Improve openvpn3 and Python module to support libsecret for providing credentials automatically

[Jiw0cha]

Hello.
If i use many '.ovpn' config files. I set autoload json files: "autostart": false .
This is so that all sessions do not autostar at once.

Then I need to use session-start.
But I have to catch the stdin username/password prompt.

Why is this logic?

Сan solve the problem by making one directory per conf/autoload file. And set "autostart": true .
But all the time using openvpn3-autoload will generate new sessions for one config file.

[dsommers]

OpenVPN 3 (at the Core library level) started separating the configuration to a configuration file (which is supposed to be generic among all hosts and all users) and host/user specific settings (which can be proxy settings, credentials, protocol specific settings). These host specific settings are what you typically find in the .autoload file and is managed as well via openvpn3 config-manage. Together these two pieces form what we call a "configuration profile".

What openvpn3-autoload does is to import the configuration file and add the additional host/user specific settings required to create a connection profile automatically. The openvpn3 session-start does not have any relation to neither the openvpn3-autoload nor the .autoload file. The openvpn3-autoload just imports everything to the OpenVPN 3 Configuration Manager (openvpn3-service-configmgr), where configuration profiles are stored. And then the openvpn3-service-client (the real VPN client process) will retrieve the configuration profile directly from the the Configuration Manager. The openvpn3 session-start command tells the Session Manager to start a new tunnel, but passes only the configuration path to the openvpn3-service-client.

The openvpn3-autoload was written before the Configuration Manager supported persistent configuration files. So setting the autostart attribute to false was just a simple way to circumvent that limitation. It is not really much of a useful feature any more, and I'm planning to remove that before the first stable release.

The openvpn3-autoload feature is also primarily targetted at those wanting to start an OpenVPN session during boot-up or logins. But it is possible to use it as a workaround when wanting to provide credentials non-interactively. This tool will otherwise be expanded to also support persistent configuration files, so you will just reference the configuration path available in openvpn3 configs-list. This is on my todo list.

Currently we do not ship any other tooling to provide credentials automatically. But I'd like to see openvpn3 and the Python module to add support for libsecret as a place to securely store credentials and retrieve them at runtime.