You are not logged in.

#1 2022-10-06 19:19:27

kevin8950
Member
Registered: 2022-10-06
Posts: 2

OpenVPN & NetworkManager VPN

Hello,

I'm pretty new to networking and VPNs so this may be a dumb question but still would appreciate any help.  I'm having some issues working my VPNs, I have two VPNs running on my machine.

A OpenVPN server that allows me to leave my main machine home and connect to it remotely for work and file storage, this is the conf file below.

port 1194
proto udp
dev tap

ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/ArchWizard.crt
key /etc/openvpn/easy-rsa/pki/private/ArchWizard.key
dh /etc/openvpn/easy-rsa/pki/dh.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3

log-append /var/log/openvpn
status /tmp/vpn.status 10

The OpenVPN works as intended when running standalone.

My second VPN on the machine is a L2TP client connection, I use it to connect to company networks and repositories.

nmcli c add con-name CON_NAME type vpn vpn-type l2tp vpn.data 'gateway=X.X.X.X, ipsec-enabled=yes, ipsec-psk=SECRET, password-flags=1, user=USERNAME'

This is the NetworkManager CLI command I use to create the connection, after this I just connect with --ask for the password and it works as intended in standalone.  Also followed this guide to set it up.

https://gist.github.com/pastleo/aa3a952 … b771d079c9

Now my issue is when I'm connected remotely and I need access from my ssh instance to pull information from VPN-2. If I bring up VPN-2 it disconnects me and I have to locally turn off VPN-2 to establish a connection with VPN-1.

Any help is appreciated.

Offline

#2 2022-10-07 05:51:43

-thc
Member
Registered: 2017-03-15
Posts: 486

Re: OpenVPN & NetworkManager VPN

You have setup a standalone tunnel mode OpenVPN server that NetworkManager is "unaware" off and presumably runs via virtual network adapter "tap0".

NetworkManager also creates TAP devices to set up "vpn" type connections.

The most likely cause is a conflict over "tap0".

This line

server 10.8.0.0 255.255.255.0

creates a tunnel mode OpenVPN server running via OSI level 3 (routing)

You can change the third line to

dev tun

Now your OpenVPN server runs via "tun0" instead. Should NetworkManager still interfere you can configure it to leave this device alone (https://wiki.archlinux.org/title/Networ … ic_devices).

Offline

#3 2022-10-07 07:33:29

kevin8950
Member
Registered: 2022-10-06
Posts: 2

Re: OpenVPN & NetworkManager VPN

I tried both but unfortunately neither solution worked.

So for the first solution I tried modifying my config file to use 'dev tun' instead but it still timed out trying to connect to VPN while VPN-2 was enabled.

I also tried to add my client computers MAC address to 'etc/NetworkManager/conf.d/unmanaged.conf' (had to create file since it wasnt there) and after reloading it would still timeout trying to connect to VPN-1.

Example of file >

```
[keyfile]
unmanaged-devices=mac:XX:XX:XX:XX:XX:XX;
```

Offline

#4 2022-10-07 10:50:05

-thc
Member
Registered: 2017-03-15
Posts: 486

Re: OpenVPN & NetworkManager VPN

I meant telling NetworkManager to leave "tun0" alone.

- Bring up your VPN-1 (via "dev tun")
- Note the MAC address of "tun0"
- Tell NetworkManager to not manage "tun0"

Offline

#5 2022-10-07 11:05:39

-thc
Member
Registered: 2017-03-15
Posts: 486

Re: OpenVPN & NetworkManager VPN

I just realized that your second VPN is possibly a "Full Tunnel" VPN which alters your routing table by setting the VPN-2 endpoint as the new default gateway. This in turn disrupts VPN-1.

Your setup will only work when your VPN-2 is configured as a "Split Tunnel" - leaving the default gateway untouched and only routing the company IPs through VPN-2.

Last edited by -thc (2022-10-08 10:58:31)

Offline

Board footer

Powered by FluxBB