* Re: openvpn with networkmanager
2018-09-10 16:05 ` Adam Massmann
@ 2018-09-11 1:45 ` Benjamin Slade
2018-09-11 8:28 ` Julien Lepiller
2019-01-08 20:48 ` Maxim Cournoyer
2 siblings, 0 replies; 12+ messages in thread
From: Benjamin Slade @ 2018-09-11 1:45 UTC (permalink / raw)
To: Adam Massmann; +Cc: Guix-Help
Thanks, Adam, I'll have to try this. It's hard to know how much of the
issues with NetworkManager+VPNs is a GuixSD-specific issue and how much
is just NetworkManager (on my Arch machine, I have to connect to openvpn
'by hand', it won't connect through NetworkManager; but on my
Bedrock/pieces-from-a-bunch-of-different-distros machine, OpenVPN 'just
works' directly in NetworkManager).
—Ben
On 2018-09-10T10:05:56-0600, Adam Massmann <massmannak@gmail.com> wrote:
> Hi Ben,
> Benjamin Slade <slade@jnanam.net> writes:
> >
> > What is a recommended/working way of using OpenVPN on GuixSD?
> I do not know what the recommended way of working with
> openvpn is, but I do have a working way. Attached is a bash
> script that takes a wireless interface as an argument and
> starts up a vpn, adjusting dns to avoid dns leaks (you will
> need to modify to add the dns for your setup). So if I have
> a wifi connection called "interface" I just run
> ```vpn-launcher-example.sh interface``` to start my vpn
> session, and then ```vpn-killer-example.sh interface```
> to cleanup the connection after I have finished
> openvpn. Also depending on your setup you might need to
> either run as root, or sprinkle sudos before the nmcli
> calls.
> This works well for me, but I strongly doubt it is the
> recommended way using openvpn. If anyone has a better way
> I'd also love to hear it.
> Best,
> Adam
--
Benjamin Slade - https://babbagefiles.xyz
`(pgp_fp: ,(21BA 2AE1 28F6 DF36 110A 0E9C A320 BBE8 2B52 EE19))
'(sent by mu4e on Emacs running under GNU/Linux . https://gnu.org )
`(Choose Linux ,(Choose Freedom) . https://linux.com )
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: openvpn with networkmanager
2018-09-10 16:05 ` Adam Massmann
2018-09-11 1:45 ` Benjamin Slade
@ 2018-09-11 8:28 ` Julien Lepiller
2018-09-11 16:50 ` Adam Massmann
2018-09-11 17:53 ` Benjamin Slade
2019-01-08 20:48 ` Maxim Cournoyer
2 siblings, 2 replies; 12+ messages in thread
From: Julien Lepiller @ 2018-09-11 8:28 UTC (permalink / raw)
To: help-guix
Le 2018-09-10 18:05, Adam Massmann a écrit :
> Hi Ben,
>
> Benjamin Slade <slade@jnanam.net> writes:
>
>>
>> What is a recommended/working way of using OpenVPN on GuixSD?
>
> I do not know what the recommended way of working with
> openvpn is, but I do have a working way. Attached is a bash
> script that takes a wireless interface as an argument and
> starts up a vpn, adjusting dns to avoid dns leaks (you will
> need to modify to add the dns for your setup). So if I have
> a wifi connection called "interface" I just run
> ```vpn-launcher-example.sh interface``` to start my vpn
> session, and then ```vpn-killer-example.sh interface```
> to cleanup the connection after I have finished
> openvpn. Also depending on your setup you might need to
> either run as root, or sprinkle sudos before the nmcli
> calls.
>
> This works well for me, but I strongly doubt it is the
> recommended way using openvpn. If anyone has a better way
> I'd also love to hear it.
>
> Best,
> Adam
On GuixSD, we have an openvpn service, see
https://guix.info/manual/en/VPN-Services.html#VPN-Services. Once
configured, you can always start and stop it with "herd start
openvpn-client" and "herd stop openvpn-client".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: openvpn with networkmanager
2018-09-11 8:28 ` Julien Lepiller
@ 2018-09-11 16:50 ` Adam Massmann
2018-09-11 17:53 ` Benjamin Slade
1 sibling, 0 replies; 12+ messages in thread
From: Adam Massmann @ 2018-09-11 16:50 UTC (permalink / raw)
To: Julien Lepiller; +Cc: help-guix
Hi Julien,
Julien Lepiller <julien@lepiller.eu> writes:
>
> On GuixSD, we have an openvpn service, see
> https://guix.info/manual/en/VPN-Services.html#VPN-Services. Once
> configured, you can always start and stop it with "herd start
> openvpn-client" and "herd stop openvpn-client".
