Autoconnect VPN not working in Network Manager

anon3 · June 15, 2022, 1:03am

I created a sys qubes with network manager service, and added a VPN, which does connect fine, but unlike the solutions I find when googling, the auto connect option isn’t there.

For example these solutions How to automatically connect to VPN with Network-Manager - Ask Ubuntu dont seem to work

BEBF738VD · June 15, 2022, 7:47am

Take away id from nmcli con up.

If you want to fully automate it, try the following:

nmcli con up $(nmcli con show | grep -m1 vpn | awk '{print $1}')

This will pick the first available vpn and connect to it.

If you want to connect to it automatically on vm startup, do the following in your sys-vpn (or dvm template, if sys-vpn is disposable):

Create the script and make it executable:

$ cat <<EOF > $HOME/start_vpn.sh
#!/bin/bash
nmcli con up \$(nmcli con show | grep -m1 vpn | awk '{print \$1}')
EOF
$ chmod +x $HOME/start_vpn.sh

Create autostart file

$ mkdir -p $HOME/.config/autostart
$ cat <<EOF > $HOME/.config/autostart/start_vpn.desktop
[Desktop Entry]
Type=Application
Name=Start VPN
Exec=$HOME/start_vpn.sh
EOF

This should do it.

renehoj · June 15, 2022, 8:06am

You need to wait for the internet connection

while ! ping -c 1 -W 1 1.1.1.1; do
	sleep 5
done

nmcli con up id proton passwd-file /rw/config/NM-system-connections/secret

That works for me, id is the name of the vpn connection and secret is the file with username and password.

github.com

Qubes-Community/Contents/blob/master/docs/configuration/vpn.md


How To make a VPN Gateway in Qubes
==================================

<div class="alert alert-info" role="alert">
  <i class="fa fa-info-circle"></i>
  <b>Note:</b> If you seek to enhance your privacy, you may also wish to consider <a href="/doc/whonix/">Whonix</a>.
  You should also be aware of <a href="https://www.whonix.org/wiki/Tunnels/Introduction">the potential risks of VPNs</a>.
</div>

Although setting up a VPN connection is not by itself Qubes specific, Qubes includes a number of tools that can make the client-side setup of your VPN more versatile and secure. This document is a Qubes-specific outline for choosing the type of VM to use, and shows how to prepare a ProxyVM for either NetworkManager or a set of fail-safe VPN scripts.

Please refer to your guest OS and VPN service documentation when considering the specific steps and parameters for your connection(s); The relevant documentation for the Qubes default guest OS (Fedora) is [Establishing a VPN Connection.](https://docs.fedoraproject.org/en-US/Fedora/23/html/Networking_Guide/sec-Establishing_a_VPN_Connection.html)

### NetVM

The simplest case is to set up a VPN connection using the NetworkManager service inside your NetVM. Because the NetworkManager service is already started, you are ready to set up your VPN connection. However this has some disadvantages:

- You have to place (and probably save) your VPN credentials inside the NetVM, which is directly connected to the outside world
- All your AppVMs which are connected to the NetVM will be connected to the VPN (by default)

This file has been truncated. show original

anon3 · June 15, 2022, 8:05pm

that worked. do you know why the gui tools like network manager and xfce session settings dont work inside qubes?

also do you know how to auto reconnect if disconnected?

BEBF738VD · June 16, 2022, 8:29am

Well they do work, they perhaps miss certain features you’re looking for. nmcli is just the cli interface to NetworkManager.

I haven’t looked into that. However I can provide you a way to prevent leaks in case the connection to the vpn drops.

Run the following as root in your sys-vpn (or dvm template, if sys-vpn is disposable):

[root@vpn-dvm]# cat <<EOF > /rw/config/qubes-firewall-user-script
# VPN kill switch
iptables -I FORWARD -o eth0 -j DROP
iptables -I FORWARD -i eth0 -j DROP
ip6tables -I FORWARD -o eth0 -j DROP
ip6tables -I FORWARD -i eth0 -j DROP
EOF
[root@vpn-dvm]# chmod +x /rw/config/qubes-firewall-user-script

anon3 · June 16, 2022, 10:00pm

That seems to have broken my vpn qube. the qube connecting to it has no connection.

How I installed my vpn is just by installing sudo apt install network-manager-openvpn-gnome and clicking add vpn in network manager.

BEBF738VD · June 17, 2022, 7:15am

Because it drops all connections unless you have an active vpn connection.

To revert it, just delete the file and restart sys-vpn.

anon3 · June 17, 2022, 11:42pm

Weird it wasn’t working yesterday even after rebooting, it had no connection even when connected to the VPN, but it is working fine today.