summaryrefslogtreecommitdiff
path: root/3 Resources/Linux/NetworkManager.md
diff options
context:
space:
mode:
Diffstat (limited to '3 Resources/Linux/NetworkManager.md')
-rw-r--r--3 Resources/Linux/NetworkManager.md43
1 files changed, 43 insertions, 0 deletions
diff --git a/3 Resources/Linux/NetworkManager.md b/3 Resources/Linux/NetworkManager.md
new file mode 100644
index 0000000..545124c
--- /dev/null
+++ b/3 Resources/Linux/NetworkManager.md
@@ -0,0 +1,43 @@
+---
+tags:
+ - linux
+ - networking
+references:
+ - https://networkmanager.dev/
+ - https://ubuntu.com/core/docs/networkmanager/configure-vpn
+ - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/assembly_networkmanager-connection-profiles-in-keyfile-format_configuring-and-managing-networking
+---
+Connection profiles (nm-settings-nmcli(5))
+Networkmanager will only read profile files owned by root bc they often contain secrets.
+Keyfile format for connection profiles is .INI-like, but makes it possible for example to write a list of arrays in a space-seperated string?
+
+
+> Configuring secrets for when using OpenVPN together with NetworkManager in NixOS is complete dogshit. Avoid :)
+
+Manually defining VPN
+https://networkmanager.dev/docs/api/latest/nm-settings-nmcli.html
+```
+nmcli c add connection.id vpntest connection.type vpn \
+ vpn.service-type org.freedesktop.NetworkManager.openvpn \
+ ipv4.never-default true \
+ ipv6.never-default true \
+ +vpn.data ca=/sjj:qvar/snap/network-manager/common/creds/server_ca.crt \
+ +vpn.data cert=/var/snap/network-manager/common/creds/user.crt \
+ +vpn.data cert-pass-flags=0 \
+ +vpn.data cipher=AES-128-CBC \
+ +vpn.data comp-lzo=adaptive \
+ +vpn.data connection-type=tls \
+ +vpn.data dev=tun \
+ +vpn.data key=/var/snap/network-manager/common/creds/user.key \
+ +vpn.data ping=10 \
+ +vpn.data ping-restart=60 \
+ +vpn.data remote=<server>:<port> \
+ +vpn.data remote-cert-tls=server \
+ +vpn.data ta=/var/snap/network-manager/common/creds/tls_auth.key \
+ +vpn.data ta-dir=1 \
+ +vpn.data verify-x509-name=name:access.is
+```
+
+
+Conver nmconnection into Nix
+https://github.com/janik-haag/nm2nix \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 18:23:42 +0000