Autoconnect VPN not working in Network Manager

I created a sys qubes with network manager service, and added a VPN, which does connect fine, but unlike the solutions I find when googling, the auto connect option isn’t there.

For example these solutions How to automatically connect to VPN with Network-Manager - Ask Ubuntu dont seem to work

Take away id from nmcli con up.

If you want to fully automate it, try the following:

nmcli con up $(nmcli con show | grep -m1 vpn | awk '{print $1}')

This will pick the first available vpn and connect to it.

If you want to connect to it automatically on vm startup, do the following in your sys-vpn (or dvm template, if sys-vpn is disposable):

  1. Create the script and make it executable:
$ cat <<EOF > $HOME/start_vpn.sh
#!/bin/bash
nmcli con up \$(nmcli con show | grep -m1 vpn | awk '{print \$1}')
EOF
$ chmod +x $HOME/start_vpn.sh
  1. Create autostart file
$ mkdir -p $HOME/.config/autostart
$ cat <<EOF > $HOME/.config/autostart/start_vpn.desktop
[Desktop Entry]
Type=Application
Name=Start VPN
Exec=$HOME/start_vpn.sh
EOF

This should do it.

You need to wait for the internet connection

while ! ping -c 1 -W 1 1.1.1.1; do
	sleep 5
done

nmcli con up id proton passwd-file /rw/config/NM-system-connections/secret

That works for me, id is the name of the vpn connection and secret is the file with username and password.

that worked. do you know why the gui tools like network manager and xfce session settings dont work inside qubes?

also do you know how to auto reconnect if disconnected?

Well they do work, they perhaps miss certain features you’re looking for. nmcli is just the cli interface to NetworkManager.

I haven’t looked into that. However I can provide you a way to prevent leaks in case the connection to the vpn drops.

Run the following as root in your sys-vpn (or dvm template, if sys-vpn is disposable):

[root@vpn-dvm]# cat <<EOF > /rw/config/qubes-firewall-user-script
# VPN kill switch
iptables -I FORWARD -o eth0 -j DROP
iptables -I FORWARD -i eth0 -j DROP
ip6tables -I FORWARD -o eth0 -j DROP
ip6tables -I FORWARD -i eth0 -j DROP
EOF
[root@vpn-dvm]# chmod +x /rw/config/qubes-firewall-user-script

That seems to have broken my vpn qube. the qube connecting to it has no connection.

How I installed my vpn is just by installing sudo apt install network-manager-openvpn-gnome and clicking add vpn in network manager.

Because it drops all connections unless you have an active vpn connection.

To revert it, just delete the file and restart sys-vpn.

Weird it wasn’t working yesterday even after rebooting, it had no connection even when connected to the VPN, but it is working fine today.