diff options
| author | Jasper Ras <jras@hostnet.nl> | 2025-03-20 11:07:49 +0100 |
|---|---|---|
| committer | Jasper Ras <jras@hostnet.nl> | 2025-03-20 11:07:49 +0100 |
| commit | 80ccf68f55dbb70d7e5ed52ee95b3c9d1b6ce264 (patch) | |
| tree | 93e28e85ab70052aa6f577998ec7dc1f413b40c0 /3 Resources/Linux/NetworkManager.md | |
| parent | 9642cd7ae24f0ba79ce5647c709b35ae8f06a285 (diff) | |
vault backup: 2025-03-20 11:07:48
Diffstat (limited to '3 Resources/Linux/NetworkManager.md')
| -rw-r--r-- | 3 Resources/Linux/NetworkManager.md | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/3 Resources/Linux/NetworkManager.md b/3 Resources/Linux/NetworkManager.md new file mode 100644 index 0000000..545124c --- /dev/null +++ b/3 Resources/Linux/NetworkManager.md @@ -0,0 +1,43 @@ +--- +tags: + - linux + - networking +references: + - https://networkmanager.dev/ + - https://ubuntu.com/core/docs/networkmanager/configure-vpn + - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/assembly_networkmanager-connection-profiles-in-keyfile-format_configuring-and-managing-networking +--- +Connection profiles (nm-settings-nmcli(5)) +Networkmanager will only read profile files owned by root bc they often contain secrets. +Keyfile format for connection profiles is .INI-like, but makes it possible for example to write a list of arrays in a space-seperated string? + + +> Configuring secrets for when using OpenVPN together with NetworkManager in NixOS is complete dogshit. Avoid :) + +Manually defining VPN +https://networkmanager.dev/docs/api/latest/nm-settings-nmcli.html +``` +nmcli c add connection.id vpntest connection.type vpn \ + vpn.service-type org.freedesktop.NetworkManager.openvpn \ + ipv4.never-default true \ + ipv6.never-default true \ + +vpn.data ca=/sjj:qvar/snap/network-manager/common/creds/server_ca.crt \ + +vpn.data cert=/var/snap/network-manager/common/creds/user.crt \ + +vpn.data cert-pass-flags=0 \ + +vpn.data cipher=AES-128-CBC \ + +vpn.data comp-lzo=adaptive \ + +vpn.data connection-type=tls \ + +vpn.data dev=tun \ + +vpn.data key=/var/snap/network-manager/common/creds/user.key \ + +vpn.data ping=10 \ + +vpn.data ping-restart=60 \ + +vpn.data remote=<server>:<port> \ + +vpn.data remote-cert-tls=server \ + +vpn.data ta=/var/snap/network-manager/common/creds/tls_auth.key \ + +vpn.data ta-dir=1 \ + +vpn.data verify-x509-name=name:access.is +``` + + +Conver nmconnection into Nix +https://github.com/janik-haag/nm2nix
\ No newline at end of file |