victoriastuart/vpn_scripts.txt

## vpn_scripts.txt
VPN Notes, Scripts

Victoria Stuart: Apr 12, 2017
[gmail: Victorias.Linux@ ...]

File: /mnt/Vancouver/Reference/VPN/vpn notes, scripts.txt

Saved 2017-Apr-12 as public Gist:
https://gist.github.com/victoriastuart/19acf4944c9c95af461d62b27d0c19ec

VPN: Private Internet Access (PIA) [https://www.privateinternetaccess.com]
 OS: Arch Linux x86_64

==============================================================================
PREAMBLE
==============================================================================

Setting up the PIA VPN on a non-Ubuntu Linux distro is a nightmare, but worth it once working.

A recurring issue is VPN connectivity drops.  To address those, I set up scripts that auto run from cron (crontab), and manually (as needed) from aliases ( ~/.bashrc).


==============================================================================
ARCH LINUX INSTALLS (pacman and/or pacaur)
==============================================================================

* pia-tools     [AUR: https://aur.archlinux.org/packages/pia-tools/]
* openvpn       [pacman: https://wiki.archlinux.org/index.php/OpenVPN]

Using configuration/files in: /etc/openvpn/pia


==============================================================================
~/.BASHRC ENTRIES [~/.bashrc ]
==============================================================================

# ----------------------------------------
# VPN / INTERNET CONNECTIVITY CHECKS:

# CHECK INTERNET AND VPN CONNECTIONS; RESTART IF NECESSARY:

# [bash script 'query_vpn_restart_if_down.sh' runs every minute via cron (sudo gedit /etc/crontab)]

alias vpn='echo "  [Checking internet and VPN connectivity (will restart if/as needed)]" && sudo /mnt/Vancouver/Programming/scripts/query_vpn_restart_if_down.sh'
alias int='echo "  [Checking internet and VPN connectivity (will restart if/as needed)]" && sudo /mnt/Vancouver/Programming/scripts/query_vpn_restart_if_down.sh'

# Temporarily stop/restart VPN (e.g., to log onto BCLotto website from within B.C.: B.C. IP address required):

alias vpnstop='sudo systemctl stop pia@CA_Toronto'
alias vpnstart='sudo systemctl start pia@CA_Toronto'

alias vpnrs='sudo systemctl restart pia@CA_Toronto'

alias vpn_stat_min='/mnt/Vancouver/Programming/scripts/vpn_stat_min.sh


==============================================================================
CRONTAB [/etc/crontab] ENTRIES:
==============================================================================

# ------------------------------------------------------------------------------
# VPN-RELATED
# ------------------------------------------------------------------------------

# m    h    dom    mon    dow    user    nice    command

# Query for and restart dropped Private Internet Access (PIA) OpenVPN connection, via script:

# "At every minute" [http://crontab.guru/]:
*    *    *    *    *	root    nice -n 19    sudo bash /mnt/Vancouver/Programming/scripts/query_vpn_restart_if_down.sh

## crontab runs as root, so don't need "sudo bash ...", above
## ["query_vpn_restart_if_down.sh" contains the statement "sudo systemctl restart openvpn@CA_Toronto.service"]


==============================================================================
SCRIPT - query_vpn_restart_if_down.sh
==============================================================================

#!/bin/bash

# /mnt/Vancouver/Programming/scripts/query_vpn_restart_if_down.sh

# CHECK PRIVATE INTERNET ACCESS (PIA) OpenVPN CONNECTIVITY
# Added to crontab (sudo gedit /etc/crontab): runs every minute

# ===============================================
# 1. CHECK INTERNET CONNECTION (RESTART IF DOWN):
# ===============================================

