[PLUG] Question on openvpn

Sat Feb 15 19:40:29 UTC 2025

On 2/14/25 15:20, American Citizen wrote:
> Hello:
>
> Is there anyone in this group who has worked with openvpn? I cannot get
> my Network Manager running under OpenSuse Leap 15.5 to build a working
> openvpn connection. The attempt to bring up an openvpn session fails.
>
> However I can manually login using openvpn itself and the connection
> comes up fine (with a few WARNING messages)
>
> Is there a bash script way to automate selecting a given openvpn
> configuration that I want to use without it manually forcing me to enter
> in both a username and password (which really needs to be encrypted) ? I
> do have lots of openvpn configuration files to choose from.
>
> I guess I will have to go to the OpenSuse users group or community and
> ask them about fixing Network manager to run with the specific openvpn
> configurations that I have.
>
> Thanks for suggestions.
>
> Randall
>
>
I use the free protonvpn connection and have as partially completed WIP 
bash script using openvpn.  I don't typically use network manager 
(ick!), and haven't gottwn around to using Proton's bespoke GUI app.  I 
guess I could use the protonvpn-cli app *shrug*

There is a proton glitch that requires you to disable ipv6 to ovoid 
bleeding you ipv6 address.

For the auth file, make sure you sue the correct values, VPN username 
then password on separate lines. (These are NOT the web login 
credentials - just checking!)

Also, openvpn can get pretty cranky with the ORDER of options.

-----------8<---------------------

#!/bin/bash

set -e

#start up protonvpn via openvpn

VP="$2"
RED="\033[0;31m"
GREEN="\033[0;32m"
NC='\033[0m' # No Color

JP=$HOME/network/protonvpn/jp-free-16.protonvpn.udp.ovpn
NL=$HOME/network/protonvpn/nl-free-90.protonvpn.udp.ovpn
US=$HOME/network/protonvpn/us-free-2.protonvpn.udp.ovpn

AUTH_FILE="$HOME/network/protonvpn/protonvpn_auth.txt"

start() {
     # disable ipv6
     sysctl -w net.ipv6.conf.all.disable_ipv6=1
     sysctl -w net.ipv6.conf.default.disable_ipv6=1
     sysctl -w net.ipv6.conf.lo.disable_ipv6=1

     case "$VP" in
       J)
         VP=$JP
         ;;
       N)
         VP=$NL
         ;;
       U)
         VP=$US
         ;;
       *)
         echo -e "${RED}No or wrong VPN server selected.${NC}"
         exit 1
       ;;
     esac

     echo -e "${GREEN}Launching ${0}...${NC}"
     openvpn --config $VP --auth-user-pass $AUTH_FILE --auth-nocache & 
 >/dev/null 2>&1
     RETVAL=$?
     return $RETVAL
}

stop() {
     echo -e "${GREEN}Stopping ${0}...${NC}"
     pid=$(ps -A | grep openvpn | awk '{ print $1 }')
     kill $pid > /dev/null 2>&1 && echo "OK" || echo "FAIL"
     RETVAL=$?
     echo
     sysctl -w net.ipv6.conf.all.disable_ipv6=0
     sysctl -w net.ipv6.conf.default.disable_ipv6=0
     sysctl -w net.ipv6.conf.lo.disable_ipv6=0

     return $RETVAL
}

case "$1" in
     start)
         start
         ;;
     stop)
         stop
         ;;
     restart)
         stop
     sleep 5
     start
         ;;
#    status)
#        status
#       ;;
     *)
         echo $"Usage: $0 {start {J|N|U}|stop|status|restart|condrestart}"
         exit 1
esac

----------->8---------------------

I invoke via

$ su -
# cd ~/network
# ./protonvpn.sh start U
# ./protonvp.sh stop

Additional openvpn configuration (firewall etc) is left as an exercise 
for the reader.

Works well on Slackware, so maybe you should try this distro.

-Ed