Ubuntu

ubuntu 16.04 openvpn client setup

Asked by Julius Knapp

I am trying to connect to an openvpn server using Network Manager in Ubuntu 16.04. I have imported the connection configuration provided by the server using the Network Manager GUI. Here is the config.ovpn text:

client
dev tap
proto udp
remote XX.XX.XX.XX 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5

In addition to the imported configurations, I have also changed IPv4 Settings to 'Automatic (VPN) addresses only' and checked 'Ignore automatically obtained routes'.

When I attempt to initiate the connection as an unprivileged user (this user doesn't even have sudo privileges), the connection fails. Executing the command 'openvpn ~/config.ovpn' as root appears to connect although I am unable to ping any IPs connected to the VPN (including the gateway). The output shows:

    TUN/TAP device tap0 opened
    TUN/TAP TX queue length set to 100
    Initialization Sequence Completed

Just a few lines before that though, I see the following:

    SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
    PUSH: Received control message: 'PUSH_REPLY,route 172.28.0.1 255.255.255.0,route-delay 5,route-gateway dhcp,ping 10,ping-restart 120'
    OPTIONS IMPORT: timers and/or timeouts modified
    OPTIONS IMPORT: route options modified
    OPTIONS IMPORT: route-related options modified
    ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlx94103eacc33a HWADDR=94:10:3e:ac:c3:3a
    OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
    OpenVPN ROUTE: failed to parse/resolve route for host/network: 172.28.0.1

Searching through OpenVPN's community documentation suggests that this might be because I need to reconfigure openvpn to run as an unprivileged user, but the instructions for doing so appear to be slightly outdated. Other places seem to suggest that I need to setup a static route or static 'tap' interface. I've also

So, to be clear, I need to be able to connect to the VPN as an unprivileged user. If I need to grant limited sudo privileges to users that require access to the VPN, I will do that. It is not clear to me that this is the fix though. I am familiar enough with RedHat and CentOS to feel comfortable doing whatever needs to be done (nmcli, firewall-cmd, selinux, etc.), although I am a little unfamiliar with the CLI and GUI tools available in Ubuntu. Any info or direction would be enormously helpful.

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.