blob: 545124c9101fe5d9b0e03bac39e0cc41526059c0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
---
tags:
- linux
- networking
references:
- https://networkmanager.dev/
- https://ubuntu.com/core/docs/networkmanager/configure-vpn
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/assembly_networkmanager-connection-profiles-in-keyfile-format_configuring-and-managing-networking
---
Connection profiles (nm-settings-nmcli(5))
Networkmanager will only read profile files owned by root bc they often contain secrets.
Keyfile format for connection profiles is .INI-like, but makes it possible for example to write a list of arrays in a space-seperated string?
> Configuring secrets for when using OpenVPN together with NetworkManager in NixOS is complete dogshit. Avoid :)
Manually defining VPN
https://networkmanager.dev/docs/api/latest/nm-settings-nmcli.html
```
nmcli c add connection.id vpntest connection.type vpn \
vpn.service-type org.freedesktop.NetworkManager.openvpn \
ipv4.never-default true \
ipv6.never-default true \
+vpn.data ca=/sjj:qvar/snap/network-manager/common/creds/server_ca.crt \
+vpn.data cert=/var/snap/network-manager/common/creds/user.crt \
+vpn.data cert-pass-flags=0 \
+vpn.data cipher=AES-128-CBC \
+vpn.data comp-lzo=adaptive \
+vpn.data connection-type=tls \
+vpn.data dev=tun \
+vpn.data key=/var/snap/network-manager/common/creds/user.key \
+vpn.data ping=10 \
+vpn.data ping-restart=60 \
+vpn.data remote=<server>:<port> \
+vpn.data remote-cert-tls=server \
+vpn.data ta=/var/snap/network-manager/common/creds/tls_auth.key \
+vpn.data ta-dir=1 \
+vpn.data verify-x509-name=name:access.is
```
Conver nmconnection into Nix
https://github.com/janik-haag/nm2nix
|
