linux上的NordVPN设置

Question

NordVPN不为linux提供自动设置，只提供VPN配置文件。实现这一点的最佳方法是什么？

(下面是我自己的实现，请随时评论或建议改进！)

编辑:当我写这篇文章时，我不知道NordVPN最近确实引入了一个linux命令行工具。

Answer 1

我编写了一个下载配置文件、重命名配置文件并启用自动身份验证的小脚本。在NordVPN部件中插入您的generate authentification file登录凭据。

#!/bin/bash
# run as root!!!

# install openvpn. I'm running arch, this might be different on your system.
pacman -S openvpn

# go to openvpn config folder
cd /etc/openvpn

# download config files, extract and clean up
wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
unzip ovpn.zip
rm ovpn.zip

# rename tcp config files and put them in /etc/openvpn/client
cd ovpn_tcp
for file in *; do mv "${file}" "${file/.nordvpn.com.tcp.ovpn/}tcp.conf"; done
cp * ../client

# rename udp config files and put them in /etc/openvpn/client
cd ../ovpn_udp
for file in *; do mv "${file}" "${file/.nordvpn.com.udp.ovpn/}udp.conf"; done
cp * ../client

# generate authentification file
cd ../client
printf "<your email>\n<your password>" > auth.txt

# make all configs use authentification file
find . -name '*.conf' -exec sed -i -e 's/auth-user-pass/auth-user-pass\ auth.txt/g' {} \;

# clean up
cd ..
rm -r ovpn_tcp/
rm -r ovpn_udp

您现在可以启动和停止vpn-连接通过。

systemctl start openvpn-client@de415tcp.service

和

systemctl stop openvpn-client@de415tcp.service

为了实现自动化，并连接到NordVPN推荐的服务器，我编写了两个脚本。使它们可执行，并将它们放在$PATH中的某个位置。如果要选择特定国家，则将国家代码(如us、de或uk)作为命令行参数传递给start-vpn。它自动选择一个tcp连接。如果愿意，可以将其更改为udp。

start-vpn

#!/usr/bin/python
import sys

import requests
import os
import time

# you don't necessarily need the following. It's for monitoring via i3blocks.

def notify_i3blocks():
    os.system('pkill -RTMIN+12 i3blocks')


def fork_and_continue_notifying_in_background():
    newpid = os.fork()
    if newpid == 0:  # if this is the child process
        for i in range(60):
            notify_i3blocks()
            time.sleep(1)


if __name__ == '__main__':

    notify_i3blocks()

    # below is what you do need.

    suffix = ''
    if len(sys.argv) > 1:
        countries = requests.get('https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_countries').json()
        for country in countries:
            if country["code"].lower() == sys.argv[1].lower():
                suffix = '&filters={"country_id":' + str(country["id"]) + '}'

    result = requests.get('https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations' + suffix)
    profile = result.json()[0]['subdomain'] + 'tcp'

    command = 'systemctl start openvpn-client@' + profile + '.service'

    os.system(command)

    # the following is for i3blocks again.        

    fork_and_continue_notifying_in_background()

stop-vpn

#!/bin/bash

function service {
    systemctl |
    grep openvpn |
    grep running |
    head -n1 |
    awk '{print $1;}'
}

while [[ $(service) ]]; do
    systemctl stop $(service)
done

# notify i3blocks
pkill -RTMIN+12 i3blocks

为了方便起见，我的~/.bashrc中有两个别名

alias start-vpn='sudo start-vpn'
alias stop-vpn='sudo stop-vpn'

如果您确实希望通过i3blocks监视它，请将其放在i3blocks配置中：

[vpn]
interval=once
signal=12

在您的i3块中的脚本-目录(名称为vpn)：

#!/bin/bash

function name {
    systemctl |
    grep openvpn |
    grep running |
    head -n1 |
    awk '{print $1;}' |
    cut -d @ -f 2 |
    cut -d . -f 1
}

starting=$(pgrep -f start-vpn) # this might not be the most accurate, but it works for me. Improvement suggestions are welcomed.

if [[ $(name) ]]; then
    echo $(name)
    echo && echo "#00FF00"
else
    if [[ ${starting} ]]; then
        echo starting vpn...
        echo && echo "#FFFF00"
    else
        echo no vpn
        echo && echo "#FF0000"
    fi
fi

为了在网络接口上升/下降时自动启动和停止vpn，请在/etc/NetworkManager/dispatcher.d/10-openvpn中放置以下内容。要激活该特性，需要对enable和start进行NetworkManager-dispatcher.service。更多信息，这里。

在我的大学，我连接到eduroam，这不允许vpn。所以我才不考虑这个。

/etc/NetworkManager/dispatcher.d/10-openvpn

#!/bin/bash

case "$2" in
    up)
        if ! nmcli -t connection | grep eduroam | grep wlp3s0 ; then
            start-vpn
        fi
        ;;
    down)
        stop-vpn
        ;;
esac

我希望这对希望在linux上使用NordVPN的其他人有所帮助。再一次，请随意评论并提出改进建议。特别是，我不确定在文件中用纯文本写出NordVPN密码会带来多大的安全风险。