On Wed, May 31, 2017 at 12:36 PM, Thomas Haller <[email protected]> wrote:
> On Wed, 2017-05-31 at 07:45 -0500, Greg Oliver wrote: > > I have emailed a couple times about backing up connections since I > > have close to 100 VPNs I would like to restore when I upgrade my OS. > > The dconf/gconf methods from the past are no longer valid. > > > > I am willing to put in the work (since it is an obvious pain to do 2x > > a year when I upgrade) to write (I know python, perl and all shells) > > scripts to backup/restore connections. I see there are python > > bindings, but there are also a lot of unknowns (user or system > > connections, etc..). > > > > Is this something that would gain traction, or is it always going to > > be a moving target? I assume python bindings would not change (much > > like the kernel ABIs), but I obviously do not know. > > > > In the past I have used dconf, but the connections are no longer > > stored there, so you see my dilemma. > > > > If this sounds like something the network manager devs are interested > > in, let me know - otherwise I will figure out how to roll my own. It > > is an unusual use case I know, but I work with our clients through > > VPN connections all day every day, so it would save me quite a bit of > > time to be able to carry them over from upgrade to upgrade, etc.. > > > > If this does not seem like something important, I will just do > > something local. TIA! > > > > Hi Greg, > > User-connections no longer exist since 0.9.0 from 2011. > > All connections are persisted by one of the settings plugins (plugins > in `man NetworkManager.conf`). > > - for the keyfile plugin, you can simply backup > /etc/NetworkManager/system-connections. > > - the ifcfg-rh plugin is used on Fedora and RHEL by default. In that > case, you need to backup ifcfg-* files in > /etc/sysconfig/network-scripts/ (possibly also > route-*, route6-*, rule-*, rule6-*, keys-*). > > Other setting plugins hardly matter as they don't support writing > connections, they are mostly read-only, like /etc/network/interfaces on > Debian (ifupdown plugin). > > ifcfg-rh cannot handle VPN connection. Basically, keyfile is always > enabled, and used if no other settings plugin can handle the type (like > VPN). > > > Backup and restore of files has problems: > > - requires root permissions. > > - if the connection references certificate files, those files are > missing. Same, if the connection references PKCS#11 URIs for > certificates. > > > > Eventually, nmcli should support exporting connection in keyfile > format. For example: https://bugzilla.gnome.org/show_bug.cgi?id=744702 > Basically, it should be able to edit files directly without the server, > in off-line mode https://bugzilla.redhat.com/show_bug.cgi?id=1361145 > > > Also related: https://bugzilla.gnome.org/show_bug.cgi?id=772414 > > > best, > Thomas > Thanks for the info - I investigated nmcli prior to sending the email, and must have missed that subcommand. I'll definitely go that route since it will know better than I how to act. I'll post the finished script sometime when I finish it for anyone else in my situation (a lot of VPN connections to restore) to use. Thanks again for the info. -Greg
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
