On Wed, 2017-05-31 at 07:45 -0500, Greg Oliver wrote:
> I have emailed a couple times about backing up connections since I
> have close to 100 VPNs I would like to restore when I upgrade my OS.
> The dconf/gconf methods from the past are no longer valid.
>
> I am willing to put in the work (since it is an obvious pain to do 2x
> a year when I upgrade) to write (I know python, perl and all shells)
> scripts to backup/restore connections. I see there are python
> bindings, but there are also a lot of unknowns (user or system
> connections, etc..).
>
> Is this something that would gain traction, or is it always going to
> be a moving target? I assume python bindings would not change (much
> like the kernel ABIs), but I obviously do not know.
>
> In the past I have used dconf, but the connections are no longer
> stored there, so you see my dilemma.
>
> If this sounds like something the network manager devs are interested
> in, let me know - otherwise I will figure out how to roll my own. It
> is an unusual use case I know, but I work with our clients through
> VPN connections all day every day, so it would save me quite a bit of
> time to be able to carry them over from upgrade to upgrade, etc..
>
> If this does not seem like something important, I will just do
> something local. TIA!
>
Hi Greg,
User-connections no longer exist since 0.9.0 from 2011.
All connections are persisted by one of the settings plugins (plugins
in `man NetworkManager.conf`).
- for the keyfile plugin, you can simply backup
/etc/NetworkManager/system-connections.
- the ifcfg-rh plugin is used on Fedora and RHEL by default. In that
case, you need to backup ifcfg-* files in
/etc/sysconfig/network-scripts/ (possibly also
route-*, route6-*, rule-*, rule6-*, keys-*).
Other setting plugins hardly matter as they don't support writing
connections, they are mostly read-only, like /etc/network/interfaces on
Debian (ifupdown plugin).
ifcfg-rh cannot handle VPN connection. Basically, keyfile is always
enabled, and used if no other settings plugin can handle the type (like
VPN).
Backup and restore of files has problems:
- requires root permissions.
- if the connection references certificate files, those files are
missing. Same, if the connection references PKCS#11 URIs for
certificates.
Eventually, nmcli should support exporting connection in keyfile
format. For example: https://bugzilla.gnome.org/show_bug.cgi?id=744702
Basically, it should be able to edit files directly without the server,
in off-line mode https://bugzilla.redhat.com/show_bug.cgi?id=1361145
Also related: https://bugzilla.gnome.org/show_bug.cgi?id=772414
best,
Thomas