New servers mean new things to play with and new setups that have to be done. I set up a new VM that I wanted to always be connected to a VPN and for that VPN to come up whenever the system is started. The biggest “problem” here is that this VM is running in runlevel 3 so no GUI is available. So let’s jump into setting up an OpenVPN client using network manger’s command line interface
NOTE: While these instructions are written for Fedora 25, they should work on any system using NetworkManager. You will have to figure out what packages you need and how to install them if you are not using an RPM (and probably Red Hat based) system.
Download the OpenVPN Config
For my VPN, I’m using UsenetServer which has hosts all over the world. From the account page, you can download a zip of all the OpenVPN configs. Pull this zip down onto your system, and extract it into a folder.
wget https://usenetserver.com/vpn/software/uns_configs.zip mkdir openvpn unzip uns_configs.zip -d openvpn
Import the OpenVPN Config
After you’ve decided which host you want to connect to, you’ll need to import that VPN configuration into NetworkManager.
cd openvpn nmcli connection import type openvpn file atl-a01.ovpn
Now if you list out your connections, you should see
nmcli connection show
Note: You will need to make sure you have
Adding VPN Credentials
Now that we’ve imported our OpenVPN settings, we need to add our credentials to the file to make it so we can auto start the VPN connection. Edit your system-connections file under
/etc/NetworkManager/system-connections/ and make the following changes
#Change this from 1 to 0 so that it doesn't try to load the keyring password-flags=0 #Add this under the [vpn] section [email protected] [vpn-secrets] password=MarilynMonroe-bot
Then reload your config in NetworkManager
nmcli connection reload atl-a01
Now we can manually test it by bringing up the VPN and testing our public IP.
dig +short myip.opendns.com @resolver1.opendns.com nmcli connection up atl-a01 dig +short myip.opendns.com @resolver1.opendns.com
You should see two different IP address printed before and after bringing up the connection
This is actually the hardest part of the whole thing to do. We create a script in
/root/bin/keepvpnup and then run it via cron.
#!/bin/bash VPNNAME='atl-a01' VPNSTATUS=
nmcli connection show --active $VPNNAME | wc -lif [ "$VPNSTATUS" == "0" ] then nmcli connection up $VPNNAME > /dev/null 2>&1 fi
Then we put this in crontab by running
crontab -e and set it to run every minute
@reboot /root/bin/keepvpnup * * * * * /root/bin/keepvpnup
This isn’t ideal but it will mean that our VPN will be down at most 1 minute before being brought back up. This also allows us to start/stop services when the VPN is down and/or alert someone that it’s down.