Regarding adding documentation - I’ve summarized what I got from this thread into a general outline. I dont have much experience with these packages, so please forgive me if something doesnt make sense. I was thinking the information gleaned from this thread could be the beginning of a wiki page on the subject. Let me know if there are areas you think need expansion or clarification. When its good 2 go, I’ll try and figure out how to get it in the wiki/guides and follow up.
Configuring OpenVPN on Fedora 30
These packages are required:
openvpn - https://apps.fedoraproject.org/packages/openvpn
NetworkManager-openvpn - https://apps.fedoraproject.org/packages/NetworkManager-openvpn
NetworkManager-openvpn-gnome - https://apps.fedoraproject.org/packages/NetworkManager-openvpn-gnome
They should already be preinstalled:
dnf -q groupinfo “Fedora Workstation” | grep -i -e “gnome”
# GNOME Desktop Environment
dnf -q groupinfo “GNOME Desktop Environment” | grep -i -e “openvpn”
# NetworkManager-openvpn-gnome
dnf -q deplist NetworkManager-openvpn-gnome | grep -i -e “provider:.*openvpn”
# provider: NetworkManager-openvpn-1:1.8.10-1.fc30.x86_64
dnf -q deplist NetworkManager-openvpn | grep -i -e “provider:.*openvpn”
# provider: openvpn-2.4.7-1.fc30.x86_64
If not, then:
sudo dnf -y install openvpn NetworkManager-openvpn NetworkManager-openvpn-gnome
Place your certificate in a valid location using valid SELinux context types for openVPN certificates and keys:
# semanage fcontext -l | grep -e home_cert_t
/home/[^/]+/\.cert(/.*)? all files unconfined_u:object_r:home_cert_t:s0
/home/[^/]+/\.kde/share/apps/networkmanagement/certificates(/.*)? all files unconfined_u:object_r:home_cert_t:s0
/home/[^/]+/\.local/share/networkmanagement/certificates(/.*)? all files unconfined_u:object_r:home_cert_t:s0
/home/[^/]+/\.pki(/.*)? all files unconfined_u:object_r:home_cert_t:s0
/root/\.cert(/.*)? all files system_u:object_r:home_cert_t:s0
/root/\.pki(/.*)? all files system_u:object_r:home_cert_t:s0
Create new connection: (configured to provider’s requirements)
Via Gnome Network Manager to create new connection:
Using CLI:
openvpn < .ovpn_file_from_provder
can be done by using:
openvpn --config /etc/openvpn/ovpn.conf --daemon
These commands are also useful in CLI:
nmcli connection import type openvpn file /path/to/profile.ovpn
nmcli connection up VPN_CON
nmcli connection show
nmcli connection down VPN_CON
Or the systemd service templates openvpn-client@.service and openvpn-server@.service can be utilized.
Links for reference or to be inserted as inline html links:
https://openvpn.net/community-resources/#documentation
OpenVPN systemd use - https://community.openvpn.net/openvpn/wiki/Systemd
https://docs.fedoraproject.org/en-US/Fedora/24/html/Networking_Guide/sec-Connecting_to_a_Network_Using_nmcli.html