Monitor a user's Downloads
folder for VPN config files and automatically use them to connect to a VPN.
There is an installation script install.sh
provided which should work for Ubuntu (and derivatives), and will hopefully give any other curious folk an idea of the manual steps required.
To run the installation script (for the default user) enter the following into a terminal:
curl -s 'https://raw.githubusercontent.com/RobinKnipe/autovpn/master/install.sh' | sudo bash -s
You can check everything worked with sudo systemctl list-dependencies
- you should see something like the following example - note the autovpn.service
unit is listed as the second item under the default.target
(the dot next to it should hopefully be green):
sudo systemctl list-dependencies
default.target
● ├─accounts-daemon.service
● ├─autovpn.service
...
If the install script fails, because it can't locate the user's home directory - or if support for another user (i.e. not the default) is required - the installation script can be run specifying the target home directory as follows:
curl -s 'https://raw.githubusercontent.com/RobinKnipe/autovpn/master/install.sh' | sudo bash -s $HOME
When the service starts, it looks for a file ${HOME}/.config/autovpn.properties
. This file contains a few options to tailor the script:
By default the monitored folder is: "${HOME}/Downloads"
. To change it, add the download_dir
property, as in the following example:
# look in "/tmp/downloads" instead
download_dir=/tmp/downloads
By default any downloaded VPN file matching the general filename patter *.ovpn
(regex: .+\.ovpn
) will be connected. To change this add the filename_pattern
property, as in the following example:
# only allow autovpn to connect to "my-connection.ovpn" and "some-other.ovpn"
filename_pattern='^(my-connection|some-other).ovpn$'
NOTE: The single quotes (') around the regex in the pattern are important.
Before starting a new connection, the service will try to close any existing VPN connection that was started with a configuration file with the same name. Often configuration files are only valid for a limited time, and a timestamp forms part of the filename - in these cases the vpn_name_suffix
property can be set to indicate the filename ending, as in the following examples:
# the current date suffix, e.g. my-connection-20190212.ovpn
vpn_name_suffix='-[0-9]{8}.ovpn'
# the current date and time suffix, e.g. my-connection-20190212-1354.ovpn
vpn_name_suffix='-[0-9]{8}-[0-9]{4}.ovpn'
It may also be useful to reuse this suffix as part of the filename_pattern
property, as in this example:
# current date, time, and count (for duplicate names), e.g. "con-20190212-1354 (2).ovpn"
vpn_name_suffix='-[0-9]{8}-[0-9]{4}( \([0-9]+\))?\.ovpn'
# matches names starting with "vpn", then dash separated words, ending with above suffix
filename_pattern="^vpn(-\w+)*${vpn_name_suffix}$"
By default Chromium's temporary files will be ignored (regex: .*\.crdownload|\.org\.chromium\.Chromium\..*
). To change this add the exclude_files
property, as in the following example:
# ignore all files with the extension ".part"
exclude_files=".*\.part"
By default the service will remove the VPN configuration files after it tries to connect, so that the downloads directory does not get unnecessarily cluttered. To disable this behaviour, set the auto_remove
option to no
or false
.
Simply making changes to the properties file will not take effect until the service restarts - this happens when the OS boots, or can be manualy triggered by running:
sudo systemctl restart autovpn.service
The VPN connections are created using openvpn
which must already be installed (openvpn.net).
The inotifywait
utility (from the inotify-tools
package) is used to watch for new VPN configuration files, and is installed by the install.sh
script.
This project has been built as a systemd
service unit (autovpn.service
), to handle automatic startup and give the necessary privileges to create VPN connections. The autovpn
script could be configured to work with other system automation tools, please feel free to extend this project!
You can find more information about the unit by running systemctl status autovpn.service
in your terminal. The following snippet shows an example of the service running healthily, and the last two lines show two VPNs that were autoatically connected:
sudo systemctl status autovpn.service
● autovpn.service - Automatically connect to VPN after config download
Loaded: loaded (/etc/systemd/system/autovpn.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2016-11-16 16:22:37 GMT; 1h 27min ago
Main PID: 28928 (autovpn)
Tasks: 5
Memory: 3.3M
CPU: 287ms
CGroup: /system.slice/autovpn.service
├─28928 /bin/bash /usr/share/autovpn/autovpn
├─28930 inotifywait -mqe create --exclude .*\.crdownload|\.org\.chromium\.Chromium\..* /home/robin/Downloads
├─31287 openvpn --config /home/robin/Downloads/vpn-hod-platform-dev-20161116-1659.ovpn
└─31549 openvpn --config /home/robin/Downloads/vpn-gro-lev-prod-20161116-1700.ovpn
The service also logs to the standard system log: /var/log/syslog
- so there maybe more information there if you are experiencing problems.