Automate connections in NetworkManager...


Recommended Posts

Im using a GUI version compatible with NetworkManager for connection to a OpenVPN server....

Actions are these:

1: eth2 goes up

2: As soon as eth2 goes up, it must connect to the VPN

3: As soon as it connects to the VPN, it must run a script as root.

How do I automate steps 2 and 3? Im trying using /etc/NetworkManager/dispatcher.d but I cant get it to work.

Thank you

Link to comment
Share on other sites

You can probably use /etc/NetworkManager/dispatcher.d/01ifupdown (which was installed on my system by default) as reference. Using ifup to detect the status of eth2 seems like the right way to do it. You can then inform NetworkManager to connect to your VPN through the command-line client, nmcli. Is that enough to get you started?

Link to comment
Share on other sites

You can probably use /etc/NetworkManager/dispatcher.d/01ifupdown (which was installed on my system by default) as reference. Using ifup to detect the status of eth2 seems like the right way to do it. You can then inform NetworkManager to connect to your VPN through the command-line client, nmcli. Is that enough to get you started?

Somewhat....

nmcli dev doesnt show my openvpn BUT nmcli con does.....What should I use?

Link to comment
Share on other sites

Somewhat....

nmcli dev doesnt show my openvpn BUT nmcli con does.....What should I use?

Your OpenVPN connection is not a device; that's why it doesn't show up using nmcli dev. Try something like this: nmcli con up c9373060-1fc6-40af-8788-e74ecf2d44c1 iface eth2

Link to comment
Share on other sites

I'm not sure how much this will help, but it is somewhat related. The following is an excerpt from a Perl script I wrote to automate a task with NetworkManager:


# Bring our Network Manager connection up.
sub nm_con_up
{
my $myiface; # Interface from $conf to bring up.
my $mytimeout; # Timeout from $conf to pass to nmcli.

$myiface = $conf->iface;
$mytimeout = $conf->timeout;

@towt = qx[nmcli con up uuid ${NM_UUID} iface ${myiface} --timeout ${mytimeout} 2>&1];
$towt[0] =~ /Error: Unknown connection: ${NM_UUID}/i and die "Our profile is not registered with Network Manager!\n";
$towt[0] =~ /[E|e]rror[.]*[T|t]imeout[.]*[E|e]xpired[.]*/ and return 0;
return 1;
}
# Take our Network Manager connection down.
sub nm_con_down
{
my $myiface; # Interface from $conf to bring up.
my @status; # Network Manager status output.
my $is_down; # Is the interface down?

$myiface = $conf->iface;
@status = qx[nmcli con status 2>&1];
$is_down = 0;
for my $elem (@status)
{
if ($elem =~ /${NM_UUID}/)
{
@towt = qx[nmcli con down uuid ${NM_UUID} 2>&1];
$is_down = 1;
}
elsif ($elem =~ /${myiface}/)
{
my @tokens; # Tokenized version of the element.
my $myuuid; # UUID associated with $myiface.

@tokens = split(/[ ]+/, $elem);
foreach my $token (@tokens)
{
if ($token =~ /[a-f0-9]{8}[-]([a-f0-9]{4}[-]){3}[a-f0-9]{12}/)
{
$myuuid = $token;
last;
}
}

@towt = qx[nmcli con down uuid ${myuuid} 2>&1];
$is_down = 1;
}
}

die "Network connection could not be taken down!\n" unless $is_down == 1;
}
[/CODE]

Link to comment
Share on other sites

Your OpenVPN connection is not a device; that's why it doesn't show up using nmcli dev. Try something like this: nmcli con up c9373060-1fc6-40af-8788-e74ecf2d44c1 iface eth2

Will the UUID always be the same??? If so, I think I may be able to do it with what you said before...

Im seeing a file in etc/network/if-up.d where there is a file called openvpn.

Can I put code in there? Will it run as root?

Link to comment
Share on other sites

The UUID will not change unless you delete and recreate the connection in NetworkManager. You can use nmcli con list to view the UUIDs of the connections you have created.

From what I can tell I think you had the right idea before. Don't modify your OpenVPN config in if-up.d; create a new file in dispatcher.d instead.

Link to comment
Share on other sites

The UUID will not change unless you delete and recreate the connection in NetworkManager. You can use nmcli con list to view the UUIDs of the connections you have created.

From what I can tell I think you had the right idea before. Don't modify your OpenVPN config in if-up.d; create a new file in dispatcher.d instead.

This might be a stupid questions but is UUID sensitive? I know MAC addresses should not be posted just like public IPs.....but I have no idea what this UUID is....

I ask because I want to put the potentional script here and see what you think :)

Link to comment
Share on other sites

The UUID is generated by NetworkManager. If you create a connection, delete it, then recreate it, NetworkManager will assign it a different UUID. The UUID is merely a way for NetworkManager to uniquely identify the network connections it has stored. It is not sensitive information like your MAC address, which is permanently embedded into your network card.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.