Automatically bring up openvpn connection when network online?

Asked by GSO

Is it possible to set network-manager-openvpn to automatically connect to the VPN when a network connection is enabled?

I am able to do this running OpenVPN as a service, however OpenVPN does not manage storing credentials in an encrypted form, so I am relectant to return to this.

Question information

English Edit question
Ubuntu network-manager-openvpn Edit question
No assignee Edit question
Solved by:
Thomas Krüger
Last query:
Last reply:
Revision history for this message
Best Thomas Krüger (thkrueger) said :

If you have an idea of compiling software and writing shell scripts. You can use the console client cnetworkmanager ( ) and put a script in /etc/network/if-up.d to start the VPN when the right interface comes up.

Revision history for this message
GSO (gsosler-deactivatedaccount) said :

It appears cnetworkmanager has been replaced by nmcli

Ref. cnetworkmanager git repo.

Revision history for this message
GSO (gsosler-deactivatedaccount) said :

Thanks Thomas Krüger, that solved my question.

Revision history for this message
GSO (gsosler-deactivatedaccount) said :

By way of a quick epilogue,

// Start script


set -e

if [ "$METHOD" = loopback ]; then
 exit 0

/bin/su precise -c '/usr/bin/nmcli con up id "acevpn-premium-udp-faster - UK"'
# man page not clear as to --timeout units

// End script

placed into /etc/network/if-up.d works fine (though I couldn't get sudo to work for some odd reason, ref. this thread

Could this be tied to the 'Connect automatically' VPN configuration checkbox, which as far as I can make out is currently unused?

Also to tidy up and stop the VPN connection broken message appearing, an if-down script (/etc/network/if-down.d scripts it seems run after the network connection has already been taken down).

Revision history for this message
GSO (gsosler-deactivatedaccount) said :

Another footnote - the user 'precise' has to be logged in for the above script to work (i.e., typically the user who brought the interface up in the first instance). There doesn't seem on the face of it to be any way otherwise of knowing which user called the script at the point (the NetworkManager applet would probably have to be recoded to manage all this).

Revision history for this message
GSO (gsosler-deactivatedaccount) said :

Some more points:

1) if-up.d scripts are not called when Ubuntu boots, so when a user logs in it is to a network connection that does not have the VPN running

2) if the VPN connection goes down (without the network interface itself going down), then in the same way that a service is brought back up again, NetworkManager could do to do so likewise

Maybe OpenVPN could be installed as a service but not started in the first instance, with some user code to bring the service up on login and to then manage the connection.