PDA

View Full Version : Universal Guide to Connect to VPN via Terminal



User808
20th December 2016, 12:25 PM
Note: what be colored in this guide by BLUE COLOR are variables determined either by your VPN service provider, like name of VPN .zip file that contain VPN configuration & certificate files; OR determine by you, like name of .txt file that you will save your VPN credentials.

How to install OpenVPN & download your VPN service provider's configuration + certificate files inside it via command line:
================================================== ============================

- Open a terminal window and do the following steps:

- install OpenVPN, if not already installed by default, using following command:


sudo dnf install openvpn

- Change to the /etc/openvpn directory with the following command:


cd /etc/openvpn

- Download from your VPN server provider the .zip file that contain the configuration and the certificate files -[suppose your VPN service provider names it vpnconfiguration.zip]- using either:

sudo wget {URL}
or
sudo curl command

- Install unzip, if not already installed by default, to decompress the file with the following command:


sudo dnf install unzip

- Decompress the vpnconfiguration.zip file with the following command:


sudo unzip vpnconfiguration.zip

- Remove vpnconfiguration.zip file which no longer used:


sudo rm vpnconfiguration.zip

- List the contents of the directory (see a list of the server config files) with the following command:


ls -l

- Start a connection to the VPN with openvpn and the chosen config file with the following command:


sudo openvpn 'config-filename.ovpn'

Example:

sudo openvpn 'Netherlands.ovpn'

Wait for the connection sequence to finish. Once the connection has been established successfully, you should see something like the screenshot below (Initialization Sequence Completed).

---

After you do the above steps once please follow the next steps to connect when you want to:

How to connect to VPN via OpenVPN within a terminal window
================================================== ======

- Open a terminal window and do the following steps to connect to VPN via OpenVPN

- Change to the /etc/openvpn directory with the following command:


cd /etc/openvpn

- List the contents of the directory (see a list of the server config files) with the following command:


ls -l

- Start a connection to the VPN with openvpn and the chosen config file with the following command:


sudo openvpn 'config-filename.ovpn'

Example:

sudo openvpn 'Netherlands.ovpn'

Wait for the connection sequence to finish. Once the connection has been established successfully, you should see something like the screenshot below (Initialization Sequence Completed).

Note: For the VPN to be active, the Terminal window must stay active/open. It can be minimized—just don’t close it!
To disconnect, press “Ctrl” then, while still pressing “Ctrl”, click “C”

Note: You can stop VPN by using following command:


sudo service openvpn stop

This command will disconnect VPN by stop OpenVPN itself.
If you use it, you can not re-connect to VPN unless you 1st re-enabling OpenVPN, before applying steps that used to reconnect to VPN. You can re-enable OpenVPN by following command:


sudo service openvpn start

-------------------------------
Note: to remove all configuration files from openvpn directory use:


cd /etc/openvpn


sudo rm -i *

Please notice that you are recommended, in this step, to use "-i" option with rm command, as written above, because we dial with important files. By this you will be asked before delete every file. This minimize risk of delete something that shouldn't deleted.
------------------------------


Saving VPN Credentials:
===================

- To put our VPN credentials in a file. We’ll put this file in /etc/openvpn; the format is simple -1st line is your username, 2nd line is your password:

1st enter to /etc/openvpn by cd /etc/openvpn then create a new file, let we name it for ex: credentials, with your VPN username:


$ echo -e "yourusername" | sudo tee -a credentials.txt

Next, append the password:


$ echo -e "yourpassword" | sudo tee -a credentials.txt

Because this file has sensitive information, let’s make sure it has the right permissions to protect it:


sudo chown root:root credentials.txt

sudo chmod 400 credentials.txt

Next, we need the OpenVPN configuration files to use these credentials. We have to Edit VPN configuration files to set ‘auth-user-pass’ to reference credentials.txt file by following commands:


sudo sed -i -e 's/auth-user-pass.*/auth-user-pass credentials.txt/' *.ovpn

or, alternatively, we can run – for same purpose – the following command:


sudo sed -i "s/auth-user-pass/auth-user-pass credentials.txt/g" *.ovpn

The period, ".", in the first command matches any character, and the asterisk, "*", causes the match to continue for zero or more occurrences of any character to the end of the line. So the first command causes any line that starts with "auth-user-pass" to be replaced by "auth-user-pass credentials.txt". All text after "auth-user-pass" is discarded. The second command causes "credentials.txt" to be appended after "auth-user-pass" leaving the rest of the line intact.

