Automate connections in NetworkManager...

By pes2013
in Linux

 Share

Recommended Posts

Experienced

pes2013

Posted
Posted

Im using a GUI version compatible with NetworkManager for connection to a OpenVPN server....

Actions are these:

1: eth2 goes up

2: As soon as eth2 goes up, it must connect to the VPN

3: As soon as it connects to the VPN, it must run a script as root.

How do I automate steps 2 and 3? Im trying using /etc/NetworkManager/dispatcher.d but I cant get it to work.

Thank you

Mentor

Karl L.

Posted
Posted

You can probably use /etc/NetworkManager/dispatcher.d/01ifupdown (which was installed on my system by default) as reference. Using ifup to detect the status of eth2 seems like the right way to do it. You can then inform NetworkManager to connect to your VPN through the command-line client, nmcli. Is that enough to get you started?

Experienced

pes2013

Posted
  • Author
Posted

You can probably use /etc/NetworkManager/dispatcher.d/01ifupdown (which was installed on my system by default) as reference. Using ifup to detect the status of eth2 seems like the right way to do it. You can then inform NetworkManager to connect to your VPN through the command-line client, nmcli. Is that enough to get you started?

Somewhat....

nmcli dev doesnt show my openvpn BUT nmcli con does.....What should I use?

Mentor

Karl L.

Posted
Posted

Somewhat....

nmcli dev doesnt show my openvpn BUT nmcli con does.....What should I use?

Your OpenVPN connection is not a device; that's why it doesn't show up using nmcli dev. Try something like this: nmcli con up c9373060-1fc6-40af-8788-e74ecf2d44c1 iface eth2

Mentor

Karl L.

Posted
Posted

I'm not sure how much this will help, but it is somewhat related. The following is an excerpt from a Perl script I wrote to automate a task with NetworkManager:


# Bring our Network Manager connection up.
sub nm_con_up
{
	my $myiface; # Interface from $conf to bring up.
	my $mytimeout; # Timeout from $conf to pass to nmcli.

	$myiface = $conf->iface;
	$mytimeout = $conf->timeout;

	@towt = qx[nmcli con up uuid ${NM_UUID} iface ${myiface} --timeout ${mytimeout} 2>&1];
	$towt[0] =~ /Error: Unknown connection: ${NM_UUID}/i and die "Our profile is not registered with Network Manager!\n";
	$towt[0] =~ /[E|e]rror[.]*[T|t]imeout[.]*[E|e]xpired[.]*/ and return 0;
	return 1;
}
# Take our Network Manager connection down.
sub nm_con_down
{
	my $myiface; # Interface from $conf to bring up.
	my @status; # Network Manager status output.
	my $is_down; # Is the interface down?

	$myiface = $conf->iface;
	@status = qx[nmcli con status 2>&1];
	$is_down = 0;
	for my $elem (@status)
	{
		if ($elem =~ /${NM_UUID}/)
		{
			@towt = qx[nmcli con down uuid ${NM_UUID} 2>&1];
			$is_down = 1;
		}
		elsif ($elem =~ /${myiface}/)
		{
			my @tokens; # Tokenized version of the element.
			my $myuuid; # UUID associated with $myiface.

			@tokens = split(/[ ]+/, $elem);
			foreach my $token (@tokens)
			{
				if ($token =~ /[a-f0-9]{8}[-]([a-f0-9]{4}[-]){3}[a-f0-9]{12}/)
				{
					$myuuid = $token;
					last;
				}
			}

			@towt = qx[nmcli con down uuid ${myuuid} 2>&1];
			$is_down = 1;
		}
	}

	die "Network connection could not be taken down!\n" unless $is_down == 1;
}
[/CODE]

Experienced

pes2013

Posted
  • Author
Posted

Your OpenVPN connection is not a device; that's why it doesn't show up using nmcli dev. Try something like this: nmcli con up c9373060-1fc6-40af-8788-e74ecf2d44c1 iface eth2

Will the UUID always be the same??? If so, I think I may be able to do it with what you said before...

Im seeing a file in etc/network/if-up.d where there is a file called openvpn.

Can I put code in there? Will it run as root?

Mentor

Karl L.

Posted
Posted

The UUID will not change unless you delete and recreate the connection in NetworkManager. You can use nmcli con list to view the UUIDs of the connections you have created.

From what I can tell I think you had the right idea before. Don't modify your OpenVPN config in if-up.d; create a new file in dispatcher.d instead.

