Linux上的NordVPN设置

时间:2018-11-02 08:23:53

标签: vpn openvpn

NordVPN不提供针对Linux的自动设置,仅提供VPN配置文件。最好的实现方法是什么?

(下面是我自己的实现,请随时发表评论或提出改进建议!)

编辑:写这篇文章时,我不知道NordVPN最近引入了command line tool for linux

1 个答案:

答案 0 :(得分:0)

我写了一个小脚本,可以下载配置文件,重命名它们并启用自动身份验证。在generate authentification file部分中插入您的NordVPN登录凭据。

#!/bin/bash
# run as root!!!

# install openvpn. I'm running arch, this might be different on your system.
pacman -S openvpn

# go to openvpn config folder
cd /etc/openvpn

# download config files, extract and clean up
wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
unzip ovpn.zip
rm ovpn.zip

# rename tcp config files and put them in /etc/openvpn/client
cd ovpn_tcp
for file in *; do mv "${file}" "${file/.nordvpn.com.tcp.ovpn/}tcp.conf"; done
cp * ../client

# rename udp config files and put them in /etc/openvpn/client
cd ../ovpn_udp
for file in *; do mv "${file}" "${file/.nordvpn.com.udp.ovpn/}udp.conf"; done
cp * ../client

# generate authentification file
cd ../client
printf "<your email>\n<your password>" > auth.txt

# make all configs use authentification file
find . -name '*.conf' -exec sed -i -e 's/auth-user-pass/auth-user-pass\ auth.txt/g' {} \;

# clean up
cd ..
rm -r ovpn_tcp/
rm -r ovpn_udp

您现在可以通过例如启动和停止vpn连接

systemctl start openvpn-client@de415tcp.service

systemctl stop openvpn-client@de415tcp.service

要使其自动化并连接到NordVPN推荐的服务器,我已经编写了两个脚本。使它们可执行,然后将其放在您的$PATH中。 如果要选择特定的国家/地区,请将国家/地区代码(例如usdeuk)作为命令行参数传递给start-vpn。它会自动选择一个tcp连接。您可以根据需要将其更改为udp

start-vpn

#!/usr/bin/python
import sys

import requests
import os
import time

# you don't necessarily need the following. It's for monitoring via i3blocks.

def notify_i3blocks():
    os.system('pkill -RTMIN+12 i3blocks')


def fork_and_continue_notifying_in_background():
    newpid = os.fork()
    if newpid == 0:  # if this is the child process
        for i in range(60):
            notify_i3blocks()
            time.sleep(1)


if __name__ == '__main__':

    notify_i3blocks()

    # below is what you do need.

    suffix = ''
    if len(sys.argv) > 1:
        countries = requests.get('https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_countries').json()
        for country in countries:
            if country["code"].lower() == sys.argv[1].lower():
                suffix = '&filters={"country_id":' + str(country["id"]) + '}'

    result = requests.get('https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations' + suffix)
    profile = result.json()[0]['subdomain'] + 'tcp'

    command = 'systemctl start openvpn-client@' + profile + '.service'

    os.system(command)

    # the following is for i3blocks again.        

    fork_and_continue_notifying_in_background()

stop-vpn

#!/bin/bash

function service {
    systemctl |
    grep openvpn |
    grep running |
    head -n1 |
    awk '{print $1;}'
}

while [[ $(service) ]]; do
    systemctl stop $(service)
done

# notify i3blocks
pkill -RTMIN+12 i3blocks

为方便起见,我在~/.bashrc中有两个别名:

alias start-vpn='sudo start-vpn'
alias stop-vpn='sudo stop-vpn'

如果您确实想通过i3blocks对其进行监视,请将其放入您的i3blocks配置中:

[vpn]
interval=once
signal=12

,这在您的i3blocks-scripts-目录(名称为vpn)中:

#!/bin/bash

function name {
    systemctl |
    grep openvpn |
    grep running |
    head -n1 |
    awk '{print $1;}' |
    cut -d @ -f 2 |
    cut -d . -f 1
}

starting=$(pgrep -f start-vpn) # this might not be the most accurate, but it works for me. Improvement suggestions are welcomed.

if [[ $(name) ]]; then
    echo $(name)
    echo && echo "#00FF00"
else
    if [[ ${starting} ]]; then
        echo starting vpn...
        echo && echo "#FFFF00"
    else
        echo no vpn
        echo && echo "#FF0000"
    fi
fi

为了在网络接口打开/关闭时自动启动和停止vpn,请在/etc/NetworkManager/dispatcher.d/10-openvpn中输入以下内容。要激活该功能,您需要enablestart NetworkManager-dispatcher.service。更多信息here

在我的大学,我连接到eduroam,该网络不允许VPN。这就是为什么我将其排除在外。

/etc/NetworkManager/dispatcher.d/10-openvpn

#!/bin/bash

case "$2" in
    up)
        if ! nmcli -t connection | grep eduroam | grep wlp3s0 ; then
            start-vpn
        fi
        ;;
    down)
        stop-vpn
        ;;
esac

我希望这对希望在Linux上使用NordVPN的其他人有所帮助。同样,请随时发表评论并提出改进建议。 特别是,我不确定将NordVPN密码以纯文本格式写入文件有多大的安全风险。