# http://stackoverflow.com/questions/929368/how-to-test-a-internet-connection-in-bash

# Alternative check:

# ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null && echo ok || echo error

# check internet connectivity; if out, would hang, so added OR statement:

wget -q --spider http://google.com || sudo systemctl restart pia@CA_Toronto

# wget -q --spider http://google.com || echo '********'
# echo $?
#     0

# ----------------------------------------------------------------------------

if [ $? -eq 0 ]; then
    printf "\n\tInternet connection: online\n\t         IP address: "
    #wget -qO- http://ipecho.net/plain; printf "  [172.98.67.xxx : PIA Toronto server]\n"
    #wget -qO- http://ipecho.net/plain; printf "\n"
    #wget -qO- http://ipecho.net/plain; echo ''         ## not working: 2017-Feb-15
    wget -qO- https://api.ipify.org
    printf "\n"
    #ip_out=$(curl -s ipinfo.io/172.98.67.107)
    # ----------------------------------------
    #IP_NUM=$(wget -qO- http://ipecho.net/plain)
    # https://www.ipify.org/
    IP_NUM=$(wget -qO- https://api.ipify.org)
    # ----------------------------------------
    IP_DATA=$(wget -qO- ipinfo.io/$IP_NUM)
    printf "                  "
    echo $IP_DATA | cut -d ','  -f3 | tr -d '"'
    printf "                "
    echo $IP_DATA | cut -d ','  -f4 | tr -d '"'
    printf "               "
    echo $IP_DATA | cut -d ','  -f5 | tr -d '"'
else
    # can't have two !! in printf:
    #printf "\t*****  Internet connection: offline!!  *****\n"
    printf "\t*****  Internet connection: offline!  *****\n"
    printf "\tRestarting network (internet) connection now; please wait 5 seconds\n"
    sudo systemctl restart NetworkManager.service
    sleep 5
    #sudo systemctl restart openvpn@CA_Toronto.service              ## << OLD!
    sudo systemctl stop pia@CA_Toronto
    sudo systemctl start pia@CA_Toronto
    sudo systemctl restart NetworkManager.service
fi

# ~/.bashrc aliases (this script): { int | vpn }


# ==========================================
# 2. CHECK VPN CONNECTION (RESTART IF DOWN):
# ==========================================

# https://wiki.archlinux.org/index.php/OpenVPN#Testing_the_OpenVPN_configuration
# http://stackoverflow.com/questions/30052129/linux-unix-check-if-vpn-connection-is-active-up
# [ see also: https://nuxview.blogspot.ca/2016/09/i3blocks-vpn-status-notifier.html ]

#if [[ $GET_VPN == *"tun0"* ]];then
if ! /sbin/ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00"; then
    # can't have two !! in printf:
    #printf "\t*****  VPN [tun0] is down!!  *****\n\t... restarting networking (sleep 5), then VPN ...\n"
    # use this:
    printf "\t*****  VPN [tun0] is down!  *****\n\t... restarting networking (sleep 5), then VPN ...\n"
    # restart network connection:
    sudo systemctl restart NetworkManager.service
    sleep 5
    # restart VPN:
    #sudo systemctl restart openvpn@CA_Toronto.service              ## << OLD!
    sudo systemctl stop pia@CA_Toronto
    sudo systemctl start pia@CA_Toronto
    sudo systemctl restart NetworkManager.service
else
    printf "\t     VPN connection: online!\n"
    # http://stackoverflow.com/questions/2421586/what-is-the-bash-equivalent-of-pythons-pass-statement
    # bash "pass" statement: could just delete the "else" statement, but retained for testing and illustration:
    :
fi


# =================================
# 3. INTERNET CONNECTION SPEED TEST
# =================================

printf '\n\tInternet speed test (will take ~25+ sec ...):  '

# ----------------------------------------
# http://stackoverflow.com/questions/12498304/using-bash-to-display-a-progress-working-indicator

spin[0]="-"
spin[1]="\\"
spin[2]="|"
spin[3]="/"

# http://stackoverflow.com/questions/20165057/executing-bash-loop-while-command-is-running

#pid=$(pgrep speedtest)
#echo $pid

speedtest > .st.txt &           ## & : continue running script
pid=$!                          ## PID of last command

