What is NetworkManager OpenVPN SSO?

NetworkManager OpenVPN SSO is a Linux VPN plugin that adds OAuth 2.0 and OIDC Single Sign-On support to OpenVPN connections. It allows users to authenticate using their browser with corporate SSO providers like Google, Microsoft, Okta, and others.

How do I install NetworkManager OpenVPN SSO on Arch Linux?

On Arch Linux, download the .pkg.tar.zst package from the GitHub releases page and install it using: sudo pacman -U networkmanager-openvpn-sso-*.pkg.tar.zst

How do I install NetworkManager OpenVPN SSO on Ubuntu or Debian?

On Ubuntu or Debian, download the .deb package from the GitHub releases page and install it using: sudo dpkg -i networkmanager-openvpn-sso_*_amd64.deb && sudo apt-get install -f

Does NetworkManager OpenVPN SSO work with Google SSO?

Yes, NetworkManager OpenVPN SSO works with any OAuth 2.0 or OIDC provider including Google, Microsoft Azure AD, Okta, Auth0, and others. The plugin automatically discovers the authentication URL from your OpenVPN server.

Is NetworkManager OpenVPN SSO free and open source?

Yes, NetworkManager OpenVPN SSO is completely free and open source under the MIT license. The source code is available on GitHub.

Version 0.1.0 Now Available

OpenVPN with Single Sign-On for Linux

A NetworkManager plugin that brings OAuth 2.0 / OIDC authentication to your OpenVPN connections. Connect to your corporate VPN using Google, Microsoft, Okta, or any SSO provider.

Download Latest Release View Documentation

Powerful Features

Everything you need to securely connect to SSO-enabled OpenVPN servers on Linux.

Browser-Based SSO

Authenticate using your default browser with any OAuth 2.0 or OIDC provider including Google, Microsoft, and Okta.

Automatic Discovery

The plugin automatically discovers OAuth configuration from your OpenVPN server. No manual setup required.

NetworkManager Integration

Works seamlessly with NetworkManager, GNOME, KDE, and all standard Linux network management tools.

Desktop Notifications

Receive real-time notifications about connection status, authentication requests, and errors.

Session Token Caching

Securely caches session tokens for connection maintenance with restricted file permissions.

Built with Rust

Memory-safe, fast, and reliable. Written in Rust for maximum security and performance.

Quick Installation

Get up and running in minutes with packages for all major Linux distributions.

Arch Linux

sudo pacman -U networkmanager-openvpn-sso-*.pkg.tar.zst

Debian / Ubuntu

                        sudo dpkg -i networkmanager-openvpn-sso_*_amd64.deb
                        sudo apt-get install -f
                    

Fedora / RHEL / CentOS

sudo dnf install networkmanager-openvpn-sso-*.x86_64.rpm

View all releases and download options

Easy Setup

Configure your VPN connection in just a few commands.

Import your VPN configuration

nmcli connection import type openvpn file your-vpn-config.ovpn

Configure for SSO authentication

                            nmcli connection modify "your-vpn-name" vpn.service-type org.freedesktop.NetworkManager.openvpn-sso
                        

Connect and authenticate

nmcli connection up "your-vpn-name"

Your browser will open automatically for SSO login.

Frequently Asked Questions

Common questions about NetworkManager OpenVPN SSO.

What SSO providers are supported?

NetworkManager OpenVPN SSO works with any OAuth 2.0 or OIDC provider including Google Workspace, Microsoft Azure AD, Okta, Auth0, Keycloak, and any other standard-compliant identity provider. The plugin automatically discovers the authentication URL from your OpenVPN server.

Does it work with KDE and GNOME?

Yes! The plugin works with all desktop environments. On GNOME, it integrates with the network settings. On KDE Plasma, you may see a "missing support" message in the network applet—this is normal because KDE requires a separate UI plugin. The VPN still works perfectly via nmcli command line or the nm-connection-editor GUI tool.

KDE Plasma shows "missing support" - what do I do?

This is expected behavior. KDE's network applet requires a separate UI plugin for each VPN type. Your VPN works fine—just use nmcli connection up "your-vpn-name" to connect, or install nm-connection-editor for a GUI. You can also create a desktop shortcut for one-click VPN connection.

Is it secure?

Absolutely. The plugin is written in Rust for memory safety, stores session tokens with restrictive file permissions (accessible only by root), and relies on your browser for secure SSO authentication. All credentials are handled by your identity provider—no passwords are stored locally.

Why do I need to authenticate each time I connect?

The session tokens provided by OpenVPN servers are typically session-specific and expire when you disconnect. This is a security feature that ensures each connection is properly authenticated. If your browser has an active SSO session, the authentication will be automatic (no password re-entry needed).

Can I use this with the standard OpenVPN plugin?

This plugin is designed specifically for SSO-enabled OpenVPN servers. For standard OpenVPN servers that use username/password authentication, continue using the standard network-manager-openvpn plugin. Both can be installed side-by-side.

Ready to Get Started?

Download NetworkManager OpenVPN SSO and connect to your corporate VPN with ease.

Download Now Star on GitHub