unsupported blob/xml element
If the following error occurs when starting OpenVPN:
"Error: failed to import "<path to>/TUD.ovpn': configuration error: unsupported blob/xml element (line 32).",
your version of Network Manager is too old and you cannot use Network Manager to manage OpenVPN. This occurs among others in Ubuntu 16.04 (Xenial Xerus) or older, Debian 8 (Jessie) or older and Debian 9 (Stretch) without backports. However, you can then still start OpenVPN manually on the command line:
sudo openvpn --config <path to>/TUD.ovpn
Missing IP address/routes
If the OpenVPN interface (idR. tun0) has no IP address or routes despite successful connection establishment, i.e. the following output is empty:
ip -4 route show dev tun0 table all
check if the package netscript-2.4 should be installed, please follow these steps
apt list --installed netscript-2.4
We do not recommend using this package and recommend using ifupdown instead:
sudo apt install ifupdown