Skip to content

Latest commit

 

History

History
100 lines (87 loc) · 5.68 KB

README.md

File metadata and controls

100 lines (87 loc) · 5.68 KB

autovpn

Description

Monitor a user's Downloads folder for VPN config files and automatically use them to connect to a VPN.

Installation

There is an installation script install.sh provided which should work for Ubuntu (and derivatives), and will hopefully give any other curious folk an idea of the manual steps required. To run the installation script (for the default user) enter the following into a terminal:

curl -s 'https://raw.githubusercontent.com/RobinKnipe/autovpn/master/install.sh' | sudo bash -s

You can check everything worked with sudo systemctl list-dependencies - you should see something like the following example - note the autovpn.service unit is listed as the second item under the default.target (the dot next to it should hopefully be green):

sudo systemctl list-dependencies
default.target
● ├─accounts-daemon.service
● ├─autovpn.service
...

NOTE:

If the install script fails, because it can't locate the user's home directory - or if support for another user (i.e. not the default) is required - the installation script can be run specifying the target home directory as follows:

curl -s 'https://raw.githubusercontent.com/RobinKnipe/autovpn/master/install.sh' | sudo bash -s $HOME

Configuration

When the service starts, it looks for a file ${HOME}/.config/autovpn.properties. This file contains a few options to tailor the script:

Download folder location

By default the monitored folder is: "${HOME}/Downloads". To change it, add the download_dir property, as in the following example:

# look in "/tmp/downloads" instead
download_dir=/tmp/downloads

VPN config filename regex pattern

By default any downloaded VPN file matching the general filename patter *.ovpn (regex: .+\.ovpn) will be connected. To change this add the filename_pattern property, as in the following example:

# only allow autovpn to connect to "my-connection.ovpn" and "some-other.ovpn"
filename_pattern='^(my-connection|some-other).ovpn$'

NOTE: The single quotes (') around the regex in the pattern are important.

Auto close old VPN connections

Before starting a new connection, the service will try to close any existing VPN connection that was started with a configuration file with the same name. Often configuration files are only valid for a limited time, and a timestamp forms part of the filename - in these cases the vpn_name_suffix property can be set to indicate the filename ending, as in the following examples:

# the current date suffix, e.g. my-connection-20190212.ovpn
vpn_name_suffix='-[0-9]{8}.ovpn'
# the current date and time suffix, e.g. my-connection-20190212-1354.ovpn
vpn_name_suffix='-[0-9]{8}-[0-9]{4}.ovpn'

It may also be useful to reuse this suffix as part of the filename_pattern property, as in this example:

# current date, time, and count (for duplicate names), e.g. "con-20190212-1354 (2).ovpn"
vpn_name_suffix='-[0-9]{8}-[0-9]{4}( \([0-9]+\))?\.ovpn'
# matches names starting with "vpn", then dash separated words, ending with above suffix
filename_pattern="^vpn(-\w+)*${vpn_name_suffix}$"

Download files to ignore pattern

By default Chromium's temporary files will be ignored (regex: .*\.crdownload|\.org\.chromium\.Chromium\..*). To change this add the exclude_files property, as in the following example:

# ignore all files with the extension ".part"
exclude_files=".*\.part"

Auto-remove used VPN config files

By default the service will remove the VPN configuration files after it tries to connect, so that the downloads directory does not get unnecessarily cluttered. To disable this behaviour, set the auto_remove option to no or false.

Important note

Simply making changes to the properties file will not take effect until the service restarts - this happens when the OS boots, or can be manualy triggered by running:

sudo systemctl restart autovpn.service

Dependencies

The VPN connections are created using openvpn which must already be installed (openvpn.net).

The inotifywait utility (from the inotify-tools package) is used to watch for new VPN configuration files, and is installed by the install.sh script.

This project has been built as a systemd service unit (autovpn.service), to handle automatic startup and give the necessary privileges to create VPN connections. The autovpn script could be configured to work with other system automation tools, please feel free to extend this project!

Troubleshooting

You can find more information about the unit by running systemctl status autovpn.service in your terminal. The following snippet shows an example of the service running healthily, and the last two lines show two VPNs that were autoatically connected:

sudo systemctl status autovpn.service
● autovpn.service - Automatically connect to VPN after config download
   Loaded: loaded (/etc/systemd/system/autovpn.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2016-11-16 16:22:37 GMT; 1h 27min ago
 Main PID: 28928 (autovpn)
    Tasks: 5
   Memory: 3.3M
      CPU: 287ms
   CGroup: /system.slice/autovpn.service
           ├─28928 /bin/bash /usr/share/autovpn/autovpn
           ├─28930 inotifywait -mqe create --exclude .*\.crdownload|\.org\.chromium\.Chromium\..* /home/robin/Downloads
           ├─31287 openvpn --config /home/robin/Downloads/vpn-hod-platform-dev-20161116-1659.ovpn
           └─31549 openvpn --config /home/robin/Downloads/vpn-gro-lev-prod-20161116-1700.ovpn

The service also logs to the standard system log: /var/log/syslog - so there maybe more information there if you are experiencing problems.