Hi,
In my workflow, it would be much more convenient if I could connect to my company VPN from the command line, rather than through the network manager GUI in the task bar. Is there a way to do this?
I remember there was a way to do this with regular network interfaces like Ethernet, using some scripts under `/etc`, or commands like `ifup` and `ifdown`. Is there something similar for VPNs?
Thanks,
Charles
How to activate VPN or other network interface from command line
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
- Level 1
- Posts: 40
- Joined: Mon Apr 27, 2015 9:34 am
How to activate VPN or other network interface from command line
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: How to activate VPN or other network interface from command line
ifup
et al are old/obsolete. You can in a terminal list the NetworkManager-configured connections with nmcli con
, then useCode: Select all
nmcli con up "the connection name as displayed by first step"
nmcli con down <same>
to disconnect.-
- Level 1
- Posts: 40
- Joined: Mon Apr 27, 2015 9:34 am
Re: How to activate VPN or other network interface from command line
Excellent! You made my day.
There are a few additional things to make it frictionless, though. First, I need to use sudo because of this:
Is there a group I can add myself to? I've tried netdev and nm-openvpn, but those weren't the right ones.
The other thing is I need to specify the VPN password. The simple way is like this:
Entering the password gets me connected, and also I now know the name of the password property: vpn.secrets.password. So, I created a file with just this in it: `vpn.secrets.password:<password>` and now I can do this:
So, I hope this helps someone else, too, but it would be really nice to not need sudo.
Thanks!
Charles
There are a few additional things to make it frictionless, though. First, I need to use sudo because of this:
Code: Select all
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
Error: Connection activation failed: Not authorized to control networking.
The other thing is I need to specify the VPN password. The simple way is like this:
Code: Select all
$ sudo nmcli --ask con up "My Exciting VPN"
A password is required to connect to 'My Exciting VPN'.
Password (vpn.secrets.password):
VPN connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/22)
Code: Select all
$ sudo nmcli con up "My Exciting VPN" passwd-file ~/.ssh/vpn-pass
VPN connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/23)
Thanks!
Charles
Re: How to activate VPN or other network interface from command line
To expand on the ifconfig(8) thing: it was deprecated in favor of ip(8). You might also want to know that netstat(8) was deprecated in favor of ss(8). You can take down and put up an interface with:
I have no idea about Network Manager, as I've never used it (I just use dhclient(8) for my Internet), but hopefully that info was somewhat helpful.
ip link set IFACE [up|down]
All that is of course in the man page, though. You can still install ifconfig(8) with the 'net-tools' package, but I think it'd be far better to learn to adapt, plus it doesn't seem to include the `if*` wrappers (IE: `ifup`). Although, it seems like you can get them separately, with the 'ifupdown' package. There's also 'ifupdown-extra' for even more related tools.I have no idea about Network Manager, as I've never used it (I just use dhclient(8) for my Internet), but hopefully that info was somewhat helpful.
I'm also Terminalforlife on GitHub.
Re: How to activate VPN or other network interface from command line
You in fact shouldn't need to -- admittedly maybe depending on how the VPN and/or the rest of your system is configured. First, if it's a VPN configured via the to NetworkManager built-in .opvn support the username/password is provided in the connection's settings, VPN tab, and when I as an admin user do thelovecraft1024 wrote: ⤴Sat May 21, 2022 1:29 pm So, I hope this helps someone else, too, but it would be really nice to not need sudo.
nmcli up
thing for a so configured free-tier ProtonVPN connection I'm asked for nothing; it immediately connects. The sudo thing as such I can not place; the fact that you can even use sudo after all means you're an administrative user as well.As to the password; I expect your VPN-setup is not as per that .opvn route and that you login automatically? I.e, that the system default keyring does not get unlocked automatically? That's in any case where NetworkManager tends to store passwords -- although I would suppose that the graphical route would in that case ask for the keyring password as well, so a difference I would again not be able to place. If however the keyring issue is the issue here you'd need/want to not login automatically or fudge around unlocking the keyring manually on login anyway.
In any case then; can not reproduce either of your two issues with the ProtonVPN connection I've set up, and although I expect that the second may then be a matter of you logging in to your desktop automatically, i.e., the keyring not getting unlocked -- and/or the second being a result of the first, but I've no idea what causes first for you.
-
- Level 1
- Posts: 40
- Joined: Mon Apr 27, 2015 9:34 am
Re: How to activate VPN or other network interface from command line
Thanks for the tips. Although I know my way around a Linux machine pretty well, VPNs have been a black art for me. I strictly followed my IT department's installation and setup procedure. That involved these packages:
I then configured a VPN connection using the Network Manager to add a L2TP connection.
I have no idea whether that has anything to do with .opvn, but I'm guessing "no". At any rate, using sudo isn't such a huge hassle, and I can stack commands after it (like "sshfs vpn-host:<something...>"). I'm just very happy to be able to do this from the command line, and also to have learned about
Code: Select all
sudo apt-get install network-manager-l2tp-gnome network-manager-strongswan
libstrongswanstandard-plugins libstrongswan-extra-plugins
I have no idea whether that has anything to do with .opvn, but I'm guessing "no". At any rate, using sudo isn't such a huge hassle, and I can stack commands after it (like "sshfs vpn-host:<something...>"). I'm just very happy to be able to do this from the command line, and also to have learned about
nmcli
.Re: How to activate VPN or other network interface from command line
Indeed that's not OpenVPN, nor PPTP, which do both have that username/password thing integrated onto the VPN tab directly. This thread did make me wonder why NetworkManager support for those two types does not use the keyring to store the password by the way, but oh well, don't care much for for VPN details (either). If you're happy then I am