# If this script is killed, kill 'speedtest':
trap "kill $pid 2> /dev/null" EXIT

# While 'speedtest' is running:
while kill -0 $pid 2> /dev/null; do
  for i in "${spin[@]}"
  do
    echo -ne "\b$i"
    sleep 0.1
  done
done

# Disable the trap on a normal exit:
trap - EXIT

# ----------------------------------------

printf "\n\t           "
grep Download: .st.txt
printf "\t             "
grep Upload: .st.txt
echo ''
rm -f st.txt

# ----------------------------------------

# Sound notification: speedtest complete
beep() {
    #for i in 1 2 3
    for i in 1
        do
        {
            #aplay alarm-frenzy.mp3    ## << aplay cannot play MP3 files; use WAV
            #aplay beep.wav
            #aplay ding.wav
            aplay /mnt/Vancouver/Programming/scripts/PHASER.WAV
            #aplay /mnt/Vancouver/Programming/scripts/KenbeepLoud.wav
            sleep 1
        } &> /dev/null
        ## re: above - suppresses aplay echo in terminal, per:
        ## http://stackoverflow.com/questions/18062778/how-to-hide-command-output-in-bash
        done
}

# call the (above) function:
beep

<< COMMENT
GET_VPN=$(nmcli con show | grep tun0 | cut -d ' ' -f1)

if [[ $GET_VPN == *"tun0"* ]]
then
    printf "\t     VPN connection: online\n\t         IP address: "
    wget -qO- http://ipecho.net/plain; echo
    printf "\t                    (172.98.67.xxx : PIA - Toronto server)\n"
else
    printf "\t*****  VPN down  :-(  *****\n\tIP address: "
    wget -qO- http://ipecho.net/plain; echo
    echo
fi
COMMENT


==============================================================================
SCRIPT - vpn_stat.sh
==============================================================================

#!/bin/bash

# /mnt/Vancouver/Programming/scripts/vpn_stat.sh

# ----------------------------------------
# CHECK VPN STATUS:
# -----------------

#echo ''

# https://nuxview.blogspot.ca/2016/09/i3blocks-vpn-status-notifier.html

vpn_status() {
    GET_VPN=$(nmcli con show | grep tun0 | cut -d ' ' -f1)

    if [[ $GET_VPN == *"tun0"* ]]
    then
        echo -ne "  VPN up \r"
    else
        # http://misc.flogisoft.com/bash/tip_colors_and_formatting
        # echo -e "\e[35m\e[1m  **VPN DOWN**\e[0m"
        #
        #echo -ne "  VPN down \r"
        echo -e "\e[35m\e[1m  **VPN DOWN**\e[0m \r"
    fi
}

while true; do clear; vpn_status; sleep 10; done

# TEST:
#     sudo systemctl stop pia@CA_Toronto


==============================================================================
EXAMPLES
==============================================================================

Restart VPN:
------------

    sudo systemctl restart NetworkManager.service
    sudo systemctl stop pia@CA_Toronto
    sudo systemctl start pia@CA_Toronto

[If needed:] Restart networking:
--------------------------------

   [sudo systemctl enable NetworkManager.service]   ## you only need to do this once (ever), when installing the service

    sudo systemctl restart NetworkManager.service


Check VPN:
----------

[victoria@victoria ~]$ date
    Wed Apr 12 10:57:41 PDT 2017

[victoria@victoria ~]$ vpn      ## << can also use alias: int ['internet check']

  [Checking internet and VPN connectivity (will restart if/as needed)]
[sudo] password for victoria:

    Internet connection: online
             IP address: 172.98.67.8
                   city: Toronto
                 region: British Columbia
                country: CA
         VPN connection: online!

    Internet speed test (will take ~25+ sec ...): /
               Download: 21.75 Mbit/s
                 Upload: 5.72 Mbit/s


If that command fails, restart the VPN:

    sudo systemctl restart pia@CA_Toronto


==============================================================================
Q.E.D.!  :-D
==============================================================================
	VPN Notes, Scripts

	Victoria Stuart: Apr 12, 2017
	[gmail: Victorias.Linux@ ...]

