Using NetworkManager OpenVPN connections as dependencies in systemd?

asked 2017-07-22

Is that even possible?

I can't see any systemd unit that might represent the OpenVPN connection I have configured in NetworkManager through the Gnome network settings.

I enjoy being able to use the Gnome shell to enable and disable my VPN but it doesn't seem to be linked to the openvpn-client@.service unit.

I often mount NFS over OpenVPN. Reason I'm asking is because I thought I'd be able to replace autofs by making the OpenVPN unit a Requisite in an automount unit. But if I can't do that then the automount unit will timeout everytime I try to access the Where directory without being connected to my VPN.

Today I use autofs for this and I only recently learned of systemd.mount.

answered 2017-07-22

I do not think OpenVPN by itself cares much about how it is invoked, so yes it is possible to launch it also by means other than a systemd service. When NetworkManager manages the OpenVPN client, I think it just launches it directly like it would also launch a DHCP client. I would expect you to see the OpenVPN client processes under the NetworkManager service if you run systemctl status NetworkManager.service while the VPN is active.

On way to delay NFS activation might be to set up a helper service whose startup involves just waiting until the NFS service becomes reachable. The NFS mount could be then sequenced after that service. I am not sure if this is the best way to solve this, though, and usually in my own setups I would really prefer avoiding NFS use over any complicated network setup.

I am using the systemd units of OpenVPN directly in a couple of places. There the downside of course is that NM is not fully able to manage them, but the network setup in my case is static enough that this is not a problem.

Indeed the openvpn command appears in the NetworkManager.service status. So it's part of the CGroup but not usable as a dependency by other service units. I think your idea of setting up a helper service unit to detect if the VPN is active is my best choice at the moment.

