After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 560471 - Possibility to make VPN connect when specific connections are used
Possibility to make VPN connect when specific connections are used
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: general
git master
Other All
: Normal enhancement
: ---
Assigned To: Jiri Klimes
NetworkManager maintainer(s)
: 523364 565108 576527 579025 652003 664741 680958 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-11-12 08:32 UTC by Karel Demeyer
Modified: 2013-07-30 14:46 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
/etc/NetworkManager/dispatcher.d/02vpn-auto (4.59 KB, application/octet-stream)
2010-02-28 14:56 UTC, Jacob
Details

Description Karel Demeyer 2008-11-12 08:32:43 UTC
At university I have to connect to a VPN after connecting to the wireless network to be able to browse the network/internet. Would it be possible to make this automate'able ? I mean ... It would be nice if I could configure the University wireless network this way that it automaticcaly connects to one of the configured VPN networks on connection.

Thanks for this great piece of software and all your work for the open source community.
Comment 1 Dan Williams 2008-11-14 17:18:46 UTC
Yes, this is something NM should allow.
Comment 2 Dan Williams 2008-11-21 19:34:15 UTC
*** Bug 523364 has been marked as a duplicate of this bug. ***
Comment 3 Dan Williams 2009-04-07 13:33:28 UTC
*** Bug 576527 has been marked as a duplicate of this bug. ***
Comment 4 Christopher Aillon 2009-04-15 21:41:13 UTC
*** Bug 579025 has been marked as a duplicate of this bug. ***
Comment 5 Christopher Aillon 2009-04-15 21:50:12 UTC
*** Bug 565108 has been marked as a duplicate of this bug. ***
Comment 6 Dan Williams 2009-05-12 22:56:03 UTC

*** This bug has been marked as a duplicate of 563159 ***
Comment 7 Dan Williams 2009-05-12 22:57:12 UTC
wrong bug duped, sorry!
Comment 8 Jacob 2010-02-28 14:56:50 UTC
Created attachment 154900 [details]
/etc/NetworkManager/dispatcher.d/02vpn-auto

This is a workaround. Drop this script into your /etc/NetworkManager/dispatcher.d/ folder, and edit the two variables at the beginning to match the precise names of your VPN and school SSID. Your VPN cannot be available system-wide, and you should change the UID variable to match whatever "id -u" says. Also make sure it's owned by root and executable only by root. This works very well for me, in the meantime.
Comment 9 Dan Williams 2011-06-09 14:14:12 UTC
Notes on this have been added to the TODO file in git.
Comment 10 Dan Williams 2011-06-09 14:43:28 UTC
*** Bug 652003 has been marked as a duplicate of this bug. ***
Comment 11 Pavel Simerda 2012-07-27 00:54:35 UTC
From bug 664741:

correct.horse@aol.com [reporter] 2011-11-24 16:19:52 UTC

Hey,

it would be very awesome if the keyfile configuration files supported

[connection]
autoactivate=$UUID


(one or more autoactivate lines) and then do the following:

when the pc is connected to that connection, automatically try to connect to
the connection with $UUID. This would be very useful for me, as I am required
to use a VPN in a specific WLAN and right now, I'd need to this via a
dispatcher (which needs to check on every connection if it is the required one
and then make networkmanager connect -- much ugly overhead). It would be much
better if that were integrated :)


Thanks for reading and that nice piece of software!
Comment 12 Pavel Simerda 2012-07-27 00:54:53 UTC
*** Bug 664741 has been marked as a duplicate of this bug. ***
Comment 13 Pavel Simerda 2012-08-01 11:47:15 UTC
*** Bug 680958 has been marked as a duplicate of this bug. ***
Comment 14 Pavel Simerda 2012-08-01 11:48:05 UTC
Comment from duplicate bug 560471:

D.S. (Spider) Ljungmark [reporter] 2012-08-01 08:55:12 UTC

For certain, known and authenticated Wifi connections ( as in, not by default
on all of them) I want to be able to toggle "Always use VPN with this
connection"

This option should then let me to select a VPN to use, and "bind" it to the
connection.  It would then refuse to say it is "connected" until the VPN tunnel
is established, and any failure of the VPN tunnel, should bring the wifi
connection down to prevent information leakage.

