From 80ccf68f55dbb70d7e5ed52ee95b3c9d1b6ce264 Mon Sep 17 00:00:00 2001
From: Jasper Ras <jras@hostnet.nl>
Date: Thu, 20 Mar 2025 11:07:49 +0100
Subject: vault backup: 2025-03-20 11:07:48

---
 3 Resources/Linux/NetworkManager.md | 43 +++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 3 Resources/Linux/NetworkManager.md

(limited to '3 Resources/Linux/NetworkManager.md')

diff --git a/3 Resources/Linux/NetworkManager.md b/3 Resources/Linux/NetworkManager.md
new file mode 100644
index 0000000..545124c
--- /dev/null
+++ b/3 Resources/Linux/NetworkManager.md	
@@ -0,0 +1,43 @@
+---
+tags:
+  - linux
+  - networking
+references:
+  - https://networkmanager.dev/
+  - https://ubuntu.com/core/docs/networkmanager/configure-vpn
+  - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/assembly_networkmanager-connection-profiles-in-keyfile-format_configuring-and-managing-networking
+---
+Connection profiles (nm-settings-nmcli(5))
+Networkmanager will only read profile files owned by root bc they often contain secrets.
+Keyfile format for connection profiles is .INI-like, but makes it possible for example to write a list of arrays in a space-seperated string?
+
+
+> Configuring secrets for when using OpenVPN together with NetworkManager in NixOS is complete dogshit. Avoid :) 
+
+Manually defining VPN
+https://networkmanager.dev/docs/api/latest/nm-settings-nmcli.html
+```
+nmcli c add connection.id vpntest connection.type vpn \
+    vpn.service-type org.freedesktop.NetworkManager.openvpn \
+    ipv4.never-default true \
+    ipv6.never-default true \
+    +vpn.data ca=/sjj:qvar/snap/network-manager/common/creds/server_ca.crt \
+    +vpn.data cert=/var/snap/network-manager/common/creds/user.crt \
+    +vpn.data cert-pass-flags=0 \
+    +vpn.data cipher=AES-128-CBC \
+    +vpn.data comp-lzo=adaptive \
+    +vpn.data connection-type=tls \
+    +vpn.data dev=tun \
+    +vpn.data key=/var/snap/network-manager/common/creds/user.key \
+    +vpn.data ping=10 \
+    +vpn.data ping-restart=60 \
+    +vpn.data remote=<server>:<port> \
+    +vpn.data remote-cert-tls=server \
+    +vpn.data ta=/var/snap/network-manager/common/creds/tls_auth.key \
+    +vpn.data ta-dir=1 \
+    +vpn.data verify-x509-name=name:access.is
+```
+
+
+Conver nmconnection into Nix
+https://github.com/janik-haag/nm2nix
\ No newline at end of file
-- 
cgit v1.2.3