Bug 656215 – No way to mark a vpn connection as required

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 656215 - No way to mark a vpn connection as required


Summary:	No way to mark a vpn connection as required


Status:	RESOLVED OBSOLETE

Product:	NetworkManager
Classification:	Platform
Component:	VPN: openvpn
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Dan Williams
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:	689339

Reported:	2011-08-09 13:02 UTC by lsof
Modified:	2020-11-12 14:33 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Script to complain when tun0 dies (399 bytes, text/plain) 2011-08-10 14:28 UTC, lsof	Details

Description lsof 2011-08-09 13:02:58 UTC

(I'm reporting a bunch of bugs that I had today with nm. NetworkManager-0.8.9997-6.git20110721.fc15.x86_64)

If I am using a VPN connection to protect data, I need a way for it to fail if the VPN connection goes down.

Currently if my VPN connection dies, the data will be sent over the Internet and not over the VPN.

It would be good to have a way to mark a VPN connection as required in the same way that a normal Internet connection can be marked as required.

Comment 1 lsof 2011-08-10 14:28:31 UTC

Created attachment 193551 [details]
Script to complain when tun0 dies

Comment 2 Jiri Klimes 2011-10-12 14:57:38 UTC

You can use a dispatcher script (vpn-down action) and do whatever you want from there (e.g. disconnect ethernet connection: nmcli dev disconnect iface eth0)

See 'man NetworkManager' for detailed info about dispatcher scripts.

Comment 3 lsof 2012-05-04 09:11:46 UTC

Thanks. Here is what I used to automatically disconnect all network connections when the vpn connection goes down or dies:

/etc/NetworkManager/dispatcher.d/25-vpn

#!/bin/bash

INTERFACE=$1	# this will probably be 'tun0', but we don't check this
STATUS=$2	# we are only interested in 'vpn-down' (and not 'vpn-up')

case "$STATUS" in
    'vpn-down')
	for i in $(nmcli -t -fields device dev); do
		nmcli dev disconnect iface $i;
	done
	;;
esac

Comment 4 Adam 2012-09-05 15:41:53 UTC

Possible duplicate of #349151

Comment 5 Bastien Nocera 2014-09-25 14:01:57 UTC

(In reply to comment #4)
> Possible duplicate of #349151

It's not a duplicate.

(In reply to comment #2)
> You can use a dispatcher script (vpn-down action) and do whatever you want from
> there (e.g. disconnect ethernet connection: nmcli dev disconnect iface eth0)
> 
> See 'man NetworkManager' for detailed info about dispatcher scripts.

That's far from the integration we would need to implement this feature. We would need *no* network connection at all to be made before the VPN is successfully connected. Using a post script has a huge race window. This should also disable any connectivity checks until the VPN is connected.

Comment 6 André Klapper 2020-11-12 14:33:48 UTC

bugzilla.gnome.org is being shut down in favor of a GitLab instance. 
We are closing all old bug reports and feature requests in GNOME Bugzilla which have not seen updates for a long time.

If you still use NetworkManager and if you still see this bug / want this feature in a recent and supported version of NetworkManager, then please feel free to report it at https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/

Thank you for creating this report and we are sorry it could not be implemented (workforce and time is unfortunately limited).