To be more secure, we’ll also tell OpenVPN not to cache the credentials in virtual memory by appending the ‘auth-nocache’ option right after ‘auth-user-pass’ in your VPN configuration files.:


sudo sed -i -e '/auth-user-pass credentials.txt/a auth-nocache' *.ovpn

Note: enforcing "auth-nocache" option does not really improve your security, & it does not close security leaks. Should a hacker have access to your RAM or pagefile already, your VPN password is the last thing you should worry about.

User808
26th December 2016, 01:19 PM
Next step: if you are lazy & like to avoid retype:

$ cd /etc/openvpn
$ sudo openvpn 'config-filename.ovpn'

each time you connect or change location, then you can use one of following 2 scripts:

1) if you are JUST LAZY use following script:


#! /bin/bash
cd /etc/openvpn
sudo openvpn "${1}.ovpn"
sudo -k

Name this script by short name like vpn.sh
Using short name for this script is the key point to achieve aim from it (ease of use from)
Now all what you need to connect to your vpn is typing in terminal:


$ vpn.sh "config-filename"

Notes:
- do not include extension of config-filename, that is to say, do not include .ovpn If you include .ovpn then you will failed to connect to VPN
- if your config-filename composed from only one word, like Austria.ovpn, so no need to put it between " ". So, all what you need to type in terminal:


$ vpn.sh Austria

- if your config-filename composed from more than one word, like Russia Skhalin.ovpn, then you MUST put it between " " as such as:


$ vpn.sh "Russia Skhalin"

Advantages of this script:
- it is simple, short & easy to written, thus,
- it is not time consuming when written

Disadvantages of this script:
- it necessitates to write FULL config-falename (you can not abrivate it further), thus,
- it does not make you able to shorten, what you needed to type in terminal to connect to VPN, for extreme degree

-----------------------------------------

2) if you are, like me, VERY LAZY use the following script (an example composed from 6 rules for 6 locations - increase rules if you have more):


#! /bin/bash
cd /etc/openvpn

rulesuk(){
sudo openvpn 'England.ovpn'
sudo -k
}

rulesat(){
sudo openvpn 'Austria.ovpn'
sudo -k
}

rulesRUmo(){
sudo openvpn 'Russia Moscow.ovpn'
sudo -k
}

rulesRUsk(){
sudo openvpn 'Russia Skhalin.ovpn'
sudo -k
}

rulesza(){
sudo openvpn 'South Africa.ovpn'
sudo -k
}

ruleseg(){
sudo openvpn 'Egypte.ovpn'
sudo -k
}

rules${1}

- What I put it in RED COLOR in the above script, must be exactly the same as your VPN configuration files' names.
- What I put it in BLUE COLOR in the above script are variables' names you are free to change them to what you like.
(PLEASE NOTICE THAT THESE COLOR THAT I USED IN ABOVE SCRIPT HAVE NO ANY RELATION WITH COLORS THAT APPEARED BY YOUR TEXT EDITOR WHEN YOU WRITING SCRIPT)

Name this script by short name like vpn.sh
Using short name for this script is the key point to achieve aim from it (ease of use from)

Disadvantage of this script: if you have many locations, like me which have 50 locations, then this script will be long & consume time to write it.

Advantages of this script: allow you to make connection to VPN via terminal very easy by using very short command. The key point for this is rules variables (rules names). For me I use following approach: if config-filename composed from one word (or even if composed from more than 1 word but refer to name of country, like South Africa) then I use for it's rule the Internet top-level domain's code for that country & use it in small case, like uk for England or za for South Africa.

For more details about Internet top-level domains' codes for various countries vist these 2 links:
https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains
&
http://www.domainsherpa.com/country-code-top-level-domains/

If config-filename composed from more that 2 word, 1st word refer to country & remaining word(s) refer to special zone within that country like Russia Skhalin, then I use, as a name for it's rule, Internet top-level domain's code for that country IN UPPER CASE followed immidetly by 1st+2nd laters of name of zone area in small case, like RUmo or RUsk. If zone area have a special abbreviation like NY for New York, then you can use USny as a rules name.
In this case, all what you need to connect to VPN, is typing in terminal:


$ vpn.sh uk

or


$ vpn.sh RUsk

As such as will be easy! Enjoy!

For how to achieve Internet Kill Switch + IPv6 leak protection for your VPN, visit the following link:
http://www.forums.fedoraforum.org/showthread.php?t=312722

I wish that I give some thing real for this kind dear forum, as it gave me - & still giving me - many valiable help.

---------------------------------

Special thanks for srakitnican & dd_wizard, members in this lovely forum, for their kind help in assistant me to create these scripts