This Question has been asked before, but it was never answered, so here is my take on it:
I am running a headless machine in my local network and I need to manage VPN connections to the internet while logged in via ssh from inside the local network.
Managing connection on the machine directly (test phase with monitor and keyboard attached) works fine.
Managing connections on the machine when logged in via ssh as the same user using the same command throws a permission error.
So when trying to deconnect an active VPN connection when logged in directly, everything works fine. When trying to deconnect the connection when logged in remotely (via ssh), both machines being on the same local network (IP-Addresses 192.168.4.10 and 192.168.4.20), I get a permission related error:
nmcli c down myVPNcon
thus leads to Connection 'myVPNcon' deactivation failed: Not authorized to deactivate connections
I guess this is not a bug but a security feature. What do I have to change or modify so I can get remote connections management to work?
sudo
works, but since I don't need to sudo the command when logged in directly, I was hoping that there was a way to also do it remotely without using sudo.openconnect
module directly (nmclient doesn't support an option I need) and it's sudo time. I suspect the nmclient just pass the bucket to some root-level daemon. Remember that the VPN will apply to all users of the system, so its really a global thing and must be done by root.