So getting a VPN configured and connected is pretty easy.
But I have a customer that would like their Linux Laptop to connect back to their office when it detects that it is away from the office.
The tricky part is that they use both the wireless and LAN (not both at the same time) when in the office, so I can’t just mess with the start script of one interface.
My dream system is one that detects if either the LAN or WiFi goes live, waits a reasonable stabalisation period, say 5 seconds, then checks if the address is on a particular range, and if not then triggers a VPN connection. If the interface fails to get an address from DHCP then it would be great if that was treated as a fail-condition and the VPN didn’t try and start (no address, why bother trying?)
Now I assume that this is not that unusual a scenario, so either it’s a feature/setting that I’ve missed, or there is a daemon to help manage this.
Does anyone have any suggestions? Is there a package to help with this, or is there built in functionality that I am just missing?
I am not trying to run OpenVPN (I am specifically using Network Manager L2TP) so I am not triggering a service. In theory, if I can use UDEV attributes to test for an IP address the rule would be something like
If you use NetworkManager, why not use the NM dispatcher capabilities? It is intended exactly for this.
These Scripts will run every time a connections state changes, with some if-logic you can only start or stop your VPN if there is a specific IP or a connection is about to be stopped. Check out the examples in the Arch Wiki, and all actions and environment variables in the man page.
#!/bin/sh
interface=$1 status=$2
if [ "$IP4_GATEWAY" != "office router IP" ]; then
case $status in
up)
nmcli c up vpnname
;;
pre-down)
nmcli c down vpnname
;;
esac
fi
That is epic. Thank you so much for putting me on to this, it’s made it exactly as easy as I had hoped.
EDIT: I changed down to pre-down… Make sense to kill the vpn before the link shuts down.