Thanks for the link, I look forward to trying out the
"Guix-y" way (it's so nice to have my whole OS setup defined
in guix!) when I get some time to configure.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: openvpn with networkmanager
2018-09-11 8:28 ` Julien Lepiller
2018-09-11 16:50 ` Adam Massmann
@ 2018-09-11 17:53 ` Benjamin Slade
2018-09-13 8:54 ` Ludovic Courtès
1 sibling, 1 reply; 12+ messages in thread
From: Benjamin Slade @ 2018-09-11 17:53 UTC (permalink / raw)
To: Julien Lepiller; +Cc: help-guix
> On GuixSD, we have an openvpn service, see
> https://guix.info/manual/en/VPN-Services.html#VPN-Services. Once
> configured, you can always start and stop it with "herd start
> openvpn-client" and "herd stop openvpn-client".
Thanks, Julien. Unfortunately, I don't find that manual page overly
illuminating in terms of how to actually set this up.
Does anyone have an example configuration available anywhere,
particularly one shows how to set up multiple VPNs? I.e. one which
allows for different VPNs to be configured (and switched to, whether via
herd or otherwise)?
thanks,
—Ben
--
Benjamin Slade - https://babbagefiles.xyz
`(pgp_fp: ,(21BA 2AE1 28F6 DF36 110A 0E9C A320 BBE8 2B52 EE19))
'(sent by mu4e on Emacs running under GNU/Linux . https://gnu.org )
`(Choose Linux ,(Choose Freedom) . https://linux.com )
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: openvpn with networkmanager
2018-09-11 17:53 ` Benjamin Slade
@ 2018-09-13 8:54 ` Ludovic Courtès
2018-09-18 3:55 ` Benjamin Slade
0 siblings, 1 reply; 12+ messages in thread
From: Ludovic Courtès @ 2018-09-13 8:54 UTC (permalink / raw)
To: Benjamin Slade; +Cc: help-guix
Hi,
Benjamin Slade <slade@jnanam.net> skribis:
> > On GuixSD, we have an openvpn service, see
> > https://guix.info/manual/en/VPN-Services.html#VPN-Services. Once
> > configured, you can always start and stop it with "herd start
> > openvpn-client" and "herd stop openvpn-client".
>
> Thanks, Julien. Unfortunately, I don't find that manual page overly
> illuminating in terms of how to actually set this up.
I think it would be nice to add a commented example to this section of
the manual, like we have for many other services.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: openvpn with networkmanager
2018-09-13 8:54 ` Ludovic Courtès
@ 2018-09-18 3:55 ` Benjamin Slade
2018-11-09 6:39 ` swedebugia
0 siblings, 1 reply; 12+ messages in thread
From: Benjamin Slade @ 2018-09-18 3:55 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: help-guix
On 2018-09-13T02:54:52-0600, Ludovic Courtès <ludo@gnu.org> wrote:
> I think it would be nice to add a commented example to this section of
> the manual, like we have for many other services.
I think this would be very useful. With an example it should be much
more straightforward to figure out how to use this in practice. Does
anyone have a working config they could share?
—Ben
--
Benjamin Slade - https://babbagefiles.xyz
`(pgp_fp: ,(21BA 2AE1 28F6 DF36 110A 0E9C A320 BBE8 2B52 EE19))
'(sent by mu4e on Emacs running under GNU/Linux . https://gnu.org )
`(Choose Linux ,(Choose Freedom) . https://linux.com )
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: openvpn with networkmanager
2018-09-18 3:55 ` Benjamin Slade
@ 2018-11-09 6:39 ` swedebugia
0 siblings, 0 replies; 12+ messages in thread
From: swedebugia @ 2018-11-09 6:39 UTC (permalink / raw)
To: Benjamin Slade, Ludovic Courtès; +Cc: help-guix
Hi
On 2018-09-18 05:55, Benjamin Slade wrote:
> On 2018-09-13T02:54:52-0600, Ludovic Courtès <ludo@gnu.org> wrote:
> > I think it would be nice to add a commented example to this section of
> > the manual, like we have for many other services.
