Connect to ProtonVPN when computer boots

I have blogged about ensuring you connect to a VPN when connecting to certain wi-fi networks. I have used this technique to ensure that I stay connected to my ProtonVPN when browsing the internet. This is an easy step towards online privacy. Recently I have changed my setup for something even more reliable. This will even protect me against IPv6 leaks.

The method that I was using relied on GNOME’s network manager to connect to my OpenVPN profile whenever I tried to connect to a certain wi-fi network. Once I set up my home wi-fi in my desktop computer, I was all set. However, this had some minor drawbacks:

  1. I had to connect manually to the wi-fi after booting. This was due because the password for my ProtonVPN was in GNOME’s keyring. The keyring was not initialized when my system tried to connect to the wi-fi on boot.
  2. Sometimes connection would take a long time waiting for the VPN.
  3. I had the risk of an IPv6 leak. Fortunately my ISP will not provide me with an IPv6 address, so I have not been vulnerable to this. Of course, this could change without a warning.

These are minor annoyances that pushed me to research for a better way to stay connected to my VPN without some/all of those issues.

My final set up involves the ProtonVPN CLI program for Linux, and some systemd scripts.

1. ProtonVPN CLI setup

First I installed the ProtonVPN CLI using the official documentation. The documentation also includes instructions on how to set up the CLI. This is very well detailed there so I will not go into details. Just a reminder, when providing your username and password you should NOT use the credentials to log-in to the ProtonVPN.com site. Instead, look in the Account section in your profile and you’ll find the username and password for OpenVPN use.

Once I installed everything correctly I could to type:

1
sudo protonvpn connect --fastest -p UDP

This produced the following output:

Connecting to ES#6 via UDP…

Connected!

To ensure that the connection didn’t drop immediately after connecting, I typed:

1
sudo protonvp status

2. Systemd setup

I did not want to be able to connect from the command line, I wanted to make sure I was connected to the VPN during my computer’s start up sequence. For that I turned to systemd.

I created three scripts that I copied from various sources with the following paths and contents. You can download these scripts below.

Connect to the VPN when booting up the computer

In /etc/systemd/system/protonvpn-autoconnect.service:

1
2
3
4
5
6
7
8
9
10
11
12
13
[Unit]
Description=ProtonVPN-CLI auto-connect
Wants=network-online.target

[Service]
Type=forking
ExecStart=/usr/local/bin/protonvpn connect -f
Environment=PVPN_WAIT=300
Environment=PVPN_DEBUG=1
Environment=SUDO_USER=[YOUR-USERNAME-HERE]

[Install]
WantedBy=multi-user.target

Disconnect from the VPN when suspending

If the computer enters suspension, for instance when you close the lid of your laptop. I wanted to disconnect from the VPN. In /etc/systemd/system/protonvpn-disconnect.service:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[Unit]
Description=ProtonVPN-CLI disconnect before sleep
Before=suspend.target
Before=hibernate.target
Before=hybrid-sleep.target

[Service]
Type=forking
Environment=PVPN_WAIT=300
Environment=PVPN_DEBUG=1
Environment=SUDO_USER=[YOUR-USERNAME-HERE]
ExecStart=/usr/local/bin/protonvpn disconnect


[Install]
WantedBy=suspend.target
WantedBy=hibernate.target
WantedBy=hybrid-sleep.target

Re-Connect to the VPN when waking up the computer

After waking up from suspension, I wanted to connect back to the VPN. In /etc/systemd/system/protonvpn-reconnect.service:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[Unit]
Description=ProtonVPN-CLI reconnect after sleep
Requires=network-online.target
After=suspend.target
After=hibernate.target
After=hybrid-sleep.target

[Service]
Type=forking
Environment=PVPN_WAIT=300
Environment=PVPN_DEBUG=1
Environment=SUDO_USER=[YOUR-USERNAME-HERE]
ExecStart=/usr/local/bin/protonvpn c -f


[Install]
WantedBy=suspend.target
WantedBy=hibernate.target
WantedBy=hybrid-sleep.target

Enable the systemd services

Before enabling the scripts make sure to change [YOUR-USERNAME-HERE] with your username. Also make sure that /usr/local/bin/protonvpn is where ProtonVPN is installed. You can do so with which protonvpn.

Once you have checked that execute these commands to tell systemd to use the scripts:

1
2
3
4
sudo systemctl daemon-reload
sudo systemctl enable protonvpn-autoconnect.service
sudo systemctl enable protonvpn-disconnect.service
sudo systemctl enable protonvpn-reconnect.service

3. Reconnect every hour

The systemd scripts will connect to the fastest ProtonVPN server at the time of connection. That may vary during the day. Since I do not want to get stuck in a server that has become slow, only because it was fast when I first connected to it I decided to disconnect and re-connect every hour. For that I created a root cron job.

1
sudo crontab -e

Then add this in a new line:

1
@hourly /usr/local/bin/protonvpn disconnect && /usr/local/bin/protonvpn connect -f

Add a visual queue in GNOME

Since I want to know that I am connected by looking at my GNOME bar I installed this GNOME extension. It worked without issue for me.

Sources

I found the systemd scripts in:

Photo by Misha Feshchak on Unsplash

👋 Subscribe!

If you like this content, you might consider subscribing to this site's RSS feed. This is the best way to stay up to date with new content on the site. If you don't know how to subscribe, you can check this tutorial.

Comments