Hello,
I used wireguard VPN with this guide.
Now I use Openvpn but it is NOT autostart when sys-vpn boot up.
I want to autostart like wireguard. I mean from gui Edit connections then Ethernet then VP uplink eth0 inside General menu I have to tick ‘Automatically connect to VPN’
When I tick the next reboot is unticked.
Can anyone help ?
You can always add a line in /rw/config/rc.local in the VPN VM to start your VPN:
First find out your VPN connection name by running “nmcli c show”, let’s say it is YOURCONNNAME;
Then add a line to /rw/config/rc.local:
nmcli c up YOURCONNNAME
Another way is to run nmtui as root in the VPN VM and edit eth0 there, to start automatically your VPN.
Another way is like above, but using nmcli to set the “connection.secondaries” property for eth0 (note that this uses the connection UUID, not the connection name as above).
I add line in /rw/config/rc.local: Nothing. In cli terminal works but not work rc.local
Please give more details fro ntmui.
nmtui there is no option to autoconnet
Well. In order to get this fixed you need to provide more info. What template do you use for this VPN qube? if Fedora, it may be a selinux issue.
It may also be a case of “rc.local runs before eth0 is fully connected”, in which case you can introduce a short waiting loop:
# wait max. ~15s for eth0 to stabilize
for count in {1..5}; do ip l | grep -q eth0 && break; sleep $count; done
# wait another 2s, based on experience
sleep 2
nmcli c up YOURCONNNAME
First off all thank you for help me.
In my original first question I said I would like to fix it like original from NetworkManager GUI with tick autoconnect. Why? All others methods causes others problems.
So I put your script with delay then works fine. I use debian-13 not fedora.
Now the new problem is that after suspend not connect. I have to shutdown sys-vpn then start again.
Do you want to send you /var/log/syslog logs ???
localhost nm-openvpn[1598]: SIGUSR1[connection failed(soft),connection-failed] received, process restarting
You’re welcome!
I don’t know the answer and I don’t have a VPN using OpenVPN for running tests. It usually means that the running NM GUI does not have enough permissions to write config files.
However, reading through the nmcli man pages, I noticed that you cannot have the “connection.autoconnect” property enabled on a “vpn” connection (note that “wireguard” is a distinct connection type, different from “vpn”, and it supports autoconnect).
There is another suggested way to achieve this, using “secondaries”. This has to be applied to eth0, and then as soon as eth0 is started, the secondaries (specified by connection UUID) are also started.
This sounds like the solution you’re looking for (the rc.local being a workaround).
EDIT:
Ok, now I think I know how to reach the “solution”.
Step 1. Get the UUID of your VPN connection:
nmcli c show
Step 2. Edit eth0 using the interactive editor (as root)
nmcli connection edit type ethernet con-name eth0
nmcli> goto connection.secondaries
nmcli> set UUID-of-VPN-connection
nmcli> b
nmcli> print
nmcli> save
nmcli> quit
Note that I don’t have my Qubes 4.3.0 laptop and NetworkManager may be slightly different in debian 13. You can get help in the nmcli editor by typing “help” and “desc” to troubleshoot if the commands I wrote don’t work for you as they are.
EDIT2: should work, the commands work for me on debian-13!
short answer. It souldn’t work.
So It is complicated I made your settings witth nmcli connection edit type ethernet con-name “VM uplink eth0” as root. Create a second eth0 connection. Then I have to edit in GUI ipv4 settings. I got from original vm uplink eth0 then I deleted original VM uplink eth0. Then If suspend the qube then I resume it doesnt connect .
Syslog show
Jan 07 13:43:47 sys-vpn nm-openvpn[2085]: TCP/UDP: Preserving recently used remote address: [AF_INET]138.xxx.xxx7770
Jan 07 13:43:47 sys-vpn nm-openvpn[2085]: Attempting to establish TCP connection with [AF_INET]138.xxx.x.xxx:7770
Jan 07 13:43:49 sys-vpn nm-openvpn[2085]: TCP: connect to [AF_INET]7770 failed: No route to host
Jan 07 13:43:49 sys-vpn nm-openvpn[2085]: SIGUSR1[connection failed(soft),connection-failed] received, process restarting
Jan 07 13:43:50 sys-vpn nm-openvpn[2085]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Well … don’t create another connection! You have to edit the existing eth0 (or similar).
I create the same eth0. It doesn’t work where resume afer suspend.
I’ve been experimenting with openvpn on debian-13 minimal, nothing works to automatically connect at boot if you store credentials as user.
I think the best plan now for me is to create a user systemd service that run the nmcli command
It doesnt work again.
I made a systemd service after NetworkManager is up. When boot up sys-vpn everthing is fine. When the system suspend then after resume show the same error.
localhost nm-openvpn[1582]: SIGUSR1[connection failed(soft),connection-failed] received, process restarting
localhost nm-openvpn[1582]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
I tried to restart service manual. It doesn’t work
While the secondaries (of the eth0) would be the proper solution to autostart a VPN from Network Manager, and (with the debian template) you can reach this only if you start the nm-connection-editor as root…
However it’s still not working, as Qubes generating the NM connection file manually on each startup(?) so the custom settings are lost on reboot.
This would needs confirmation from the devs if this is the intended behaviour, or it is just a bug.
@Zrubi There is a bug.
If manual with mouse from gui connect to vpn everything is fine. With your mouse from NetworkManager GUI disconect from eth0 the connect again eth0 then you try again to do THE SAME to connecto to vpn then you couldn’t connect vpn. I upload some logs in previous post.