【发布时间】:2018-11-02 08:23:53
【问题描述】:
NordVPN 不提供 linux 的自动设置,仅提供 VPN 配置文件。实现这一点的最佳方法是什么?
(下面是我自己的实现,请随时评论或提出改进建议!)
编辑:当我写这篇文章时,我不知道 NordVPN 最近确实引入了command line tool for linux。
【问题讨论】:
【发布时间】:2018-11-02 08:23:53
【问题描述】:
我编写了一个小脚本,用于下载配置文件、重命名它们并启用自动身份验证。在generate authentification file 部分插入您的 NordVPN 登录凭据。
#!/bin/bash
# run as root!!!
# install openvpn. I'm running arch, this might be different on your system.
pacman -S openvpn
# go to openvpn config folder
cd /etc/openvpn
# download config files, extract and clean up
wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
unzip ovpn.zip
rm ovpn.zip
# rename tcp config files and put them in /etc/openvpn/client
cd ovpn_tcp
for file in *; do mv "${file}" "${file/.nordvpn.com.tcp.ovpn/}tcp.conf"; done
cp * ../client
# rename udp config files and put them in /etc/openvpn/client
cd ../ovpn_udp
for file in *; do mv "${file}" "${file/.nordvpn.com.udp.ovpn/}udp.conf"; done
cp * ../client
# generate authentification file
cd ../client
printf "<your email>\n<your password>" > auth.txt
# make all configs use authentification file
find . -name '*.conf' -exec sed -i -e 's/auth-user-pass/auth-user-pass\ auth.txt/g' {} \;
# clean up
cd ..
rm -r ovpn_tcp/
rm -r ovpn_udp
您现在可以通过例如启动和停止 vpn 连接
systemctl start openvpn-client@de415tcp.service
和
systemctl stop openvpn-client@de415tcp.service
为了自动执行此操作并连接到 NordVPN 推荐的服务器,我编写了两个脚本。使它们可执行并将它们放在您的$PATH 中的某个位置。
如果要选择特定国家/地区,请将国家/地区代码(如 us、de 或 uk)作为命令行参数传递给 start-vpn。它会自动选择tcp 连接。如果需要,您可以将其更改为 udp。
start-vpn
#!/usr/bin/python
import sys
import requests
import os
import time
# you don't necessarily need the following. It's for monitoring via i3blocks.
def notify_i3blocks():
os.system('pkill -RTMIN+12 i3blocks')
def fork_and_continue_notifying_in_background():
newpid = os.fork()
if newpid == 0: # if this is the child process
for i in range(60):
notify_i3blocks()
time.sleep(1)
if __name__ == '__main__':
notify_i3blocks()
# below is what you do need.
suffix = ''
if len(sys.argv) > 1:
countries = requests.get('https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_countries').json()
for country in countries:
if country["code"].lower() == sys.argv[1].lower():
suffix = '&filters={"country_id":' + str(country["id"]) + '}'
result = requests.get('https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations' + suffix)
profile = result.json()[0]['subdomain'] + 'tcp'
command = 'systemctl start openvpn-client@' + profile + '.service'
os.system(command)
# the following is for i3blocks again.
fork_and_continue_notifying_in_background()
stop-vpn
#!/bin/bash
function service {
systemctl |
grep openvpn |
grep running |
head -n1 |
awk '{print $1;}'
}
while [[ $(service) ]]; do
systemctl stop $(service)
done
# notify i3blocks
pkill -RTMIN+12 i3blocks
为方便起见,我的~/.bashrc 中有两个别名:
alias start-vpn='sudo start-vpn'
alias stop-vpn='sudo stop-vpn'
如果您确实想通过 i3blocks 监控它,请将其放入您的 i3blocks 配置中:
[vpn]
interval=once
signal=12
这在您的 i3blocks-scripts-directory 中(名称为 vpn):
#!/bin/bash
function name {
systemctl |
grep openvpn |
grep running |
head -n1 |
awk '{print $1;}' |
cut -d @ -f 2 |
cut -d . -f 1
}
starting=$(pgrep -f start-vpn) # this might not be the most accurate, but it works for me. Improvement suggestions are welcomed.
if [[ $(name) ]]; then
echo $(name)
echo && echo "#00FF00"
else
if [[ ${starting} ]]; then
echo starting vpn...
echo && echo "#FFFF00"
else
echo no vpn
echo && echo "#FF0000"
fi
fi
为了在网络接口启动/关闭时自动启动和停止 vpn,请将以下内容放入 /etc/NetworkManager/dispatcher.d/10-openvpn。要激活该功能,您需要enable 和start NetworkManager-dispatcher.service。更多信息here。
在我的大学,我连接到 eduroam,它不允许使用 vpn。这就是我排除它的原因。
/etc/NetworkManager/dispatcher.d/10-openvpn
#!/bin/bash
case "$2" in
up)
if ! nmcli -t connection | grep eduroam | grep wlp3s0 ; then
start-vpn
fi
;;
down)
stop-vpn
;;
esac
我希望这可以帮助其他想要在 Linux 上使用 NordVPN 的人。同样,请随时发表评论并提出改进建议。 特别是,我不确定将 NordVPN 密码以纯文本形式写入文件会带来多大的安全风险。
【讨论】: