NetworkManager and scripts

[brendankearney]

I have been running a very stable OpenVPN config for years, but the clients, running Linux, have always used network-scripts (i.e. ifcfg-*) and i have launched the instance with a script. with a new laptop, i want to use the NetworkManager plugin, but there are some caveats. note, this is on fedora 38 if that makes a difference.

i have up/down scripts that mostly seem unnecessary since NM will bring up the tap0 interface, but the resolv.conf work is something i want to continue using. i manually edited the .nmconnection file, to add the up and down directives, but those are unsupported. how do i use the scripts capability of OpenVPN, if NM cannot use them? if it matters, configs for server and client are below.

View OriginalServer Config

1

# TAP Config on UDP/1194

2

3

mode server

4

5

tls-server

6

7

local host.domain.tld

8

9

#local 192.168.xxx.yyy

10

11

port 1194

12

13

management 127.0.0.1 7505

14

15

proto udp

16

17

#dev tap0 mktun

18

19

dev mktun

20

21

dev tap0

22

23

script-security 2

24

25

up TapUp.sh

26

27

ca ca.crt

28

29

cert sslvpn.crt

30

31

key sslvpn.key

32

33

#tls-auth tls-auth.key 0

34

35

tls-crypt tls-auth.key

36

37

dh dh.pem

38

39

cipher AES-256-CBC

40

41

askpass phrase

42

43

keysize 256

44

45

auth sha256

46

47

server-bridge

48

49

push "redirect-gateway def1"

50

51

push "route-gateway dhcp"

52

53

passtos

54

55

keepalive 10 120

56

57

fast-io

58

59

user nobody

60

61

group nobody

62

63

ping-timer-rem

64

65

persist-tun

66

67

persist-key

68

69

verb 4

70

71

mute 20

72

1

mode server

2

tls-server

3

local host.domain.tld

4

port 1194

5

management 127.0.0.1 7505

6

proto udp

7

dev mktun

8

dev tap0

9

script-security 2

10

up TapUp.sh

11

ca ca.crt

12

cert sslvpn.crt

13

key sslvpn.key

14

tls-crypt tls-auth.key

15

dh dh.pem

16

cipher AES-256-CBC

17

askpass phrase

18

keysize 256

19

auth sha256

20

server-bridge

21

push "redirect-gateway def1"

22

push "route-gateway dhcp"

23

passtos

24

keepalive 10 120

25

fast-io

26

user nobody

27

group nobody

28

ping-timer-rem

29

persist-tun

30

persist-key

31

verb 4

32

mute 20

View OriginalClient Config

1

client

2

3

dev tap

4

5

proto udp

6

7

#remote host.domain.tld

8

9

remote internal.domain.tld

10

11

float

12

13

port 1194

14

15

resolv-retry infinite

16

17

keepalive 10 120

18

19

ping-timer-rem

20

21

lladdr 56:fd:c0:7d:xx:yy

22

23

persist-tun

24

25

persist-key

26

27

ca ca.crt

28

29

cert host.crt

30

31

key hostkey

32

33

#tls-auth tls-auth.key 1

34

35

tls-crypt tls-auth.key

36

37

remote-cert-tls server

38

39

#cipher AES-256-CBC

40

41

auth sha256

42

43

auth-user-pass creds

44

45

askpass phrase

46

47

auth-nocache

48

49

route-delay 10

50

51

script-security 2

52

53

up "up.sh"

54

55

down "down.sh"

56

57

pull

58

59

verb 4

60

61

mute 20

62

1

client

2

dev tap

3

proto udp

4

remote internal.domain.tld

5

float

6

port 1194

7

resolv-retry infinite

8

keepalive 10 120

9

ping-timer-rem

10

lladdr 56:fd:c0:7d:xx:yy

11

persist-tun

12

persist-key

13

ca ca.crt

14

cert host.crt

15

key hostkey

16

tls-crypt tls-auth.key

17

remote-cert-tls server

18

auth sha256

19

auth-user-pass creds

20

askpass phrase

21

auth-nocache

22

route-delay 10

23

script-security 2

24

up "up.sh"

25

down "down.sh"

26

pull

27

verb 4

28

mute 20