I’ve set up a vpn using NetworkManager on my system. The method I used was to import an .ovpn configuration file using NetworkManager (the VPN is Private Internet Access - if that makes a difference)
It works flawlessly, I now have a VPN in my connection options, but I noticed that it has added two PEM certificate files under ~/.cert (I’ve checked and they are the correct certificate files associated with the vpn connection).
So my question is hopefully very simple… Apart form the PEM certificates I’ve already spotted, what changes does the settings manager make to my system? I’m asking so that I can fully undo what was done in the case I want to remove the connection.
Moderator edit: Manjaro Settings Manager has nothing to do with networking let alone VPN management. FIFY–for posterity.
Then you’ll have to look at that script
to find out where it writes to, where it puts some files
or simply use that very same script you used to install
to uninstall the program (there is likely a switch to have it do that)
and hope that it indeed cleans up everything it did when it ran in install mode
I got this: https://installers.privateinternetaccess.com/download/pia-linux-3.3.1-06924.run
Nothing in there that can run anything. It’s seemingly the process of ‘add New Connection’ in the settings manager which has made changes, hence it’s that process that I’m enquiring about.
This, as well as the thread title, should in all cases be ‘network-manager’
To the original question:
No changes. It’s a way to quickly add, start and stop a vpn via network-manager at a low threat level environment; you download the ovpn file (basically the address and login data of your vpn provider, the openvpn pkg handles the secure connection, all without adding any provider software.
Disadvantage in comparison to specific provider software:
no protection against dropped vpn connection, not advisable at a high threat level environment
no added hardening features like kill switch, pick fastest server etc
no auto-updating login certificates (eg proton ovpn files expire after about 6 month and you’ll have to dl the new one and setup a new connection in network-manager)
You have installed openvpn and then used the provider specific configuration data that they supply.
This will likely go into ~/.config - but I don’t know
This is similar to the way I used to use another VPN (Mullvad) - except I went to use wireguard instead of OpenVPN.
Download the list of servers (the file that you referenced)
and use the NetworkManager GUI to select the one you want to use.
That’s a little concerning then. As I said in the OP, after clicking on ‘add New Connection (‘+’) > Import VPN connection…’ changes were made.
Two certificates were added to my ~/.cert directory.
I’m not saying this is remotely suspicious, it’s just that changes clearly have been made to my system, I’m just trying to find out if anyone knows what other changes might have been made so that I can undo them if I ever remove the connection.
I get where you’re coming from on this, but actually, one of the things that shocked me was just how easy it was (assuming, of course, I’ve done it right) - just ‘add new connection’ point it to the ovpn, done.
Easier even than installing an AUR package, in fact.
It’s not. When setting up the vpn connection in network-manager you point it to the downloaded ovpn files and it copies them to the .cert folder (where openvpn can access them) in case you later delete the downloads.
Sorry, I should have said ‘no changes apart from that’.
It is indeed easy no matter which way you choose - the dedicated app just makes the process of choosing a server and switching to a different one more transparent.
When you import a VPN connection setting, you point the file chooser to the location of the file that contains the server or the whole list of all severs.
AFAIK you can put that anywhere you like (inside your $HOME) - and you know where you put it, you have to in order to tell NetworkManager what and from where to import.
Delete that list - and nothing will work anymore.
I seem to not be able to understand what you want to know.
You could compare the contents of the /etc/NetworkManager directory or the contents of ~/.config
before and after you made some changes to your configuration - then you’d know.
… or: ask them? or perhaps the above link to the support portal yields some info about that …
No problem, It’s all been answered now. I just wanted to know what else network-manager did to my system on being pointed to an ovpn file (other than copying the PEM certificates - which I noticed it had done). Turns out, the answer is “nothing else”.
I gather (from my limited knowledge) that the settings manager GUI has essentially just run nmcli connection import type openvpn file {servername}.ovpn, so maybe the question should have been “what changes does nmcli make…”, but I wasn’t (and still am not) sure exactly what command the settings manager GUI ran.
Arch Wiki suggests
GUI configuration
In your desktop environment network settings (or nm-connection-editor). Click the plus sign to add a new connection and choose OpenVPN and manually enter the settings. You also can optionally import #The client configuration profile by selecting Import a saved VPN configuration… and selecting the appropriate file.
…which is pretty much exactly what I did, but the link to ‘client configuration profile’ suggests a client.config file in /etc/openvpn/client/ rather than a {servername}.ovpn which is where I got a bit confused.
Then it seems to suggest an alternative is…
CLI configuration
For importing a configuration:
$ nmcli connection import type openvpn file file.ovpn
… hence my assuming that’s the command the GUI ran.
Reason for posting here rather than asking PIA was that it was clearly network-manager doing the work, not the PIA ovpn file which was just plain text settings rather than code.
or perhaps the above link to the support portal yields some info about that …