NetworkManager VPN plugins

$/!\$ Notice: The detailed documentation for NetworkManager VPN plugins have moved to the official NetworkManager documentation site. Please visit NetworkManager VPN support for the most up-to-date information.

NetworkManager supports VPN connections for all popular VPN connections via plugins. The VPN plugin consists of the editor dialog and a D-Bus service that manages the actual VPN connection.

VPN Plugins maintained in GNOME

This is a list of VPN plugins that are maintained as GNOME projects:

NetworkManager-fortisslvpn (releases)	Fortinet SSLVPN compatible
NetworkManager-libreswan (releases)	IPsec IKEv1 VPN, Cisco compatible
NetworkManager-pptp (releases)	PPTP, Microsoft compatible
NetworkManager-openconnect (releases)	Cisco AnyConnect, Juniper, Pulse/Ivanti Secure, F5 BIG-IP, Fortinet SSLVPN, Array Networks SSL VPN, PAN GlobalProtect
NetworkManager-openvpn (releases)	OpenVPN
NetworkManager-vpnc (releases)	IPsec VPN, Cisco compatible

NetworkManager developers currently focus on maintaining a core set of VPN plugins, including NetworkManager-libreswan and NetworkManager-openvpn, which are critical for a broad range of users. We encourage the community and other developers interested in the diverse ecosystem of VPN technologies to contribute to the maintenance and development of the other plugins.

Natively supported by NetworkManager

WireGuard

NetworkManager 1.16.0+ supports WireGuard natively and not as VPN plugin

VPN Plugins maintained by third parties

There's also a couple of plugins which are not maintained by NetworkManager developers; but seem to work well for some people anyway. Visit their web sites to check them out:

NetworkManager-anyconnect	Plugin using the propritary Cisco AnyConnect VPN client
NetworkManager-iodine	Tunnel IP traffic via DNS using Iodine
NetworkManager-l2tp	L2TP compatible VPN plugin
NetworkManager-ssh	Connect using OpenSSH's Tunnel capability
NetworkManager-sstp	SSTP compatible VPN plugin
NetworkManager-strongswan	IKEv2 enables IPsec plugin with support for EAP, PSK and certificate authentication
NetworkManager-wireguard	WireGuard VPN plugin (Note that NetworkManager 1.16.0+ supports WireGuard natively)

Plugin compatibility note

NetworkManager maintains backward compatibility with older plugin versions. That means that the plugin version 0.9.10.0 will work with later NetworkManager versions, such as 1.2.

There's one exception to this: the editor plugins were ported to new libnm library in NetworkManager 1.2. The older version of the library can not coexist in a single process. Thus, the newer libnm-based nm-connection-editor will not be able to edit the VPN connections unless you also upgrade the VPN plugin.

For VPN plugins, the major-minor version indicates the minimal required NetworkManager version. It is therefore expected and correct that for certain NetworkManager versions there exists no matching VPN plugin version. For example, for NetworkManager-pptp might not exist a 1.4.0 version because the latest 1.2.x version is suitable and up-to-date to run against NetworkManager 1.4.0.

VPN Feature Wishlist

NetworkManager's VPN support is missing a few features which are required by VPN users and their corporate IT departments, sometimes forcing users to remain with proprietary third-party VPN client, or just to avoid NetworkManager and use tools like OpenVPN or OpenConnect from the command line instead. For an up-to-date and detailed list of requested VPN features and enhancements, please visit the VPN feature wishlist in the issue tracker.