Network manager and split DNS for a VPN?

[Xen]

Tom H schreef op 12-04-2017 17:27:

> root at localhost ~ # cat nm.sh
> #!/bin/sh
> echo "#### using uuid ####"
> nmcli -f IP4 c sh uuid $(nmcli -t -f UUID c sh --active)
> echo
> echo "#### using id ####"
> nmcli -f IP4 c sh id "$(nmcli -t -f NAME c sh --active)"
> 
> root at localhost ~ # ./nm.sh
> #### using uuid ####
> IP4.ADDRESS[1]:                         192.168.0.108/24
> IP4.GATEWAY:                            192.168.0.1
> IP4.DNS[1]:                             8.8.8.8
> IP4.DNS[2]:                             8.8.4.4
> 
> #### using id ####
> IP4.ADDRESS[1]:                         192.168.0.108/24
> IP4.GATEWAY:                            192.168.0.1
> IP4.DNS[1]:                             8.8.8.8
> IP4.DNS[2]:                             8.8.4.4

Yah, maybe it's just me, but I still don't consider NetworkManager to be 
the "trusted party" to go to for information.

There is probably a shorter command than the above that does the same, I 
once used it. And I had forgotten since how to do it. NM is to me just 
not a "central" thing to remember and based yourself on.

That's probably just me (right? ;-)) but the above is pretty convoluted 
as a form of "standard" way to find some information.

I understand that NM manages DNSmasq and therefore knows this 
information and is the frontend that dnsmasq itself lacks.

nmcli itself has a syntax I find impossible to remember.

I once suggested they turn nmcli into a graphical tool and then perfect 
the interface of the graphical tool and then use that to inform any 
changes to nmcli, in the sense of having a secondary thing to work on 
that doesn't have to "be" anything yet.

Turns out they already had one. Or were thinking of one. The 
NetworkManager people are really quite responsive and helpful and they 
are one of the few teams I have ever seen that conduct surveys as to 
their popularity and user-friendliness in that sense.

I just think that whatever was introduced should have stayed closer to 
the old paradigmn and build on that instead of replacing it as it does 
now. One of the biggest examples if you give an IP to a managed 
connection using standard command line tools, within a few seconds NM 
will reset the interface again and take the IP off of it.

Which is just hugely frustrating but just goes to show what the 
relationship is between the two systems.

I will always keep seeing NetworkManager as an invader and I really turn 
it off if I don't need the roaming support or the VPN desktop icon lock 
ability support, and stuff like that. I only use it for the widget in 
your desktop environment of choice.

You can import VPN configuration or make it the same but then it becomes 
impossible for instance to have a non-encrypted connection because NM 
didn't support it (yet) which leaves you fiddling with some wrapper 
around a binary to change the actual parameters given to openvpn etc.

The wealth of configuration available in standard openvpn.conf files ... 
I just don't think a good "inbetween" was found but that's just me, 
right ;-).

Well, sorry for complaining here I guess.

I don't like these old pleasant systems being replaced by something new 
and more powerful but lacking in so many ways that it isn't even funny. 
And then wereas before you could script around stuff or change things 
easily now it becomes a matter of waiting for the next pre-compiled 
binary arrives that maybe will have fixed something.

It becomes just the same as any commercial system over which you have no 
control from my point of view.

Forever dependent on upstream fixes...

And the system just doesn't respect your choices. Well anyway.