I have two VPNs setup on my Ubuntu machine, one using vpnc and one using PPTP. These were both setup using the GNOME network manager interface and work great. However on occasion I need to access this machine remotely - is there a way to connect or disconnect to these VPNs from the command line?
Asked
Active
Viewed 3e+01k times
200
-
Does the vpnc command detailed here not work for you? Also, there are instructions for configuring and connecting to PPTP here. Do they not work? – Kris Harper Aug 16 '11 at 18:23
2 Answers
311
If you want to interact with NetworkManager from the command line, you can use the "nmcli" command.
- List all NM connections:
nmcli con - Start connection (Wi-Fi, VPN, etc.):
nmcli con up id ConnectionName - Down connection:
nmcli con down id ConnectionName
More nmcli subcommands in the manpage).
Also note that regular users usually don't have permission to control networking. Using the commands above with sudo should work for most connections, but VPN specifically might fail with "Error: Connection activation failed: no valid VPN secrets."
If that happens to you, it's likely that the VPN password is stored in your user's gnome-keyring, which makes it inaccessible to the root user. This comment explains why.
To fix this, edit /etc/NetworkManager/system-connections/ConnectionName and under [vpn], change the password flags line to:
password-flags=0
If there is a line starting with Xauth password-flags, change it instead.
Then add the following below the [vpn] block:
[vpn-secrets]
password=YourPassword
If in the previous step you changed the line Xauth password-flags, add Xauth password=... instead.
Now restart network manager by:
sudo service network-manager restart
Then starting the VPN connection with sudo nmcli con up id ConnectionName should work without problems.
Pablo Bianchi
- 15,657
ihashacks
- 4,086
-
2I wish there was a general disconnect command that would disconnect any VPN without having to specify its id. That would probably make this feature (I want) easier to implement. – Lonnie Best Jul 06 '14 at 23:15
-
If you're using ipsec (e.g. vpnc), you may also need to add "IPSec secret-flags=0" and "IPSec secret=
" in their respective places – Matt Nov 03 '14 at 00:01 -
This still didn't fix me :( I get a message "Error: Connection activation failed: unknown reason." – dano Mar 08 '15 at 05:12
-
I take that back... after the 3rd time I ran the command it worked. 1st time is failed quickly. 2nd time failed slowly. Third time worked! – dano Mar 08 '15 at 05:14
-
Note that
idis a literal. For example, to bring up connectionworkvpnyou would typenmcli con up id workvpn– Rick Mohr Aug 19 '16 at 09:36 -
2
-
@ihashacks solution works for me on Ubuntu 16.04 however I've had to do:
sudo service network-manager restartafter file modification - please add this to your solution as final step
– tomaszkubacki Jan 15 '17 at 21:41 -
-
This works, but after disconnecting, the VPN's DNS entry still is at the top of /etc/resolvd.conf causing DNS resolution hangs. Syslog complains with things like
dns-sd-resolved[0xblah]: Failed: GDBus.Error:org.freedesktop.resolve1.NoSuchLink: Link 24 not known– partofthething Nov 09 '19 at 15:36 -
On the last Ubuntu 22.04 and maybe later, you don't need change anything, you only need add the
--askparameter like this:nmcli con up id VPNNAME --ask– Hpsaturn Apr 13 '23 at 10:47
5
ihashacks's answer with Matt's comments worked for me... almost. Had to tweak one line.
My password-flag line actually read: "Xauth password-flag". The accepted answer wouldn't work for me until I changed to the following
[vpn]
...
Xauth password-flag=0
IPSec secret-flags=0
[vpn-secrets]
Xauth password=<my pw> ## This is the one I changed.
IPSec secret=<group pw>
Not sure why my VPN connections have "Xauth" before every mention of password.
Pablo Bianchi
- 15,657
John
- 577
-
3This is for some types of VPN, for example, the Cisco one; very helpful for these cases! There is a mistake, though: the correct case of one key is
IPSec secret- otherwise, it's not recognized by NM. – Marcus Sep 15 '15 at 18:00