I have blogged about ensuring you connect to a VPN when connecting to certain wi-fi networks. I have used this technique to ensure that I stay connected to my ProtonVPN when browsing the internet. This is an easy step towards online privacy. Recently I have changed my setup for something even more reliable. This will even protect me against IPv6 leaks.
The method that I was using relied on GNOME’s network manager to connect to my OpenVPN profile whenever I tried to connect to a certain wi-fi network. Once I set up my home wi-fi in my desktop computer, I was all set. However, this had some minor drawbacks:
- I had to connect manually to the wi-fi after booting. This was due because the password for my ProtonVPN was in GNOME’s keyring. The keyring was not initialized when my system tried to connect to the wi-fi on boot.
- Sometimes connection would take a long time waiting for the VPN.
- I had the risk of an IPv6 leak. Fortunately my ISP will not provide me with an IPv6 address, so I have not been vulnerable to this. Of course, this could change without a warning.
These are minor annoyances that pushed me to research for a better way to stay connected to my VPN without some/all of those issues.
My final set up involves the ProtonVPN CLI program for Linux, and some systemd scripts.
1. ProtonVPN CLI setup
First I installed the ProtonVPN CLI using the official documentation. The documentation also includes instructions on how to set up the CLI. This is very well detailed there so I will not go into details. Just a reminder, when providing your username and password you should NOT use the credentials to log-in to the ProtonVPN.com site. Instead, look in the Account section in your profile and you’ll find the username and password for OpenVPN use.
Once I installed everything correctly I could to type:
This produced the following output:
Connecting to ES#6 via UDP…
To ensure that the connection didn’t drop immediately after connecting, I typed:
2. Systemd setup
I did not want to be able to connect from the command line, I wanted to make sure I was connected to
the VPN during my computer’s start up sequence. For that I turned to
I created three scripts that I copied from various sources with the following paths and contents. You can download these scripts below.
Connect to the VPN when booting up the computer
Disconnect from the VPN when suspending
If the computer enters suspension, for instance when you close the lid of your laptop. I wanted
to disconnect from the VPN.
Re-Connect to the VPN when waking up the computer
After waking up from suspension, I wanted to connect back to the VPN.
Enable the systemd services
Before enabling the scripts make sure to change
[YOUR-USERNAME-HERE] with your username. Also make
/usr/local/bin/protonvpn is where ProtonVPN is installed. You can do so with
Once you have checked that execute these commands to tell systemd to use the scripts:
3. Reconnect every hour
The systemd scripts will connect to the fastest ProtonVPN server at the time of connection. That may vary during the day. Since I do not want to get stuck in a server that has become slow, only because it was fast when I first connected to it I decided to disconnect and re-connect every hour. For that I created a root cron job.
Then add this in a new line:
Add a visual queue in GNOME
Since I want to know that I am connected by looking at my GNOME bar I installed this GNOME extension. It worked without issue for me.
I found the systemd scripts in: