> I unfortunately can't answer your question, but maybe you can answer > mine: how do you use the openvpn support in NetworkManager? I've > installed NetworkManager-openvpn, but I don't know what to do next. > Additionally, I only want my openvpn connection to start when I plug my > wireless card in. OK, I had to play with this for a little bit to get it to work. To get the packages `yum install NetworkManager-openvpn` You have to run your own openvpn server (or my company can sell you access to their publicly-placed openvpn server, they do this as a service for a number of clients). For your vpn server you have to go through the easy-rsa steps and setup you're your certs. ****** make sure for the server cert you use build-key-server ******* Whoever first built our keys used the normal build-key for the server key and NetworkManager's call to openvpn specified --ns-cert-type server and wouldn't connect to our server until I rebuilt a new key and restarted the server with it. The server config looks like this: <server.conf> ifconfig-noexec up /home/openvpn/wireless/vpn-server.up ifconfig 10.254.252.1 255.255.255.0 port 1194 proto udp dev tap0 ca easy-rsa/keys/ca.crt cert easy-rsa/keys/india1.crt key easy-rsa/keys/india1.key # This file should be kept secret dh easy-rsa/keys/dh1024.pem ifconfig-pool-persist ipp.txt server-bridge 10.254.252.1 255.255.255.0 10.254.252.2 10.254.252.254 client-config-dir ccd push "redirect-gateway" push "dhcp-option DOMAIN csrtechnologies.com" push "dhcp-option DNS 192.168.1.1" client-to-client keepalive 10 120 comp-lzo user openvpn group openvpn persist-key persist-tun status /home/openvpn/wireless/openvpn.status log-append /home/openvpn/wireless/openvpn.log verb 3 </server.conf> india1.* are the cert files generated by the build-key-server script. Then use build-key for your client certs, copy them over to your client box and setup NetworkManager like so: Gateway: IP/dns of your openvpn server X.509 CA: ca.crt from easy-rsa Cert: .crt generated by easy-rsa for your PC Key: .key generated by easy-rsa for your PC Optional Info: Check LZO (if you have comp-lzo on the server side) Check TAP (if you have tap device on server side) This config connects up to my server just fine. Additionally you can explore using tls, use a tcp connection instead of udp (udp transports faster) and use a cipher. I've posted to you everything I have done to get it to work. Let me know if you have any problems. > (BTW, I didn't know this existed until your post...thanks!) Isn't that cool? I solved my own problem and my problem introduced you to a new feature.
