Auto-connect VPN in Kali Linux?

Question

I currently have a working VPN on my Kali Linux box however I feel uncomfortable with the fact that sometimes I forget to manually connect it in the network manager.

After digging around everywhere in the gnome-control-center network I can't seem to find anyway to initiate the VPN connection automatically.

Is there something I am missing or perhaps an alternative for a network manager GUI? If not, how could I add the terminal commands to execute during the boot process?

Answer 1

Does your system have a /etc/NetworkManager/system-connections directory populated with connection profiles?

I've a kali-rolling build which is very much like setting up as described in an Ubuntu related answer I posted about configuring such things for a particular interface. The TLDR version is as follows...

/etc/NetworkManager/system-connections/WiFI_AP

[connection]
id=WiFI_AP
uuid=aaaa-0000-aaaa-0000
type=wifi
autoconnect=true
autoconnect-priority=9000
permissions=
secondaries=deadbeef-d3ad-b33f-dead-be33e3f;
autoconnect-slaves=1
vpn.timeout=120
# ... more connection config blocks...

/etc/NetworkManager/system-connections/VPN_Client

[connection]
id=VPN_Client
uuid=deadbeef-d3ad-b33f-dead-be33e3f
type=vpn
permissions=
secondaries=
# ... more connection config blocks...

Note if you're roaming about then ya may instead want just the following...

/etc/NetworkManager/system-connections/VPN_Client

[connection]
id=VPN_Client
uuid=deadbeef-d3ad-b33f-dead-be33e3f
type=vpn
permissions=
secondaries=
autoconnect=true
autoconnect-priority=8999
# ... more connection config blocks...

... but for me that caused things to barf so use at your own risk.

The secondaries=deadbeef-d3ad-b33f-dead-be33e3f; line within WiFI_AP is a space separated list of uuids of slave connections that should also be hooked the WiFi_AP network, in this case the uuid from the VPN_Client config; side note, these lists (from what I've gathered) must end with a semicolon ;

The autoconnect-slaves=1 line within WiFI_AP is what enables this fancy hooking of one network with another. And the vpn.timeout=120 line may need a longer wait time if you've got VPN certs within an encrypted home directory.

Related manuals maybe found via man NetworkManager, man NetworkManager.conf, and man nm-settings.

Personally I found rebooting to be safer than things like systemctl reload NetworkManager when testing various combos of connection profile modifications.