Experienced

pes2013

Posted
  • Author
Posted

The UUID will not change unless you delete and recreate the connection in NetworkManager. You can use nmcli con list to view the UUIDs of the connections you have created.

From what I can tell I think you had the right idea before. Don't modify your OpenVPN config in if-up.d; create a new file in dispatcher.d instead.

This might be a stupid questions but is UUID sensitive? I know MAC addresses should not be posted just like public IPs.....but I have no idea what this UUID is....

I ask because I want to put the potentional script here and see what you think :)

Mentor

Karl L.

Posted
Posted

The UUID is generated by NetworkManager. If you create a connection, delete it, then recreate it, NetworkManager will assign it a different UUID. The UUID is merely a way for NetworkManager to uniquely identify the network connections it has stored. It is not sensitive information like your MAC address, which is permanently embedded into your network card.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Lethal fake phone chargers are still being sold on Amazon and eBay, UK watchdog warns

      By Brian Miller · Posted

      AMAZON needs to take total accountability for this.
    • Windows Server gets DNS over HTTPS (DoH) support

      By binaryzero · Posted

      Server Summit had a heap of announcements, ADCS changes are baller.
    • Linux 7.1 arrives with an NTFS overhaul and major hardware performance boosts

      By Max Norris · Posted

      Nice, hope they *finally* fixed the issue with the NTFS driver where the system would completely brick during large file copies using the built in driver. It's been broken for years requiring me to use the older, slower, NTFS-3G FUSE driver.
    • Windows 11 KB5094126 BSODing, freezing, forcing BitLocker lockout, breaks OneDrive, and more

      By hellowalkman · Posted

      Windows 11 KB5094126 BSODing, freezing, forcing BitLocker lockout, breaks OneDrive, and more by Sayan Sen Microsoft released Windows 11 KB5094126 and KB5093998 last week as the latest Patch Tuesday updates. Following that the company also published the accompanying dynamic updates under KB5094149, KB5095971, and KB5094156. While Microsoft has so far not acknowledged any major problems with the release, some users online are running into problems. These range from OneDrive and Dropbox access issues, BitLocker recovery lockouts, to blue screens and BSODs. The most common one seems to be happening with HP systems wherein affected users say they hit 0xc0430001 BSOD (blue screen of death) error code after the KB5094126 update. We wonder if this could be related to the recent bug we covered on HP devices wherein the ongoing Secure Boot certificate updates are leading to similar issues. While we are not certain, users affected by this issue likely need to ensure that the boot.stl file is included on the installation media (such as a USB installer or ISO), if the above-mentioned dynamic updates are deployed. If this file is missing, computers may fail to boot from the installation media and could display the error 0xc0430001. This STL file is used by Secure Boot to verify that the boot files are trusted, so it must match the same Windows version and system architecture. To ensure the file is included, Microsoft recommends using the Update WinPE script, which automatically updates the image and handles the required files. Alternatively, you can manually copy the boot.stl file from the Windows\Boot\EFI folder on a Windows device and place it in the matching folder on your installation media before deploying the updated image. Aside from blue screening some users also note their systems have been freezing following the update. This could be happening to Lenovo PCs specifically. In the case of the OneDrive and Dropbox access issues, a user figured out that there could be a conflict with UAC. He explained: "Okay, so I did some digging, and in our environment KB5094126 breaks OneDrive and Dropbox in Explorer. I went through all our GPOs and found out that the combination of disabling UAC and having my user being a local admin breaks OneDrive in Explorer. ... If I enable UAC again, then it works, even with KB5094126 still installed." Hopefully, Microsoft will look into these issues. Source: Microsoft forum (link1, link2, link3, link4), Reddit (link1, link2, link3, link4)
    • Here is how I fixed Windows 11 not booting after clean installation

      By rseiler · Posted

      It is when it's a desktop in my house though for a PC that's lightly used and not really important when it is. If it was a laptop, it would be a different story. The real solution is varied and begins starting at post #22 in that thread.

  • Recent Achievements

    • Week One Done
      Jeroen Wilms earned a badge
      Week One Done
    • Week One Done
      rolfus earned a badge
      Week One Done
    • One Month Later
      Leroy Jethro Gibbs earned a badge
      One Month Later
    • Conversation Starter
      flexorcist earned a badge
      Conversation Starter
    • One Month Later
      AndreaB earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      508
    2. 2
      +Edouard
      197
    3. 3
      PsYcHoKiLLa
      138
    4. 4
      ATLien_0
      90
    5. 5
      Steven P.
      80
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!