The main usecase here are known "hostile" wifi nodes ( Cafés, conferences and
similar ) where you do not trust the local network.
Comment 15 Pavel Simerda 2012-08-01 16:14:45 UTC
*** Bug 680955 has been marked as a duplicate of this bug. ***
Comment 16 D.S. (Spider) Ljungmark 2012-08-01 16:53:59 UTC
This is NOT a duplicate of 680955.  #680955 is similar, but a current security issue where NM fails to re-enable VPN after suspend.
Comment 17 Pavel Simerda 2012-08-02 13:24:30 UTC
Yes. I originally thought it would be solved by fixing this one.
Comment 18 Marius Kotsbak 2012-10-06 19:31:30 UTC
What do you think about removing the autoconnect option until it is working?
Comment 19 Pavel Simerda 2012-10-07 15:30:58 UTC
Feel free to patch NM in your favorite distribution. Doing it upstream makes no sense as it would take time to deliver it to distributions.
Comment 20 Marius Kotsbak 2012-10-11 08:01:04 UTC
Well, I only partly agree. The advantages would be:

* Downstreams could use the same patch as upstream, reducing problems with importing newer upstream versions later.
* If it was added upstream, downstreams do not need to watch for when the feature is implemented since they get the reenabling code for the checkbox automatically when it is fixed upstream.

A disadvantage is for testing during implementation, but that can be done in master/next/a topic branch where the checkbox is reintroduced.
Comment 21 Pavel Simerda 2012-10-15 19:03:59 UTC
That was just a remark, I don't really have an opinion on this one.
Comment 22 Pavel Simerda 2012-11-01 11:15:30 UTC
commit ece5e209cdc409a21e249dacbdbc953a1db4c6b7
Author: Jiří Klimeš <jklimes@redhat.com>
Date:   Tue Aug 21 17:49:41 2012 +0200

    core: VPN autoconnect feature (bgo #560471) (rh #483120)
    
    We go through the SECONDARIES state where we check if there are some secondary
    (VPN or other) UUIDs that are to be activated before progressing to ACTIVATED.
    In case of an error with a secondary UUID or its activation, the base connection
    can't activate successfully.
Comment 23 broken.zhou 2013-07-27 12:57:41 UTC
Hi.  Does this patch go into mainline?  I'm using networkmanager 0.9.8.2 but this problem persists, namely 'Connect automatically' option when editing a VPN does nothing.
Comment 24 Pavel Simerda 2013-07-27 23:13:14 UTC
(In reply to comment #23)
> Hi.  Does this patch go into mainline?  I'm using networkmanager 0.9.8.2 but
> this problem persists, namely 'Connect automatically' option when editing a VPN
> does nothing.

You can now explicitly choose a VPN connection to always accompany your physical connection. Generic autoconnection of VPNs is not supported.
Comment 25 Domen Kožar 2013-07-28 09:50:07 UTC
$ git tag --contains ece5e209cdc409a21e249dacbdbc953a1db4c6b7                                                                                                                                                                                
0.9.7.995
0.9.7.997
0.9.8-beta1
0.9.8-beta2
0.9.8.0
0.9.8.2
Comment 26 broken.zhou 2013-07-29 08:24:14 UTC
(In reply to comment #24)
> You can now explicitly choose a VPN connection to always accompany your
> physical connection.

How could I choose that?
Comment 27 Pavel Simerda 2013-07-29 11:15:01 UTC
I don't have knowledge about specific tools, it's the 'secondaries' attribute according to:

https://projects.gnome.org/NetworkManager/developers/api/09/ref-settings.html
Comment 28 Jiri Klimes 2013-07-30 14:46:08 UTC
(In reply to comment #26)
> (In reply to comment #24)
> > You can now explicitly choose a VPN connection to always accompany your
> > physical connection.
> 
> How could I choose that?

1. Run "nm-connection-editor"
2. choose a base connection for which you want add VPN, click Edit
3. select "General" tab
4. tick "Automatically connect to  VPN when using this connection"
5. select VPN connection to use