	File: /mnt/Vancouver/Reference/VPN/vpn notes, scripts.txt

	Saved 2017-Apr-12 as public Gist:
	https://gist.github.com/victoriastuart/19acf4944c9c95af461d62b27d0c19ec

	VPN: Private Internet Access (PIA) [https://www.privateinternetaccess.com]
	OS: Arch Linux x86_64

	==============================================================================
	PREAMBLE
	==============================================================================

	Setting up the PIA VPN on a non-Ubuntu Linux distro is a nightmare, but worth it once working.

	A recurring issue is VPN connectivity drops. To address those, I set up scripts that auto run from cron (crontab), and manually (as needed) from aliases ( ~/.bashrc).


	==============================================================================
	ARCH LINUX INSTALLS (pacman and/or pacaur)
	==============================================================================

	* pia-tools [AUR: https://aur.archlinux.org/packages/pia-tools/]
	* openvpn [pacman: https://wiki.archlinux.org/index.php/OpenVPN]

	Using configuration/files in: /etc/openvpn/pia


	==============================================================================
	~/.BASHRC ENTRIES [~/.bashrc ]
	==============================================================================

	# ----------------------------------------
	# VPN / INTERNET CONNECTIVITY CHECKS:

	# CHECK INTERNET AND VPN CONNECTIONS; RESTART IF NECESSARY:

	# [bash script 'query_vpn_restart_if_down.sh' runs every minute via cron (sudo gedit /etc/crontab)]

	alias vpn='echo " [Checking internet and VPN connectivity (will restart if/as needed)]" && sudo /mnt/Vancouver/Programming/scripts/query_vpn_restart_if_down.sh'
	alias int='echo " [Checking internet and VPN connectivity (will restart if/as needed)]" && sudo /mnt/Vancouver/Programming/scripts/query_vpn_restart_if_down.sh'

	# Temporarily stop/restart VPN (e.g., to log onto BCLotto website from within B.C.: B.C. IP address required):

	alias vpnstop='sudo systemctl stop pia@CA_Toronto'
	alias vpnstart='sudo systemctl start pia@CA_Toronto'

	alias vpnrs='sudo systemctl restart pia@CA_Toronto'

	alias vpn_stat_min='/mnt/Vancouver/Programming/scripts/vpn_stat_min.sh


	==============================================================================
	CRONTAB [/etc/crontab] ENTRIES:
	==============================================================================

	# ------------------------------------------------------------------------------
	# VPN-RELATED
	# ------------------------------------------------------------------------------

	# m h dom mon dow user nice command

	# Query for and restart dropped Private Internet Access (PIA) OpenVPN connection, via script:

	# "At every minute" [http://crontab.guru/]:
	* * * * * root nice -n 19 sudo bash /mnt/Vancouver/Programming/scripts/query_vpn_restart_if_down.sh

	## crontab runs as root, so don't need "sudo bash ...", above
	## ["query_vpn_restart_if_down.sh" contains the statement "sudo systemctl restart openvpn@CA_Toronto.service"]


	==============================================================================
	SCRIPT - query_vpn_restart_if_down.sh
	==============================================================================

	#!/bin/bash

	# /mnt/Vancouver/Programming/scripts/query_vpn_restart_if_down.sh

	# CHECK PRIVATE INTERNET ACCESS (PIA) OpenVPN CONNECTIVITY
	# Added to crontab (sudo gedit /etc/crontab): runs every minute

	# ===============================================
	# 1. CHECK INTERNET CONNECTION (RESTART IF DOWN):
	# ===============================================

