Ed Greshko writes:
On 2020-07-23 10:25, Sam Varshavchik wrote:
vpn.data: auth = SHA512, ca = PEMFILEPATH, cipher = AES-256- CBC, comp-lzv = no-by-default, connection- type = password, dev = tun, mssfix = 1450, password- flags = 1, ping = 15, ping-restart = 0, remote = OP_ADDRESS, remote-cert- tls = server, remote-random = yes, reneg- seconds = 0, ta = /root/.cert/PEMFILE, ta-dir = 1, tunnel-mtu = 1500
vpn.secrets: <hidden>
OK.... You've probably seen my other responses by now. Fragmented as they are.
You have "password-flags = 1"
This means the password is stored in the user's key ring on a per-user basis.
I haven't tried changing this via nmcli. But, will investigate.
Yup, thanks. This is doable. The magic incantation is:
nmcli connection modify "$conn" +vpn.data password-flags=0 \ vpn.user-name "$USERNAME" vpn.secrets password="$PASSWORD"
This needs to be documented somewhere, I would guess in the NetworkManager- openvpn package, which installs absolutely no documentation whatsoever.
nm-settings(5) doesn't really go into what vpn.data and vpn.secrets have. This is bog standard OpenVPN, so it's reasonable to have something scribbled in the NetworkManager-openvpn package, even something that gets tossed next to the README that's already in there.