NordVPN不提供针对Linux的自动设置,仅提供VPN配置文件。最好的实现方法是什么?
(下面是我自己的实现,请随时发表评论或提出改进建议!)
编辑:写这篇文章时,我不知道NordVPN最近引入了command line tool for linux。
答案 0 :(得分:0)
我写了一个小脚本,可以下载配置文件,重命名它们并启用自动身份验证。在generate authentification file部分中插入您的NordVPN登录凭据。
#!/bin/bash
# run as root!!!
# install openvpn. I'm running arch, this might be different on your system.
pacman -S openvpn
# go to openvpn config folder
cd /etc/openvpn
# download config files, extract and clean up
wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
unzip ovpn.zip
rm ovpn.zip
# rename tcp config files and put them in /etc/openvpn/client
cd ovpn_tcp
for file in *; do mv "${file}" "${file/.nordvpn.com.tcp.ovpn/}tcp.conf"; done
cp * ../client
# rename udp config files and put them in /etc/openvpn/client
cd ../ovpn_udp
for file in *; do mv "${file}" "${file/.nordvpn.com.udp.ovpn/}udp.conf"; done
cp * ../client
# generate authentification file
cd ../client
printf "<your email>\n<your password>" > auth.txt
# make all configs use authentification file
find . -name '*.conf' -exec sed -i -e 's/auth-user-pass/auth-user-pass\ auth.txt/g' {} \;
# clean up
cd ..
rm -r ovpn_tcp/
rm -r ovpn_udp
您现在可以通过例如启动和停止vpn连接
systemctl start openvpn-client@de415tcp.service
和
systemctl stop openvpn-client@de415tcp.service
要使其自动化并连接到NordVPN推荐的服务器,我已经编写了两个脚本。使它们可执行,然后将其放在您的$PATH中。
如果要选择特定的国家/地区,请将国家/地区代码(例如us,de或uk)作为命令行参数传递给start-vpn。它会自动选择一个tcp连接。您可以根据需要将其更改为udp。
start-vpn
#!/usr/bin/python
import sys
import requests
import os
import time
# you don't necessarily need the following. It's for monitoring via i3blocks.
def notify_i3blocks():
os.system('pkill -RTMIN+12 i3blocks')
def fork_and_continue_notifying_in_background():
newpid = os.fork()
if newpid == 0: # if this is the child process
for i in range(60):
notify_i3blocks()
time.sleep(1)
if __name__ == '__main__':
notify_i3blocks()
# below is what you do need.
suffix = ''
if len(sys.argv) > 1:
countries = requests.get('https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_countries').json()
for country in countries:
if country["code"].lower() == sys.argv[1].lower():
suffix = '&filters={"country_id":' + str(country["id"]) + '}'
result = requests.get('https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations' + suffix)
profile = result.json()[0]['subdomain'] + 'tcp'
command = 'systemctl start openvpn-client@' + profile + '.service'
os.system(command)
# the following is for i3blocks again.
fork_and_continue_notifying_in_background()
stop-vpn
#!/bin/bash
function service {
systemctl |
grep openvpn |
grep running |
head -n1 |
awk '{print $1;}'
}
while [[ $(service) ]]; do
systemctl stop $(service)
done
# notify i3blocks
pkill -RTMIN+12 i3blocks
为方便起见,我在~/.bashrc中有两个别名:
alias start-vpn='sudo start-vpn'
alias stop-vpn='sudo stop-vpn'
如果您确实想通过i3blocks对其进行监视,请将其放入您的i3blocks配置中:
[vpn]
interval=once
signal=12
,这在您的i3blocks-scripts-目录(名称为vpn)中:
#!/bin/bash
function name {
systemctl |
grep openvpn |
grep running |
head -n1 |
awk '{print $1;}' |
cut -d @ -f 2 |
cut -d . -f 1
}
starting=$(pgrep -f start-vpn) # this might not be the most accurate, but it works for me. Improvement suggestions are welcomed.
if [[ $(name) ]]; then
echo $(name)
echo && echo "#00FF00"
else
if [[ ${starting} ]]; then
echo starting vpn...
echo && echo "#FFFF00"
else
echo no vpn
echo && echo "#FF0000"
fi
fi
为了在网络接口打开/关闭时自动启动和停止vpn,请在/etc/NetworkManager/dispatcher.d/10-openvpn中输入以下内容。要激活该功能,您需要enable和start NetworkManager-dispatcher.service。更多信息here。
在我的大学,我连接到eduroam,该网络不允许VPN。这就是为什么我将其排除在外。
/etc/NetworkManager/dispatcher.d/10-openvpn
#!/bin/bash
case "$2" in
up)
if ! nmcli -t connection | grep eduroam | grep wlp3s0 ; then
start-vpn
fi
;;
down)
stop-vpn
;;
esac
我希望这对希望在Linux上使用NordVPN的其他人有所帮助。同样,请随时发表评论并提出改进建议。 特别是,我不确定将NordVPN密码以纯文本格式写入文件有多大的安全风险。