NetworkManager and scripts

[brendankearney]

I have been running a very stable OpenVPN config for years, but the clients, running Linux, have always used network-scripts (i.e. ifcfg-*) and i have launched the instance with a script. with a new laptop, i want to use the NetworkManager plugin, but there are some caveats. note, this is on fedora 38 if that makes a difference.

i have up/down scripts that mostly seem unnecessary since NM will bring up the tap0 interface, but the resolv.conf work is something i want to continue using. i manually edited the .nmconnection file, to add the up and down directives, but those are unsupported. how do i use the scripts capability of OpenVPN, if NM cannot use them? if it matters, configs for server and client are below.

View OriginalServer Config

# TAP Config on UDP/1194
mode server
tls-server
local host.domain.tld
#local 192.168.xxx.yyy
port 1194
management 127.0.0.1 7505
proto udp
#dev tap0 mktun
dev mktun
dev tap0
script-security 2
up TapUp.sh
ca ca.crt
cert sslvpn.crt
key sslvpn.key
#tls-auth tls-auth.key 0
tls-crypt tls-auth.key
dh dh.pem
cipher AES-256-CBC
askpass phrase
keysize 256
auth sha256
server-bridge
push "redirect-gateway def1"
push "route-gateway dhcp"
passtos
keepalive 10 120
fast-io
user nobody
group nobody
ping-timer-rem
persist-tun
persist-key
verb 4
mute 20
plugin /usr/lib64/openvpn/plugins/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf"

View OriginalClient Config

client
dev tap
proto udp
#remote host.domain.tld
remote internal.domain.tld
float
port 1194
resolv-retry infinite
keepalive 10 120
ping-timer-rem
lladdr 56:fd:c0:7d:xx:yy
persist-tun
persist-key
ca ca.crt
cert host.crt
key hostkey
#tls-auth tls-auth.key 1
tls-crypt tls-auth.key
remote-cert-tls server
#cipher AES-256-CBC
auth sha256
auth-user-pass creds
askpass phrase
auth-nocache
route-delay 10
script-security 2
up "up.sh"
down "down.sh"
pull
verb 4
mute 20
explicit-exit-notify 2