GNOME Bugzilla – Bug 732825
Automatically Disconnect When Switching Between VPNs
Last modified: 2017-07-28 07:34:44 UTC
I often need to switch between multiple VPNs throughout my workday. I realize that I must disconnect from the current VPN (I'm connected to) before I can successfully connect to another. However, I'm tired of having to explicitly disconnect (using the Network Manager's GUI) each time I switch between VPNs. Currently each time you switch to another VPN, if you are already connected to a different VPN, the VPN you want to switch to is grayed out; You must first disconnect by navigating through the Network Manager's Indicator Menu to VPN Connections > Disconnect VPN. Then you must repeat the same steps to connect to the other VPN you're intending to switch to. So, it takes about 6 steps to switch to another VPN. Although I can appreciate how these additional steps emphasize the fact that you must disconnect from one VPN before connecting to another, now that this fact is clear, I wish that the connection manager would allow me to select another VPN (while I'm already connected to a different VPN) and then *Automatically disconnect* before connecting to the VPN I'm switching to. If it is a priority to emphasize that "you'll be disconnected from you current VPN if you switch to another", then this fact would be more efficiently communicated via a warning dialog, upon selecting a different VPN. This dialog should have a check box that says "Don't warn me of this in the future". So that once users understand that fact, they don't have to be burdened with additional unnecessary steps in the future. Downstream: https://bugs.launchpad.net/ubuntu/+source/network-manager-vpnc/+bug/1215262 ProblemType: Bug DistroRelease: Ubuntu 13.04 Package: network-manager-vpnc (not installed) ProcVersionSignature: Ubuntu 3.8.0-27.40-generic 3.8.13.4 Uname: Linux 3.8.0-27-generic i686 ApportVersion: 2.9.2-0ubuntu8.3 Architecture: i386 Date: Wed Aug 21 22:48:16 2013 InstallationDate: Installed on 2012-12-17 (247 days ago) InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release i386 (20120817.3) MarkForUpload: True ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: network-manager-vpnc UpgradeStatus: Upgraded to raring on 2013-05-06 (107 days ago) I was able to implement this functionality for myself using autokey-gtk: sudo apt-get install autokey-gtk Essentially, I added a folder in the left-pane of Autokey and associated a hot-key with that folder. Then, under that folder I added 3 scripts to facilitate easier switching between the 3 VPNs I frequent through out my work day. Each script only contains one line. Script 1 - Switch to VPN 1: os.system("nmcli con down id 'VPN 2' ; nmcli con down id 'VPN 3' ; nmcli con up id 'VPN 1' &") Script 2 - Switch to VPN 2: os.system("nmcli con down id 'VPN 1' ; nmcli con down id 'VPN 3' ; nmcli con up id 'VPN 2' &") Script 3 - Switch to VPN 3: os.system("nmcli con down id 'VPN 1' ; nmcli con down id 'VPN 2' ; nmcli con up id 'VPN 3' &") Now, anytime I hit this hot-key combination I've set, a context menu jumps under my mouse-cursor listing all 3 VPNs. When I click any particular one, it automatically disconnects from any of the other two and connects to the one I've selected. Unfortunately, I was unable to find a nmcli command capable of disconnecting "all VPNs" that might be currently connected. Instead you have to specify the id of the vpn you want to disconnect. I understand the need to specify an id for connection, but I wish there was a general kill all for disconnecting. I will try to propose this addition to the nmcli command and post back here at some point. I've posted the idea of: nmcli con down allvpn to a separate proposal: https://bugs.launchpad.net/ubuntu/+source/network-manager-vpnc/+bug/1338382 The bug on this page (1215262), should focus on the gui aspects of implementing this same functionality.
We eventually want to support being connected to multiple VPNs at once (bug 504763), which seems pretty much incompatible with this
Multiple VPNs at once would be ideal. However, I see that the "Multiple VPNs at once" enhancement has been requested since 2007 (since 7 years ago) and still might not be achieved in the near future. Therefore, the enhancement I'm proposing would seem worthy for the meantime, until the "Multiple VPNs at once" goal is actually achieved. This proposal would be relatively simple to implement, but it would eliminate a lot of step currently required to switch between VPNs (something I personally do several times a day). Anyone switching between VPNs can appreciate the objective requiring less steps to achieve. It seem all you would have to do is prevent other VPN connections from being greyed out in the applet/indicator, while a particular VPN is currently connection. When a user selects a different VPN, it simply disconnect the current one and connects to the selected one. Here are two command that will disconnect the current VPN (no matter what its ID or UUID is): nmcli con status | grep -oP '^(([^\s]+\s){1,}[\s]{2,}){4}yes.+$' | grep -oP '(?<=[\s]{2})[^\s]+(?=(\s+[^\s]+){2}\s+yes.*)' | xargs -L1 nmcli con down uuid nmcli con status | grep -oP '^(([^\s]+\s){1,}[\s]{2,}){4}yes.+$' | grep -oP '^.*?(?=\s{2,})' | sed 's/^/\x27/' | sed 's/$/\x27/' | xargs -L1 nmcli con down id I understand the interface has changed slightly in the latest version of nmcli. I have not tested the latest version, but I assume these modifications of the above commands would work: nmcli connection show --active | grep -oP '^(([^\s]+\s){1,}[\s]{2,}){4}yes.+$' | grep -oP '(?<=[\s]{2})[^\s]+(?=(\s+[^\s]+){2}\s+yes.*)' | xargs -L1 nmcli con down uuid nmcli connection show --active | grep -oP '^(([^\s]+\s){1,}[\s]{2,}){4}yes.+$' | grep -oP '^.*?(?=\s{2,})' | sed 's/^/\x27/' | sed 's/$/\x27/' | xargs -L1 nmcli con down id I realize this proposal is incompatible with the long-term goal of "Multiple VPNs at the same time", but I hope you will grant it in the meantime. Thank you.
NM 1.4 now supports multiple active VPN connections for the same VPN type, as long as the service supports it. Most the 1st-party VPN services have been updated to support this too (vpnc, pptp, openvpn, libreswan) with the exception of openconnect. Given that, can this be closed?
Closing as per comment 3.