	# http://stackoverflow.com/questions/929368/how-to-test-a-internet-connection-in-bash

	# Alternative check:

	# ping -q -w 1 -c 1 `ip r \| grep default \| cut -d ' ' -f 3` > /dev/null && echo ok \|\| echo error

	# check internet connectivity; if out, would hang, so added OR statement:

	wget -q --spider http://google.com \|\| sudo systemctl restart pia@CA_Toronto

	# wget -q --spider http://google.com \|\| echo '********'
	# echo $?
	# 0

	# ----------------------------------------------------------------------------

	if [ $? -eq 0 ]; then
	printf "\n\tInternet connection: online\n\t IP address: "
	#wget -qO- http://ipecho.net/plain; printf " [172.98.67.xxx : PIA Toronto server]\n"
	#wget -qO- http://ipecho.net/plain; printf "\n"
	#wget -qO- http://ipecho.net/plain; echo '' ## not working: 2017-Feb-15
	wget -qO- https://api.ipify.org
	printf "\n"
	#ip_out=$(curl -s ipinfo.io/172.98.67.107)
	# ----------------------------------------
	#IP_NUM=$(wget -qO- http://ipecho.net/plain)
	# https://www.ipify.org/
	IP_NUM=$(wget -qO- https://api.ipify.org)
	# ----------------------------------------
	IP_DATA=$(wget -qO- ipinfo.io/$IP_NUM)
	printf " "
	echo $IP_DATA \| cut -d ',' -f3 \| tr -d '"'
	printf " "
	echo $IP_DATA \| cut -d ',' -f4 \| tr -d '"'
	printf " "
	echo $IP_DATA \| cut -d ',' -f5 \| tr -d '"'
	else
	# can't have two !! in printf:
	#printf "\t*** Internet connection: offline!! ***\n"
	printf "\t*** Internet connection: offline! ***\n"
	printf "\tRestarting network (internet) connection now; please wait 5 seconds\n"
	sudo systemctl restart NetworkManager.service
	sleep 5
	#sudo systemctl restart openvpn@CA_Toronto.service ## << OLD!
	sudo systemctl stop pia@CA_Toronto
	sudo systemctl start pia@CA_Toronto
	sudo systemctl restart NetworkManager.service
	fi

	# ~/.bashrc aliases (this script): { int \| vpn }


	# ==========================================
	# 2. CHECK VPN CONNECTION (RESTART IF DOWN):
	# ==========================================

	# https://wiki.archlinux.org/index.php/OpenVPN#Testing_the_OpenVPN_configuration
	# http://stackoverflow.com/questions/30052129/linux-unix-check-if-vpn-connection-is-active-up
	# [ see also: https://nuxview.blogspot.ca/2016/09/i3blocks-vpn-status-notifier.html ]

	#if [[ $GET_VPN == "tun0" ]];then
	if ! /sbin/ifconfig tun0 \| grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00"; then
	# can't have two !! in printf:
	#printf "\t*** VPN [tun0] is down!! ***\n\t... restarting networking (sleep 5), then VPN ...\n"
	# use this:
	printf "\t*** VPN [tun0] is down! ***\n\t... restarting networking (sleep 5), then VPN ...\n"
	# restart network connection:
	sudo systemctl restart NetworkManager.service
	sleep 5
	# restart VPN:
	#sudo systemctl restart openvpn@CA_Toronto.service ## << OLD!
	sudo systemctl stop pia@CA_Toronto
	sudo systemctl start pia@CA_Toronto
	sudo systemctl restart NetworkManager.service
	else
	printf "\t VPN connection: online!\n"
	# http://stackoverflow.com/questions/2421586/what-is-the-bash-equivalent-of-pythons-pass-statement
	# bash "pass" statement: could just delete the "else" statement, but retained for testing and illustration:
	:
	fi


	# =================================
	# 3. INTERNET CONNECTION SPEED TEST
	# =================================

	printf '\n\tInternet speed test (will take ~25+ sec ...): '

	# ----------------------------------------
	# http://stackoverflow.com/questions/12498304/using-bash-to-display-a-progress-working-indicator

	spin[0]="-"
	spin[1]="\\"
	spin[2]="\|"
	spin[3]="/"

	# http://stackoverflow.com/questions/20165057/executing-bash-loop-while-command-is-running

	#pid=$(pgrep speedtest)
	#echo $pid

	speedtest > .st.txt & ## & : continue running script
	pid=$! ## PID of last command

