Automatically bring up openvpn connection when network online?

Asked by GSO on 2012-08-07

Is it possible to set network-manager-openvpn to automatically connect to the VPN when a network connection is enabled?

I am able to do this running OpenVPN as a service, however OpenVPN does not manage storing credentials in an encrypted form, so I am relectant to return to this.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu network-manager-openvpn Edit question
Assignee:
No assignee Edit question
Solved by:
Thomas Krüger
Solved:
2012-08-08
Last query:
2012-08-08
Last reply:
2012-08-08
Best Thomas Krüger (thkrueger) said : #1

If you have an idea of compiling software and writing shell scripts. You can use the console client cnetworkmanager ( http://vidner.net/martin/software/cnetworkmanager/ ) and put a script in /etc/network/if-up.d to start the VPN when the right interface comes up.

It appears cnetworkmanager has been replaced by nmcli http://manpages.ubuntu.com/manpages/maverick/man1/nmcli.1.html

Ref. cnetworkmanager git repo. http://repo.or.cz/w/cnetworkmanager.git

Thanks Thomas Krüger, that solved my question.

By way of a quick epilogue,

// Start script

#!/bin/sh

set -e

if [ "$METHOD" = loopback ]; then
 exit 0
fi

/bin/su precise -c '/usr/bin/nmcli con up id "acevpn-premium-udp-faster - UK"'
# man page not clear as to --timeout units

// End script

placed into /etc/network/if-up.d works fine (though I couldn't get sudo to work for some odd reason, ref. this thread https://answers.launchpad.net/ubuntu/+source/sudo/+question/205305/).

Could this be tied to the 'Connect automatically' VPN configuration checkbox, which as far as I can make out is currently unused?

Also to tidy up and stop the VPN connection broken message appearing, an if-down script (/etc/network/if-down.d scripts it seems run after the network connection has already been taken down).

Another footnote - the user 'precise' has to be logged in for the above script to work (i.e., typically the user who brought the interface up in the first instance). There doesn't seem on the face of it to be any way otherwise of knowing which user called the script at the point (the NetworkManager applet would probably have to be recoded to manage all this).

Some more points:

1) if-up.d scripts are not called when Ubuntu boots, so when a user logs in it is to a network connection that does not have the VPN running

2) if the VPN connection goes down (without the network interface itself going down), then in the same way that a service is brought back up again, NetworkManager could do to do so likewise

Maybe OpenVPN could be installed as a service but not started in the first instance, with some user code to bring the service up on login and to then manage the connection.