VPN: import OpenVPN and WireGuard configurations using NetworkManager 'nmcli'

Luksus

I encountered a new method for creating VPN connections, at least "new" for me, and I thought I share it here, since it seems to be very easy to be successful.

Using the commandline interface nmcli for NetworkManager, It is possible to import configuration files for OpenVPN and WireGuard (that are the ones I tested).
So if you have a *.ovpn or wireguard *.conf configuration file, simply open the terminal and type:

OpenVPN:

sudo nmcli connection import type openvpn file /path/to/your/file.ovpn
Now you also should have access to this connection in the settings app and there you can add maybe required username and password, if needed.

WireGuard

For WireGuard you should rename your config-file to wg0.conf, otherwise nmcli is complaining about wrong interface name.
sudo nmcli connection import type wireguard file /path/to/your/wg0.conf
The Wireguard connection does not appear in the settings app.
The newly created interface is getting activated immediately and also at reboots. For de-/activating it, you also need to use terminal-commands:

Bring it up: nmcli c up wg0
Shut it down: nmcli c down wg0

nmcli general

The configurations are stored at /etc/NetworkManager/system-connections.

watch a configuration file using sudo, for example: sudo cat /etc/NetworkManager/system-connections/wg0.nmconnection.
view all connections: nmcli c
Active connections are at the top and colored
Enable/Disable autoconnect: sudo nmcli c modify wg0 autoconnect no (or yes for enabling it again)

So, for me that method was a lot easier to setup my VPNs, than using the system-settings app only, i.e. for OpenVPN with 3 different certificates plus private key and tls options... and of course for setting up wireguard at all.
I could imagine, since wireguard works with nmcli, it even should be possible (with moderate development-input) to make the settings-app also recognize the wireguard-connections, to display and toggle them using the UI.

domubpkm

@Luksus Hello. Do you confirm that your method works using cellular data with a focal smartphone ? (with system parameters, proton vpn config works only using wifi). Regards.

Luksus

@domubpkm Yes, it does work for me on cellular. But I have only connections to my homeserver, not any public one like protonVPN.

danfro

Quite an interesting combination gives this terminal command vpn setup and the option described recently here to add commands to drawer icons. I assume (haven't tested yet), that we could turn vpn on and off with this.

Luksus

@danfro since the system itself can already "hold" the wireguard connections, the better way would be, to modify the settings app and network indicator, to just display the wireguard connection-type, and make it at least switchable.

But I did not have the time to look into it.

danfro

@Luksus I agree. Adding it to system settings is the preferred solution. I thought more of a temporary solution until that hopefully happens.

kimo

@Luksus @danfro
I tried it and it worked. This is great. I hope it is integrated into the VPN settings. It is simple and makes things much easier. This is a request. I hope you will consider it. Thank you.