Julien Lepiller <jul...@lepiller.eu> writes: > We already have an openvpn-client-service-type and an > openvpn-server-service-type. It's not linked to network manager > though, I have no idea what it expects there. What do you need > exactly?
It seems to me that gnu/services/vpn.scm defines openvpn-server-service-type that triggers the generation of a shepherd service. At the office we use 3 different VPNs that we activate on demand (test, acceptance and production). If we follow the vpn.scm way, it seems that this would require 3 shepherd services but I guess it's not possible to instantiate the openvpn-client-service-type more than once. This seems to be a dead end to me. Instead of using an openvpn client daemon, I'm using a network manager connection for each VPN configuration I need. Then I can ask network manager to activate the VPN I want, when I want it. Network manager is responsible for calling the openvpn client binary. Below is a typical nmconnection file for an openvpn client. Many fields are similar to openvpn-client-configuration fields. [connection] id=some-name uuid=a401d9bb-ab82-a84f-731a-0ed18ebc48af type=vpn autoconnect=false permissions= [vpn] ca=/etc/openvpn/client/some-name-ca.crt cert=/etc/openvpn/client/some-name.crt cert-pass-flags=0 cipher=BF-CBC comp-lzo=adaptive connection-type=password-tls dev=tun key=/etc/openvpn/client/some-name.key ns-cert-type=server password-flags=0 remote=some-ip:port username=some-username service-type=org.freedesktop.NetworkManager.openvpn [vpn-secrets] password=some-password [ipv4] dns-search= method=auto never-default=true [ipv6] addr-gen-mode=stable-privacy dns-search= ip6-privacy=0 method=auto never-default=true -- Damien Cassou "Success is the ability to go from one failure to another without losing enthusiasm." --Winston Churchill
