How to connect to OpenVPN server with Debian Linux (8.11 Jessie) using Network Manager

To me, using the Network Manager GUI tool is the preferred way to connect to a VPN server because I can easily switch the connection on and off or see if it is active or not as needed without bringing up a terminal and issuing any commands (though there is nothing wrong with doing it that way!) For those of you new to this, Network Manager is a GUI applet in Gnome and other GTK-based desktop environments (its the default in Cinnamon, and is available in XFCE, MATE, etc.). It’s the Ethernet Jack icon in the middle of the system tray in Cinnamon:

The first thing you want to do is install OpenVPN and the OpenVPN Network Manager plugin on your computer. (The ‘openvpn’ package in the Debian repositories will install the server and the client). The plugin is another package. Use ‘sudo’ or ‘su to become superuser and install the packages:

apt install openvpn network-manager-openvpn-gnome

Once you do this, you will find a new category of connection types available to create in Network Manager called “VPN”. First, click the Network Manager icon and select “Network Connections” – then click “Add” to add a new connection. Under “VPN”, you will find “OpenVPN” and “Import a saved VPN Configuration”. We’re going to choose “OpenVPN” and configure it ourselves.

In the configuration box that comes up you can name the Connection at the top, then under Gateway, enter the public IP address or DNS-resolvable name where your server resides. Then, select the Authentication type used by your server. There are four types available: Certificates (TLS), Password, Password with Certificates, and Static Key. In my case, I’m connecting to a Synology NAS and the server is configured to give VPN Server access to Synology users, so I set the type to “Password” and the credentials here are my NAS user credentials. Your connection may require certificates and keys. Check with your IT Department or person, if you have one, about whether you need to use credentials or certificates and keys for accessing your OpenVPN server.

For the certificate, I simply specified one of the certificates given to me in the zip file that came from the OpenVPN server.

Next, I simply opened the configuration file that I got from the OpenVPN server in a text editor, and then clicked the “Advanced” button here (above, bottom right) and toggled/entered the corresponding configuration in the GUI tool so it matched the config file. For example, here is a condensed version of the config file I got:

dev tun
tls-client
remote YOUR_IP_ADDRESS_HERE 1194
float
redirect-gateway def1
dhcp-option DNS DNS_IP_ADDRESS
pull
proto udp
script-security 2
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass

—–BEGIN CERTIFICATE—–
**Certificate data omitted**
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
**Certificate data omitted**
—–END CERTIFICATE—–

As you can see below, many of these configuration file options have corresponding checkboxes in the GUI tool:

Check the boxes that correspond to the options in your configuration file. On the security tab, you can set the encryption options:

Here, set the correct cipher and authentication methods. When you’re done, if you’ve done everything right, you should have a new, easily toggleable VPN connection in Network Manager to turn on and off as you wish.

Toggle it on and see if it works, and tweak the configuration until it does. To test the connection, click here and follow the instructions near the bottom of the page under “Testing”.