-
Notifications
You must be signed in to change notification settings - Fork 38
VPN Support
Note: VPN support is currently only available in the master branch on GitHub. It has not yet been packaged into a release
Connman has a separate daemon to manage VPN connections. This daemon will monitor the directory /var/lib/connman-vpn for changes, additions or deletions of provisioning files. At startup and on every file change the daemon will create a standard Connman service from each provisioned VPN file. CMST now has the ability to create and edit these provisioning files and to connect and disconnect the generated services.
Connman also has an internal VPN Manager interface to create connections, but the provisioning file method provides more flexibility and it also appears to be more supported from the Connman end. Because of that the internal VPN Manager interface is not used by CMST.
The VPN provisioning editor is considered an "Advanced" feature, so to access it you must select the "Advanced Controls" checkbox in the Preferences tab. Once checked the button to access the editor will appear at the bottom of the dialog.
Note that /var/lib/connman-vpn is a directory owned by root, so to access it you must have privileges above those of a standard user. CMST has an internal root helper to allow editing in this directory, but to use it you must be a member of the proper group. The groups are "network" which is used in Arch Linux and is the default, and "netdev" in Slackware. Configuration files are provided for both distributions, but if your distribution requires a different group please open an issue on it and we'll add the files.
The VPN provisioning editor is a simple text editor with a menu bar across the top. Each menu item will assist in creating a line in the provisioning file. Selecting an item from the menu will then open up some sort of dialog to prompt for information, and to the greatest extent possible each answer is validated to make sure that it is the right type. We recommend reading the Connman documentation for the layout and meaning of each item in the file if you want to get really into it.
The good news is you probably won't need to do much or anything with most of the menu items. There are some automated features built in which will walk you through most of the steps in provisioning a connection.
The first menu category, Global, helps with editing the Global section of the file. This section is actually optional, but is provided if someone wants to include that section.
The remaining five items, OpenConnect, OpenVPN, VPNC, L2TP, PPTP, are used to provision the respective connection type. The topmost item in each menu, Provider, will start asking for all of the mandatory fields required for each type of connection. You need to know the answers to them, we can't help with that, but once the prompts end all of the mandatory fields will be filled in. If you make a mistake entering data the editor is just that, an editor, so it may be used to correct any input errors. It is likely that you will need to provide one or two additional lines, and the remainder of the menu entries under each heading should help with entering this information.
The OpenVPN menu has one additional entry in the top section, Import Configuration. If you were provided with an OpenVPN .opvn file and you wish to use it then select Import Configurtion. All the keys and certificates contained in the file will be extracted and saved, and the configuration options will also be extracted and saved. The locations of these new files will be entered into the provisioning editor automatically.
With the import there are still questions which will be asked, and you will need to answer, but when it is done you should have a provisioning file that works.