Autoconnect to VPN not working in fedora based AppVM
25 views
Skip to first unread message
799
Aug 6, 2019, 5:48:18 PM8/6/19
to qubes-users
Hello,
For my corporate work I am running a custom build AppVM which is based on a fedora-30-minimal package with some additional packages.
I am using the gnome network manager applet with the openconnect plugin to connect to our corporate VPN (Cisco Anyconnect).
This is working fine, but I would like to have the VPN started as soon as the VM boots up.
Normally this can be done, by right clicking network manager icon, choose "Edit Connection" then edit the settings for the Ethernet connection (VM uplink eth0), open the "General Tab" and enable "[x] Automatically connect to vpn" and choose the VPN connection which I have configured.
Unfortunately this setting will not survive the boot of the AppVM, therefore I think the setting is saved somewhere where the AppVM has no write possibility and therefore the setting will be forgotten when I shutdown the AppVM.
QUESTION:
How can I make this change permanent or do you another idea how to launch the VPN connection upon start of the AppVM?
- O.
PS: those are the steps to build my office AppVM (initiated from dom0):
basetemplate=fedora-30-minimal
worktemplatevm=t-fedora-30-work
WorkAppVM=my-office
worktemplatevm=t-fedora-30-work
WorkAppVM=my-office
qvm-clone $basetemplate $worktemplatevm
qvm-run --auto --user root --pass-io --no-gui $worktemplatevm \
'dnf install -y emacs keepass libreoffice gedit gimp gnome-terminal firefox \
nano git mc terminus-fonts less unzip dejavu-sans-fonts pinentry-gtk \
qubes-gpg-split qubes-core-agent-networking qubes-usb-proxy pulseaudio-qubes \
gstreamer gstreamer-plugins-base libffi libpng12 libXScrnSaver libsigc++20 \
pangox-compat xclip iputils iproute \
# qubes-core-agent-qrexec qubes-core-agent-systemd polkit notification-daemon qubes-input-proxy-sender'
### AnyConnect VPN - OpenConnect
qvm-run --auto --pass-io --no-gui --user root $worktemplatevm \
'dnf -y install NetworkManager-openconnect network-manager-applet qubes-core-agent-network-manager \
NetworkManager-openconnect-gnome NetworkManager-vpnc-gnome NetworkManager-openvpn-gnome NetworkManager-openvpn'
'dnf install -y emacs keepass libreoffice gedit gimp gnome-terminal firefox \
nano git mc terminus-fonts less unzip dejavu-sans-fonts pinentry-gtk \
qubes-gpg-split qubes-core-agent-networking qubes-usb-proxy pulseaudio-qubes \
gstreamer gstreamer-plugins-base libffi libpng12 libXScrnSaver libsigc++20 \
pangox-compat xclip iputils iproute \
# qubes-core-agent-qrexec qubes-core-agent-systemd polkit notification-daemon qubes-input-proxy-sender'
### AnyConnect VPN - OpenConnect
qvm-run --auto --pass-io --no-gui --user root $worktemplatevm \
'dnf -y install NetworkManager-openconnect network-manager-applet qubes-core-agent-network-manager \
NetworkManager-openconnect-gnome NetworkManager-vpnc-gnome NetworkManager-openvpn-gnome NetworkManager-openvpn'
# Add network-manager to Qubes Settings > Services
qvm-service --enable $WorkAppVM network-manager
qvm-service --enable $WorkAppVM network-manager
awokd
Aug 6, 2019, 6:29:12 PM8/6/19
to qubes...@googlegroups.com
799:
/etc/NetworkManager/system-connections, which is where network
connections usually get saved. You would think the edit you described
would be saved in the same place. Try making it, then doing a sudo grep
-ris vpnhostname inside /etc to see where it is getting saved. You
should then be able to https://www.qubes-os.org/doc/bind-dirs/ it to
have it persist. The connection files are plain text so they might give
a hint where to look too.
You could also maybe put a script command in /rw/config/rc.local to
start openconnect.
> Hello,
>
> For my corporate work I am running a custom build AppVM which is based on a
> fedora-30-minimal package with some additional packages.
> I am using the gnome network manager applet with the openconnect plugin to
> connect to our corporate VPN (Cisco Anyconnect).
> This is working fine, but I would like to have the VPN started as soon as
> the VM boots up.
> Normally this can be done, by right clicking network manager icon, choose
> "Edit Connection" then edit the settings for the Ethernet connection (VM
> uplink eth0), open the "General Tab" and enable "[x] Automatically connect
> to vpn" and choose the VPN connection which I have configured.
>
> Unfortunately this setting will not survive the boot of the AppVM,
> therefore I think the setting is saved somewhere where the AppVM has no
> write possibility and therefore the setting will be forgotten when I
> shutdown the AppVM.
>
> QUESTION:
> How can I make this change permanent or do you another idea how to launch
> the VPN connection upon start of the AppVM?
>
I think /rw/config/NM-system-connections is a bind-dir to
>
> For my corporate work I am running a custom build AppVM which is based on a
> fedora-30-minimal package with some additional packages.
> I am using the gnome network manager applet with the openconnect plugin to
> connect to our corporate VPN (Cisco Anyconnect).
> This is working fine, but I would like to have the VPN started as soon as
> the VM boots up.
> Normally this can be done, by right clicking network manager icon, choose
> "Edit Connection" then edit the settings for the Ethernet connection (VM
> uplink eth0), open the "General Tab" and enable "[x] Automatically connect
> to vpn" and choose the VPN connection which I have configured.
>
> Unfortunately this setting will not survive the boot of the AppVM,
> therefore I think the setting is saved somewhere where the AppVM has no
> write possibility and therefore the setting will be forgotten when I
> shutdown the AppVM.
>
> QUESTION:
> How can I make this change permanent or do you another idea how to launch
> the VPN connection upon start of the AppVM?
>
/etc/NetworkManager/system-connections, which is where network
connections usually get saved. You would think the edit you described
would be saved in the same place. Try making it, then doing a sudo grep
-ris vpnhostname inside /etc to see where it is getting saved. You
should then be able to https://www.qubes-os.org/doc/bind-dirs/ it to
have it persist. The connection files are plain text so they might give
a hint where to look too.
You could also maybe put a script command in /rw/config/rc.local to
start openconnect.
Chris Laprise
Aug 6, 2019, 9:53:37 PM8/6/19
to awokd, qubes...@googlegroups.com
know if they've fixed that issue.
The VPN doc has a section about making NM start the VPN using an
external script (its step 4):
https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
Reply all
Reply to author
Forward
0 new messages