View previous topic :: View next topic |
Author |
Message |
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3948
|
Posted: Mon May 02, 2022 10:30 pm Post subject: Simple VPN selector script for openvpn |
|
|
Hi guys,
I recently wrote a very simple script to let me choose between many vpn connections.
I create a container directory for my .ovpn files and inside it a "dns" directory.
I place or extract various .ovpn files from different vpn providers in the above container and inside the "dns" directory i create dns provider files like google,opendns, 1111 dns etc.
Each file should contain lines in the format
nameserver <ip>
The script will
0.Back up your original resolv.conf and stop "named" if running.
1.Check for open running browsers and if found it will advice you to close them.
2.Let you choose your preferred DNS server and modify resolv.conf accordingly.
3.Let you choose from the list of all your VPN connections contained in the created directory.
4.Initiate the connection.
5.It can be stopped by either "ctrl+c" in the original terminal or by "myvpn stop" from another terminal window.
6.@stopping it will restore resolv.conf and start "named" if available
Here it is "myvpn"
Code: |
#!/bin/bash
[ ! -f /etc/resolv.conf.bak ] && cp -p /etc/resolv.conf /etc/resolv.conf.bak
myOPT=$1
myDIR="<path/to/vpn-conn-dir>"
cd $myDIR
index=0
for i in $(ls $myDIR | egrep -v "dns|login")
do vpn_list[$index]=$i
let index=index+1
done
index=0
for i in $(ls $myDIR/dns)
do dns_list[$index]=`basename $i`
let index=index+1
done
browsercheck () {
while true
do
if ps -ef | egrep "firefox|chrome|brave" | grep -v "firefox|chrome|brave" > /dev/null
then echo "PLEASE CLOSE ALL OPEN BROWSERS AND THEN PRESS ANY KEY";read myKEY
else return 0
fi
done
} ###Closing browsercheck
stopvpn () {
clear
browsercheck
cp -p /etc/resolv.conf.bak /etc/resolv.conf
killall openvpn 2> /dev/null
rc-service named start
} ###Closing stopvpn
dns () {
clear
echo "Available DNS Servers:"
for ((index=0; index<${#dns_list[@]}; ++index)); do
echo "$index) ${dns_list[$index]}"
done
echo "PLEASE CHOOSE THE CORRESPONDING INDEX NUMBER OF YOUR DESIRED DNS SERVER";read number
[ -z ${number} ] && dns
re='^[0-9]+$'
if ! [[ $number =~ $re ]];then dns;fi
myDNS=${dns_list[$number]}
[ -z $myDNS ] && dns
sed -i '/nameserver/d' /etc/resolv.conf
while read -r line; do echo $line >> /etc/resolv.conf; done < dns/$myDNS
} ###CLOSING dns
select_vpn () {
clear
echo "Available VPN Connections:"
for ((index=0; index<${#vpn_list[@]}; ++index)); do
echo "$index) ${vpn_list[$index]}"
done
echo "PLEASE CHOOSE THE CORRESPONDING INDEX NUMBER OF YOUR DESIRED VPN CONNECTION";read number
[ -z ${number} ] && select_vpn
re='^[0-9]+$'
if ! [[ $number =~ $re ]];then select_vpn;fi
myVPN=${vpn_list[$number]}
[ -z $myVPN ] && select_vpn
export myVPN
} ###closing select_vpn
startvpn () {
browsercheck
echo "CONNECTING TO $myVPN"
rc-service named stop
cd $myDIR
trap stopvpn SIGINT
echo "TO STOP THE VPN SERVICE REMEMBER TO PRESS "CTRL+c".PLEASE PRESS ANY KEY TO CONFIRM CONNECTION";read mykey
openvpn --config ${myVPN}
} ###Closing start vpn
case $myOPT in
start)
dns
select_vpn
startvpn
;;
stop)
stopvpn
;;
*)
clear
echo "USE: myvpn start/stop" && exit 1
;;
esac
|
I also create a file named "login-<provider>.conf"--or multiple of them--containing the user/password for the vpn servers.
