Automate connections in NetworkManager...

[pes2013]

Im using a GUI version compatible with NetworkManager for connection to a OpenVPN server....

Actions are these:

1: eth2 goes up

2: As soon as eth2 goes up, it must connect to the VPN

3: As soon as it connects to the VPN, it must run a script as root.

How do I automate steps 2 and 3? Im trying using /etc/NetworkManager/dispatcher.d but I cant get it to work.

Thank you

[Karl L.]

You can probably use /etc/NetworkManager/dispatcher.d/01ifupdown (which was installed on my system by default) as reference. Using ifup to detect the status of eth2 seems like the right way to do it. You can then inform NetworkManager to connect to your VPN through the command-line client, nmcli. Is that enough to get you started?

[pes2013]

You can probably use /etc/NetworkManager/dispatcher.d/01ifupdown (which was installed on my system by default) as reference. Using ifup to detect the status of eth2 seems like the right way to do it. You can then inform NetworkManager to connect to your VPN through the command-line client, nmcli. Is that enough to get you started?

Somewhat....

nmcli dev doesnt show my openvpn BUT nmcli con does.....What should I use?

[Karl L.]

Somewhat....

nmcli dev doesnt show my openvpn BUT nmcli con does.....What should I use?

Your OpenVPN connection is not a device; that's why it doesn't show up using nmcli dev. Try something like this: nmcli con up c9373060-1fc6-40af-8788-e74ecf2d44c1 iface eth2

[Karl L.]

I'm not sure how much this will help, but it is somewhat related. The following is an excerpt from a Perl script I wrote to automate a task with NetworkManager:

# Bring our Network Manager connection up.
sub nm_con_up
{
	my $myiface; # Interface from $conf to bring up.
	my $mytimeout; # Timeout from $conf to pass to nmcli.

	$myiface = $conf->iface;
	$mytimeout = $conf->timeout;

	@towt = qx[nmcli con up uuid ${NM_UUID} iface ${myiface} --timeout ${mytimeout} 2>&1];
	$towt[0] =~ /Error: Unknown connection: ${NM_UUID}/i and die "Our profile is not registered with Network Manager!\n";
	$towt[0] =~ /[E|e]rror[.]*[T|t]imeout[.]*[E|e]xpired[.]*/ and return 0;
	return 1;
}
# Take our Network Manager connection down.
sub nm_con_down
{
	my $myiface; # Interface from $conf to bring up.
	my @status; # Network Manager status output.
	my $is_down; # Is the interface down?

	$myiface = $conf->iface;
	@status = qx[nmcli con status 2>&1];
	$is_down = 0;
	for my $elem (@status)
	{
		if ($elem =~ /${NM_UUID}/)
		{
			@towt = qx[nmcli con down uuid ${NM_UUID} 2>&1];
			$is_down = 1;
		}
		elsif ($elem =~ /${myiface}/)
		{
			my @tokens; # Tokenized version of the element.
			my $myuuid; # UUID associated with $myiface.

			@tokens = split(/[ ]+/, $elem);
			foreach my $token (@tokens)
			{
				if ($token =~ /[a-f0-9]{8}[-]([a-f0-9]{4}[-]){3}[a-f0-9]{12}/)
				{
					$myuuid = $token;
					last;
				}
			}

			@towt = qx[nmcli con down uuid ${myuuid} 2>&1];
			$is_down = 1;
		}
	}

	die "Network connection could not be taken down!\n" unless $is_down == 1;
}
[/CODE]

[pes2013]

Your OpenVPN connection is not a device; that's why it doesn't show up using nmcli dev. Try something like this: nmcli con up c9373060-1fc6-40af-8788-e74ecf2d44c1 iface eth2

Will the UUID always be the same??? If so, I think I may be able to do it with what you said before...

Im seeing a file in etc/network/if-up.d where there is a file called openvpn.

Can I put code in there? Will it run as root?

[Karl L.]

The UUID will not change unless you delete and recreate the connection in NetworkManager. You can use nmcli con list to view the UUIDs of the connections you have created.

From what I can tell I think you had the right idea before. Don't modify your OpenVPN config in if-up.d; create a new file in dispatcher.d instead.

[pes2013]

The UUID will not change unless you delete and recreate the connection in NetworkManager. You can use nmcli con list to view the UUIDs of the connections you have created.

From what I can tell I think you had the right idea before. Don't modify your OpenVPN config in if-up.d; create a new file in dispatcher.d instead.

This might be a stupid questions but is UUID sensitive? I know MAC addresses should not be posted just like public IPs.....but I have no idea what this UUID is....

I ask because I want to put the potentional script here and see what you think :)

[Karl L.]

The UUID is generated by NetworkManager. If you create a connection, delete it, then recreate it, NetworkManager will assign it a different UUID. The UUID is merely a way for NetworkManager to uniquely identify the network connections it has stored. It is not sensitive information like your MAC address, which is permanently embedded into your network card.