Difference between revisions of "A VPN monitoring Script"

From Da Nerd Mage Wiki
Jump to navigation Jump to search
Line 35: Line 35:
  fi
  fi
   
   
  Local=$(wget http://ipinfo.io/ip -qO -)
  Local=$(wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -)
   
   
  # This requires that 'ssh-copy-id user@othermachine' has been done
  # This requires that 'ssh-copy-id user@othermachine' has been done
  Remote=$(ssh '''user'''@'''othermachine''' wget http://ipinfo.io/ip -qO -)
  Remote=$(ssh '''user'''@'''othermachine''' wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -)
   
   
  # Required because the VPN bypasses local DNS
  # Required because the VPN bypasses local DNS

Revision as of 23:41, 19 September 2025

Proven on:
Logo Debian.png
 13 (trixie)

OpenVPN with PIA seems to occasionally forget to act like a VPN

When this happens, you may just want to know about it & remind them by restarting OpenVPN

Finding out if you're still protected:

Compare your public IP to that of the rest of the network

wget http://ipinfo.io/ip -qO -

&

ssh user@othermachine 'wget http://ipinfo.io/ip -qO -'

user & othermachine are a valid user on another machine on your LAN. One that is NOT running a VPN connection.)

NOTE: The assumption made here is that you have configured this machine to use passwordless SSH when connecting to othermachine.

Here's a nifty little shell script...

  1. !/bin/bash
if nc -zw1 google.com 443
then
  echo "We have Internets..."
else
  echo "NOPE!  No Internets..."
  exit
fi

Local=$(wget http://ipinfo.io/ip -qO -)

# This requires that 'ssh-copy-id user@othermachine' has been done
Remote=$(ssh user@othermachine wget http://ipinfo.io/ip -qO -)

# Required because the VPN bypasses local DNS
Automation=192.168.9.0

echo Local: $Local
echo Remote: $Remote
echo Automation: $Automation

if [ $Local != $Remote ]
then
  echo "PIA is currently behaving"
  echo $(date) " - PIA is Just Fine!" >> vpnfix.log
  mosquitto_pub -h "$Automation" -t "Scotts_Speaker_Medium" -m "P I A is OK"
 else
  echo "PIA is mis-behaving"
  date >> vpnfix.log
  echo $(date) " - PIA is Buggered!" >> vpnfix.log
  mosquitto_pub -h "$Automation" -t "Scotts_Speaker_Medium" -m "P I A is Boogered"

  echo "Attempting repair..."
  sudo service openvpn start
fi

192.168.9.0 happens to be the IP address of an MQTT broker on my LAN...

Not only does it check if PIA is doing its thing, it announces the result verbally (the mosquitto... lines) and restarts openvpn (asking for a password for sudo...). It could use a bit of improvement, but it works.

NOTE: You have to ssh into othermachine manually first so the machine knows it's ok.

NOTE: Ya kinda need to install mosquitto-clientsif you want the verbal notifications and set up a Node-Red flow to transfer the messages to your voice assistant or it ain't gonna work quite right...

I have a GH mini at my desk & a node-Red flow that monitors for MQTT messages with the topic Scotts_Speaker_Medium, then passes the message on through TTS to that device.

Ideas for improvement
  • Move the log into /var/log?
  • Find a way to safely allow it to restart the service without asking for a password. (possibly, if it's running from roots crontab...)
  • Then, make it run periodically from cron.
Retrieved from ‘https://wiki.nerdmage.ca/index.php?title=A_VPN_monitoring_Script&oldid=3973