I modify the "auth-user-pass" clause of the .ovpn files accordingly.
If you do not use bind then plz comment out the "rc-service named" lines.
Note:I do NOT use the openvpn up|down scripts because I handle dns by myself.
So if your .ovpn contains up|down clauses plz comment them out.
_________________
Last edited by alamahant on Wed May 04, 2022 8:21 pm; edited 1 time in total |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 23030
|
Posted: Tue May 03, 2022 1:38 am Post subject: Re: Simple VPN selector script for openvpn |
|
|
Missing set -eu as the first step of the script. alamahant wrote: | Code: | [ ! -f /etc/resolv.conf.bak ] && cp -p /etc/resolv.conf /etc/resolv.conf.bak |
| This can be done more simply with cp --preserve --no-clobber to let cp detect the destination and refuse to replace it. alamahant wrote: | Code: | myDIR="<path/to/vpn-conn-dir>"
cd $myDIR |
| As a safety measure, quote usage of myDIR in case the user replaces the assignment with something unusual. alamahant wrote: | Code: | index=1
for i in $(ls $myDIR | egrep -v "dns|login") |
| Using ls like this is always wrong. Consider an expression based on find instead. What if you wanted a VPN provider named secure-dns.ovpn? alamahant wrote: | Code: | do vpn_list[$index]=$i |
| If you declare vpn_list as an array, you could add members using vpn_list+=( "$i" ), which would remove the need to maintain an explicit index. alamahant wrote: | Code: | for i in $(ls $myDIR/dns)
do dns_list[$index]=`basename $i` |
| The right find expression could print just the basename, avoiding the need to strip it later. alamahant wrote: | Code: | while true
do
if ps -ef | egrep "firefox|chrome|brave" | grep -v "firefox|chrome|brave" > /dev/null |
| You could simplify this by moving the if test to be the while condition.
Finding browsers this way seems very fragile. What if someone had open vim firefox.sh? alamahant wrote: | Code: | killall openvpn 2> /dev/null |
| Why suppress stderr here? If killall can fail to find a target program, it would be safer to ask killall not to report that, and to otherwise let it report other errors. alamahant wrote: | Code: | dns () {
[ -z ${number} ] && dns
|
| Calling this function from inside itself seems unwise. It would be better to use a loop that can continue on error and break on success. alamahant wrote: | Code: | sed -i '/nameserver/d' /etc/resolv.conf
while read -r line; do echo $line >> /etc/resolv.conf; done < dns/$myDNS |
| Non-atomic updates like this are almost always a bad idea. Consider instead composing a fixed version of the file, then atomically replacing /etc/resolv.conf once with the rewritten version. |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3948
|
Posted: Tue May 03, 2022 8:17 am Post subject: |
|
|
Hu
Thanks a lot for the care and for taking the time to point out all these issues.
Thanks. _________________
|
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 23030
|
Posted: Tue May 03, 2022 3:35 pm Post subject: Re: Simple VPN selector script for openvpn |
|
|
Hu wrote: | alamahant wrote: | Code: | sed -i '/nameserver/d' /etc/resolv.conf
while read -r line; do echo $line >> /etc/resolv.conf; done < dns/$myDNS |
| Non-atomic updates like this are almost always a bad idea. Consider instead composing a fixed version of the file, then atomically replacing /etc/resolv.conf once with the rewritten version. | One way to implement this with pure sed would be to use r to load the target file at the end. As a demo with a dummy file: Code: | $ printf '%s\n' '# My comment' 'nameserver 1.2.3.4' '# end comment' > resolv.conf
$ sed -i -e '/^nameserver /d' -e '$ r /etc/issue' resolv.conf
$ cat resolv.conf | Replace /etc/issue with dns/$myDNS when satisfied. Mind the quoting, since you want $myDNS to be expanded by the shell. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|