I have blogged about ensuring you connect to a VPN when connecting to certain wi-fi networks. I have used this technique to ensure that I stay connected to my ProtonVPN when browsing the internet. This is an easy step towards online privacy. Recently I have changed my setup for something even more reliable. This will even protect me against IPv6 leaks.
The method that I was using relied on GNOME’s network manager to connect to my OpenVPN profile whenever I tried to connect to a certain wi-fi network. Once I set up my home wi-fi in my desktop computer, I was all set. However, this had some minor drawbacks:
- I had to connect manually to the wi-fi after booting. This was due because the password for my ProtonVPN was in GNOME’s keyring. The keyring was not initialized when my system tried to connect to the wi-fi on boot.
- Sometimes connection would take a long time waiting for the VPN.
- I had the risk of an IPv6 leak. Fortunately my ISP will not provide me with an IPv6 address, so I have not been vulnerable to this. Of course, this could change without a warning.
These are minor annoyances that pushed me to research for a better way to stay connected to my VPN without some/all of those issues.
My final set up involves the ProtonVPN CLI program for Linux, and some systemd scripts.
1. ProtonVPN CLI setup
First I installed the ProtonVPN CLI using the official documentation. The documentation also includes instructions on how to set up the CLI. This is very well detailed there so I will not go into details. Just a reminder, when providing your username and password you should NOT use the credentials to log-in to the ProtonVPN.com site. Instead, look in the Account section in your profile and you’ll find the username and password for OpenVPN use.
Once I installed everything correctly I could to type:
1 | |
This produced the following output:
Connecting to ES#6 via UDP…
Connected!
To ensure that the connection didn’t drop immediately after connecting, I typed:
1 | |
2. Systemd setup
I did not want to be able to connect from the command line, I wanted to make sure I was connected to
the VPN during my computer’s start up sequence. For that I turned to systemd.
I created three scripts that I copied from various sources with the following paths and contents. You can download these scripts below.
Connect to the VPN when booting up the computer
In /etc/systemd/system/protonvpn-autoconnect.service:
1 | |
Disconnect from the VPN when suspending
If the computer enters suspension, for instance when you close the lid of your laptop. I wanted
to disconnect from the VPN.
In /etc/systemd/system/protonvpn-disconnect.service:
1 | |
Re-Connect to the VPN when waking up the computer
After waking up from suspension, I wanted to connect back to the VPN.
In /etc/systemd/system/protonvpn-reconnect.service:
1 | |
Enable the systemd services
Before enabling the scripts make sure to change [YOUR-USERNAME-HERE] with your username. Also make
sure that /usr/local/bin/protonvpn is where ProtonVPN is installed. You can do so with
which protonvpn.
Once you have checked that execute these commands to tell systemd to use the scripts:
1 | |
3. Reconnect every hour
The systemd scripts will connect to the fastest ProtonVPN server at the time of connection. That may vary during the day. Since I do not want to get stuck in a server that has become slow, only because it was fast when I first connected to it I decided to disconnect and re-connect every hour. For that I created a root cron job.
1 | |
Then add this in a new line:
1 | |
Add a visual queue in GNOME
Since I want to know that I am connected by looking at my GNOME bar I installed this GNOME extension. It worked without issue for me.
Sources
I found the systemd scripts in:
Photo by Misha Feshchak on Unsplash