>
> I think this would be very useful. With an example it should be much
> more straightforward to figure out how to use this in practice. Does
> anyone have a working config they could share?
A month has almost passed.
It seems nobody used this yet.
It seems you will have to experiment yourself. :-)
Cheers
Swedebugia
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: openvpn with networkmanager
2018-09-10 16:05 ` Adam Massmann
2018-09-11 1:45 ` Benjamin Slade
2018-09-11 8:28 ` Julien Lepiller
@ 2019-01-08 20:48 ` Maxim Cournoyer
2 siblings, 0 replies; 12+ messages in thread
From: Maxim Cournoyer @ 2019-01-08 20:48 UTC (permalink / raw)
To: Adam Massmann; +Cc: Guix-Help, Benjamin Slade
Hello,
Adam Massmann <massmannak@gmail.com> writes:
> Hi Ben,
>
> Benjamin Slade <slade@jnanam.net> writes:
>
>>
>> What is a recommended/working way of using OpenVPN on GuixSD?
>
> I do not know what the recommended way of working with
> openvpn is, but I do have a working way. Attached is a bash
> script that takes a wireless interface as an argument and
> starts up a vpn, adjusting dns to avoid dns leaks (you will
> need to modify to add the dns for your setup). So if I have
> a wifi connection called "interface" I just run
> ```vpn-launcher-example.sh interface``` to start my vpn
> session, and then ```vpn-killer-example.sh interface```
> to cleanup the connection after I have finished
> openvpn. Also depending on your setup you might need to
> either run as root, or sprinkle sudos before the nmcli
> calls.
>
> This works well for me, but I strongly doubt it is the
> recommended way using openvpn. If anyone has a better way
> I'd also love to hear it.
>
> Best,
> Adam
Thanks Adam, it seems a good workaround that I hadn't thought
about. Avenues I have explored so far are:
1. Purely config based. Example:
--8<---------------cut here---------------start------------->8---
client
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
comp-lzo #t
persist-key #t
persist-tun #t
verb 3
remote-cert-tls server
nobind
resolv-retry infinite
remote someserver.net 9999
auth-user-pass
script-security 2 # calling of built-in executables and user-defined scripts.
# Accept DNS changes from the server
# TODO: Need to package "resolvconf"
# The following script comes from
# https://github.com/masterkorp/openvpn-update-resolv-conf/blob/master/update-resolv-conf.sh
#up /etc/openvpn/update-resolv-conf.sh
#down /etc/openvpn/update-resolv-conf.sh
--8<---------------cut here---------------end--------------->8---
As one can see, the solution here would be to have some external script
called which task would be to update /etc/resolv.conf so that DNS
work. Another problem is that the /etc/resolv.conf file is managed by
NetworkManager, so any changes could be lost or reset by it at times.
2. Define a openvpn service as part of your GuixSD config, such as:
--8<---------------cut here---------------end--------------->8---
(openvpn-client-service
#:config (openvpn-client-configuration
(remote
(list
(openvpn-remote-configuration
(name "someserver.net")
(port 9999))))))
--8<---------------cut here---------------end--------------->8---
Some problems with this second option:
a. It's on by default (I'd prefer it off -- must be easy but I'm
not very knowledgeable about services yet)
b. It doesn't address the DNS question.
3. I've tried using the tools provided by network-manager, and
apparently only 'nmcli' proposes creating a VPN connection. It seems the
parameters it accepts are insufficient to define completely the setup (I
didn't see a parameter to store the remote server for example), so I'm
not sure how it's supposed to work.
Anyway, after creating the connection, I tried activating it, only to
get the error:
Error: Failed to activate 'vpn-wlp0s20f0u1'
(718af83f-9553-4805-9140-4dfd28e46a07) connection: The VPN service
'org.freedesktop.NetworkManager.openvpn' was not installed.
I'll try your solution next. Thank you!
Maxim
^ permalink raw reply [flat|nested] 12+ messages in thread