	# If this script is killed, kill 'speedtest':
	trap "kill $pid 2> /dev/null" EXIT

	# While 'speedtest' is running:
	while kill -0 $pid 2> /dev/null; do
	for i in "${spin[@]}"
	do
	echo -ne "\b$i"
	sleep 0.1
	done
	done

	# Disable the trap on a normal exit:
	trap - EXIT

	# ----------------------------------------

	printf "\n\t "
	grep Download: .st.txt
	printf "\t "
	grep Upload: .st.txt
	echo ''
	rm -f st.txt

	# ----------------------------------------

	# Sound notification: speedtest complete
	beep() {
	#for i in 1 2 3
	for i in 1
	do
	{
	#aplay alarm-frenzy.mp3 ## << aplay cannot play MP3 files; use WAV
	#aplay beep.wav
	#aplay ding.wav
	aplay /mnt/Vancouver/Programming/scripts/PHASER.WAV
	#aplay /mnt/Vancouver/Programming/scripts/KenbeepLoud.wav
	sleep 1
	} &> /dev/null
	## re: above - suppresses aplay echo in terminal, per:
	## http://stackoverflow.com/questions/18062778/how-to-hide-command-output-in-bash
	done
	}

	# call the (above) function:
	beep

	<< COMMENT
	GET_VPN=$(nmcli con show \| grep tun0 \| cut -d ' ' -f1)

	if [[ $GET_VPN == "tun0" ]]
	then
	printf "\t VPN connection: online\n\t IP address: "
	wget -qO- http://ipecho.net/plain; echo
	printf "\t (172.98.67.xxx : PIA - Toronto server)\n"
	else
	printf "\t*** VPN down :-( ***\n\tIP address: "
	wget -qO- http://ipecho.net/plain; echo
	echo
	fi
	COMMENT


	==============================================================================
	SCRIPT - vpn_stat.sh
	==============================================================================

	#!/bin/bash

	# /mnt/Vancouver/Programming/scripts/vpn_stat.sh

	# ----------------------------------------
	# CHECK VPN STATUS:
	# -----------------

	#echo ''

	# https://nuxview.blogspot.ca/2016/09/i3blocks-vpn-status-notifier.html

	vpn_status() {
	GET_VPN=$(nmcli con show \| grep tun0 \| cut -d ' ' -f1)

	if [[ $GET_VPN == "tun0" ]]
	then
	echo -ne " VPN up \r"
	else
	# http://misc.flogisoft.com/bash/tip_colors_and_formatting
	# echo -e "\e[35m\e[1m VPN DOWN\e[0m"
	#
	#echo -ne " VPN down \r"
	echo -e "\e[35m\e[1m VPN DOWN\e[0m \r"
	fi
	}

	while true; do clear; vpn_status; sleep 10; done

	# TEST:
	# sudo systemctl stop pia@CA_Toronto


	==============================================================================
	EXAMPLES
	==============================================================================

	Restart VPN:
	------------

	sudo systemctl restart NetworkManager.service
	sudo systemctl stop pia@CA_Toronto
	sudo systemctl start pia@CA_Toronto

	[If needed:] Restart networking:
	--------------------------------

	[sudo systemctl enable NetworkManager.service] ## you only need to do this once (ever), when installing the service

	sudo systemctl restart NetworkManager.service


	Check VPN:
	----------

	[victoria@victoria ~]$ date
	Wed Apr 12 10:57:41 PDT 2017

	[victoria@victoria ~]$ vpn ## << can also use alias: int ['internet check']

	[Checking internet and VPN connectivity (will restart if/as needed)]
	[sudo] password for victoria:

	Internet connection: online
	IP address: 172.98.67.8
	city: Toronto
	region: British Columbia
	country: CA
	VPN connection: online!

	Internet speed test (will take ~25+ sec ...): /
	Download: 21.75 Mbit/s
	Upload: 5.72 Mbit/s


	If that command fails, restart the VPN:

	sudo systemctl restart pia@CA_Toronto


	==============================================================================
	Q.E.D.! :-D
	==============================================================================