So, I have now something that works. it can connect to vpn manually.
Next up, how do I get autoconnect to work? I thought "connection.autoconnect" was enough, but appearantly that's not the case. What am I missing? ipv4 + ipv6 network comes up normally as it should. nmcli tool, version 0.9.10.0 nmcli con show id vpn connection.id: vpn connection.uuid: a25ea741-b360-4f3c-8244-78a15360cd77 connection.interface-name: eth0 connection.type: vpn connection.autoconnect: yes connection.timestamp: 1405471602 connection.read-only: no connection.permissions: connection.zone: -- connection.master: -- connection.slave-type: -- connection.secondaries: connection.gateway-ping-timeout: 0 ipv4.method: auto ipv4.dns: ipv4.dns-search: ipv4.addresses: ipv4.routes: ipv4.ignore-auto-routes: no ipv4.ignore-auto-dns: no ipv4.dhcp-client-id: -- ipv4.dhcp-send-hostname: yes ipv4.dhcp-hostname: -- ipv4.never-default: yes ipv4.may-fail: yes ipv6.method: auto ipv6.dns: ipv6.dns-search: ipv6.addresses: ipv6.routes: ipv6.ignore-auto-routes: no ipv6.ignore-auto-dns: no ipv6.never-default: no ipv6.may-fail: yes ipv6.ip6-privacy: -1 (unknown) ipv6.dhcp-hostname: -- vpn.service-type: org.freedesktop.NetworkManager.openvpn vpn.user-name: -- vpn.data: <snip> vpn.secrets: On 15/07/14 15:20, Thomas Haller wrote: > On Tue, 2014-07-15 at 14:38 +0200, D.S. Ljungmark wrote: >> Hi! >> >> I have a few (heh) headless boxes that use NetworkManager for >> connectivity, and we'd like to keep it that way (without random hacks >> and shellscripts, preferrably) >> >> One of the things that we want is to set up a VPN connection, each box >> should automatically reconnect to the VPN if doable, and try to stay >> connected. >> >> However, The documentation for this is. pretty lacking. >> >> So, what I want to do is add a config file with the connection >> specification for a VPN setup to the base OS of all machines, and have >> them "just work" as much as possible. >> >> >> Now: >> where can I find the documentation for the KeyFile config format? I >> think I've seen something in the past, but I can't seem to re-find it. >> (hidden on the wiki?) > > There are different settings-plugins to store connections. "keyfile" is > the native NM one and the most powerful. E.g. VPN can only be stored in > keyfile format and is not supported by other setting plugins. > > A general documentation about this is here: > https://wiki.gnome.org/Projects/NetworkManager/SystemSettings > > > But this does not tell you the exact meaning of the individual settings. > This is here: > https://developer.gnome.org/NetworkManager/0.9/ref-settings.html > See also: `man nm-settings` > > > The settings above are not 100% the same as the keyfile values, but > keyfile is very close to it. It should be easy to figure out how a > setting maps to keyfile. Btw. work is in progress, to document the > keyfile setting themselves. > > > > ... BUT... for VPN, the settings are opaque to NetworkManager and passed > on to the VPN plugin. So, to know the meaning of the [vpn] settings, you > have to look for their meaning in NetworkManager-openvpn... usually > these parameters correspond to command line options to openvpn. So see > `man openvpn`. > > For [vpn] > https://developer.gnome.org/NetworkManager/0.9/ref-settings.html is a > bit confusing, because ref-settings.html mentions "data", which keyfile > plugin expands. > E.g. the VPN setting has the (opaque) dictionary "data" with key > "mssfix", but keyfile makes of it: > > [vpn] > ... > mssfix=yes > > > > > >> And: >> Is the below config file "correct" ? What is missing, and what should >> I think about for maximum compability? > > As far as NM is concerned, it is valid if NM can load it. It will tell > you in the log-file if it cannot. But since the VPN parameters are only > understood by the VPN plugin, that doesn't help you much. > >> ---8<--- >> [connection] >> id=vpn >> uuid=c0ffee00-dead-dead-dead-c0ffeedecaff >> type=vpn >> autoconnect=true >> >> [vpn] >> service-type=org.freedesktop.NetworkManager.openvpn >> connection-type=tls >> remote=vpn.vpn.host.vpn >> cert-pass-flags=0 # what does this do? > > all password settings "XYZ" have an accompanying setting "XYZ-flags". > See: https://developer.gnome.org/NetworkManager/0.9/secrets-flags.html > > >> mssfix=yes # compat? >> remote-cert-tls=server # WTF is this? Probably passed on to openvpn? > > Yes. See `man openvpn`. > >> cert=/my/client.cert >> key=/my/client.key >> ca=/my/ca.cert >> >> >> [ipv6] >> method=auto # what does this do? dhcp? >> [ipv4] >> method=auto # dhcp?`Static ip? > > https://developer.gnome.org/NetworkManager/0.9/ref-settings.html > >> ---8<--- > > > Maybe it is easier to create your setting with nm-applet. > Together with the NetworkManager-openvpn-gnome package (or whatever the > name on your distro) gives you UI support to edit openvpn connections > with UI. Configure your connection there until it works well for you. > Then look at what was saved to keyfile. > > > btw. might be useful to know which version of NM you are using, and > which distribution. > > > Thomas > -- 8362 CB14 98AD 11EF CEB6 FA81 FCC3 7674 449E 3CFC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
