OpenVPN & Network Manager: selecting a random VPN target each time you start the Virtual Private Network (UNIX/Linux) SOLVED

I sometimes perform some IT work for a nonprofit organization. They use OpenVPN for their network but since they reside in different locations, they have multiple OpenVPN servers set up rather than just one point of entry. The problem I’ve noticed is that at times one or another will be slower. While I don’t have a mechanism to identify which is faster, I can roll the dice and have my vpn start script pick a random server instead of me having to randomly pick one myself.

#!/bin/bash

# If the network card is unavailable, we're not going to bring up the vpn
REQUIRED_CONNECTION_NAME="enp0s8"

# VPN_LIST is just a simple array
declare -a VPN_LIST

# BASH arrays start with index 0
i=0

# read the vpn list into an array
while read TMP_VPN; do
    VPN_LIST[$i]="$TMP_VPN"
    ((i++))
done < vpns.txt 

# if the vpns.txt is NOT empty
if (( i >= 0 )); then
    # Choose a random VPN index from the TMP_VPN array
    if (( i > 0 )); then
        ((i - 1))
        ((RANDOM_VPN = $RANDOM % $i))
    else
        RANDOM_VPN=$i
    fi

    # We set the VPN_CONNECTION_NAME to the VPN we chose
    VPN_CONNECTION_NAME=${VPN_LIST[$RANDOM_VPN]}

    DEFAULT_CONNECTION=$( nmcli con show --active |grep "${REQUIRED_CONNECTION_NAME}" )
    VPN_CONNECTION=$( nmcli con show --active | grep "${VPN_CONNECTION_NAME}" )

    # Make sure that the vpn connection isn't already up
    if [[ "${DEFAULT_CONNECTION}" != "${VPN_CONNECTION}" ]]; then
        echo -n "Connecting to ${VPN_CONNECTION_NAME} ... "

        # The credentials are stored in my Gnome keyring so I run the nmcli command as jason
        su - jason -c "nmcli con up id \"${VPN_CONNECTION_NAME}\""

        RC=$?

        if (( RC == 0 )); then
            echo "SUCCESS"
        else
            echo "FAILED"
        fi
    else
        echo "configuration mismatch"
        RC=1
    fi
fi

exit $RC

The file vpns.txt is simply a text file with the names of the VPNs as they are listed in OpenVPN (see /etc/NetworkManager/system-connections for the list of defined VPNs). One VPN per line.

vpn-east.example.org
vpn-west.example.org
vpn-europe.example.org
vpn-tokyo.example.org
Share Button

OpenVPN really really slow? This performance tip might help

I use the virtual private network software, known as OpenVPN, to connect from my laptops to my home every day.  There are several things I’ve noticed:

  • Most offices and many coffee shops will block the default port 1194 (UDP).  It is also a very popular port for naughty people trying to see what you have on your network.  If you’re not running a web server, set it to port 80 or 443 (TCP) as these ports are normally accessible.  If these don’t work, try other ones like 21 (TCP) which is normally used for a FTP server.  You will likely see better throughput on some ports than on others due to ‘traffic shaping’, aka giving network priority to certain applications.
    • Comcast blocks ports 21,80,443 for UDP and but not for TCP
  • The network packets that are sent through the vpn tunnel can become fragmented, split into two or more packets to make them fit into the vpn network packet.  Let’s increase the size of the vpn network packet to reduce the network packet fragmentation
    • tun-mtu 1500
    • mssfix 1400
  • Compression.  This is a little more subjective than you would think.  If most of your activity is based on data streams (e.g. watching video, listening to music), then the compression may cause delays (think extra buffering / stuttering).   My advice is to try with it on and try with it off..  which seems to be more responsive to you?
Share Button

VPNWiz – Cisco VPN GNOME GUI for PCF files

The fine folks over at PhrankDaChicken@Ubuntu have come up with an excellent and simple GUI for the open source Cisco VPN client (vpnc).  The nice thing is that you won’t have to decrypt the group password in your cisco PCF file as VPNWiz will read the PCF files directly!

I don’t know about you, but I’ve never had much luck with the vpnc plugin for NetworkManager when connecting to my office’s VPN.

VPNWiz - Cisco VPN GUI for Gnome
VPNWiz - Cisco VPN GUI for Gnome

VPNWiz uses cisco PCF files to connect a GNOME linux desktop to a cisco vpn server.

Download the VPNWiz zip file, and run the install.sh file.

Go to “Apps -> Internet -> VPNWiz” to start it – follow the wizard to connect.

Click on the VPNWiz icon in the system tray to disconnect.

Get VPNWiz here.

Share Button