Applies to Platform: Linux
Updated on: 29th of August 2013
This lesson guides you in setting up an OpenVPN roadwarrior client connection to your Endian UTM Appliance using a plugin for Network Manager in Linux operating system.
OpenVPN Network Manager plugin
OpenVPN is one of the opensource VPN solutions offered on the Endian UTM Appliances, whose main characteristics are security, scalability, support for many operating systems, speed, and easy integration with different authentication systems.
To connect Linux workstations to an OpenVPN server you need the Network Manager VPN plugin for OpenVPN, freely available in the repositories.
Software installation
In case you already have the package installed, please skip this step and go to "Connection Configuration" below, otherwise please follow these steps to install and configure the network manager plugin from the CLI:
To install it, use it as root:
root@linux:~# apt-get install network-manager-openvpn
on Ubuntu or Debian based distributions and
root@linux:~# yum install networkmanager-openvpn
on Fedora or RedHat based distributions. The above commands would also resolve the necessary dependencies, meaning that other packages can be installed along with the OpenVPN plugin.
Troubleshooting for Fedora 17 and /or SELinux users
Fedora 17 users and in general whoever uses the SELinux framework should pay attention to the following point: OpenVPN may not be allowed to access the .pem files that are mandatory for the connection to an Endian UTM Appliance.
To bypass this problem, grant to OpenVPN access to .pem files, which is a mandatory requirement for certificate-based OpenVPN connections. This can be achieved by issuing the followign commands as root:
root@linux:~# grep openvpn /var/log/audit/audit.log | audit2allow -M mypol
root@linux:~# semodule -i mypol.pp
Connection configuration
Note
To configure a connection:
Go to the Network Manager icon in the tray and right-click on it. Next, go to VPN Connections > Configure VPN.
A window will appear allowing you to set up the connection by supplying all the necessary parameters. Click on OpenVPN.
Now, follow these steps in the VPN tab:
Click on Add > OpenVPN > Create.
- Write the OpenVPN server IP address.
- Fill in the Username and Password fields.
- Choose the CA certificate you received for this connection.
Click on Advanced. In the new window carry out the next two steps.
- Tick the options: Use LZO data compression, and Use a TAP device > OK. (If the OpenVPN server is configured to use a TAP devive, otherwise do not tick it or specify TUN)
- Go to IPv4 > Routes and tick Use this connection only for resources on its network.
Now you have a fully working road-warrior connection to your Endian UTM Appliance. Enjoy!
Comments