Loading...
X

Script to connect and disconnect from OpenVPN depending on server availability

Task:

Branch subnets are connected via OpenVPN. All clients connect to the server and routes to the Internet are set through the OpenVPN server. Everything works, but there is a problem. If the OpenVPN server for some reason loses Internet connection, then all other branches also lose Internet access, because the traffic does not go through its gateway, but through the OpenVPN server. Is there any way to write a script to:

1. If there was no connection to the OpenVPN server, the routes were restored and worked through their own gateway.

2. Once every 2-3 minutes the client would try to connect to the OpenVPN server.

3. When the connection is restored, the routes would be registered again through the OpenVPN server.

Solution:

In theory, it is quite possible to write a script in Bash (for Linux) or PowerShell (for Windows) that would ping the OpenVPN server and if the server is online connecting to it or if the connection is already present, it would do nothing. And if the OpenVPN server is offline, then it would disconnect from it or do nothing if the server is already offline. On Linux, such a script can be added to startup and then run regularly using Systemd timers or Cron. In Windows, too, this can be solved using the Windows Task Scheduler.

But, IMHO, this is a radically wrong approach. It is necessary to strive to ensure that the OpenVPN server is always online. Because for some reason it is needed in the work of users if they connect to it, right? And if so, then when users disconnect from OpenVPN, there will be failures in connecting to local resources.

And nevertheless, here are examples of scripts.

For Windows, the script is written in PowerShell, create the vpn.ps1 file and copy it into it (replace the IP address of the OpenVPN server and the path to the configuration file with yours):

# OpenVPN server IP address
$openvpnIP='185.117.153.79'
# path to the configuration file for connecting the client to the OpenVPN server
$openvpnFILE='C:\Users\MiAl\client1.ovpn'

if (Test-Connection -TargetName $openvpnIP -IPv4 -Count 1 -Quiet -TimeoutSeconds 1)
{
	'OpenVPN server is up'
	if (Get-Process | Where-Object { $_.Name -eq "openvpn" })
	{
		'OpenVPN connection is active.  Nothing to do'
	}
		else
	{
		Write-Warning 'No OpenVPN connections, trying to connect...'
		 & "C:\Program Files\OpenVPN\bin\openvpn.exe" --config $openvpnFILE &
	}
}
else
{
	Write-Warning 'OpenVPN server is down'
	if (Get-Process | Where-Object { $_.Name -eq "openvpn" })
	{
		'OpenVPN connection is active, let us kill it'
		Get-Process | Where-Object { $_.Name -eq "openvpn" } | Select-Object -First 1 | Stop-Process
	}
	else
	{
		Write-Warning 'No OpenVPN connections. Nothing to do'
	}
}

Check like this:

.\vpn.ps1

The OpenVPN server is online, so the script connects to it and does nothing on subsequent checks. Checking the client's IP shows that Internet access is really through OpenVPN:

OpenVPN is offline, so the script disconnects from it. On subsequent checks, the script does nothing until the OpenVPN server is available. When OpenVPN is online again, a connection is made to it.

Use Windows Task Manager to run your script like this:

powershell -File vpn.ps1 -WindowStyle Hidden

Furthermore create the script that it runs under a specific user account and not only when that user is logged on. Otherwise you'll see a console window.

Sample script for Linux – create a vpn.sh file and copy into it:

#!/bin/bash

# OpenVPN server IP address
openvpnIP='185.117.153.79'
# path to the configuration file for connecting the client to the OpenVPN server
openvpnFILE='/home/mial/bin/OpenVPNassistent-конфигурации/configs/client1.ovpn'

isOpenVPNActive=`pgrep openvpn`

timeout 1 ping -c 1 $openvpnIP > /dev/null;
if [ $? -eq 0 ]; then
	echo 'OpenVPN server is up'
	if [ -z "$isOpenVPNActive" ]; then
		echo 'No OpenVPN connections, trying to connect.'
		sudo openvpn "$openvpnFILE" &
	else
		echo 'OpenVPN connection is active. Nothing to do'	 
	fi	
else
	echo 'OpenVPN server is down'
	if [ -z "$isOpenVPNActive" ]; then
		echo 'No OpenVPN connections. Nothing to do.'
	else
		echo 'OpenVPN connection is active, let us kill it.'
		kill "$isOpenVPNActive"
	fi 
fi

Run like this:

sudo bash vpn.sh

The OpenVPN server is online, so the script connects to it and does nothing on subsequent checks. Checking the client's IP shows that Internet access is really through OpenVPN. OpenVPN is offline, so the script disconnects from it. On subsequent checks, the script does nothing until the OpenVPN server is available. When OpenVPN is online again, a connection is made to it.

To run regularly, use systemd's .timer or cron.

See also:


Leave Your Observation

Your email address will not be published. Required fields are marked *