Home / ubuntu / Questions / 679059
In Process
SNH
Asked: 2015-09-28 09:24:24 +0800 CST

Auto reconnect to VPN on disconnect?

  • 772

I'm an Ubuntu GNOME user and I was wondering if there is a way to be able to automatically reconnect to a VPN on disconnection. I'm using the OpenVPN protocol.

I've checked Network Manager thoroughly but could not find such an option, only to connect to the VPN when connected to a specific WiFi.

vpn

7 Answers

  1. As of 18.10 (cannot check in earlier versions) VPN connections in NetworkManager have a setting vpn.persistent which does just that: reconnects to a VPN on connection loss until you disconnect manually. It is set to "no" by default and unfortunately isn't exposed neither in Gnome Network Settings nor in nm-connection-editor.

    But you can set it through a CLI like this:

    nmcli connection modify <Your VPN connection name> connection.autoconnect-retries 0
nmcli connection modify <Your VPN connection name> vpn.persistent yes

    The connection must exist before you do that, of course. And autoconnect-retries 0 actually means "retry forever".

    Also note that these settings get reset occasionally, probably with updates to NetworkManager or related packages, so you need to check them and correct back.

    sources:

    • 55

  2. OpenVPN has a build-in mechanism to automatically detect dead links and reconnect. In Network Manager go to "Edit Connections", select your VPN connection and choose "Edit". In the "VPN" tab click on "Advanced..." and go to the "General" Tab. There you have two relevant options:

    "Specify ping interval" tell OpenVPN how frequently to check if the link is still alive. "Specify exit or restart ping" tells it how long to wait until it takes action and which action to take.

    Example: My setting are "30 / ping-restart / 300". This means OpenVPN checks every 30 seconds if the link is still active. If the link is down for 300 seconds it initiates a restart.

    This way there is no need for external scripts...

    • 21

  3. After a bit of digging I found this answer, tested it (on Ubuntu GNOME 15.04) and so far it seems working.

    The only thing I might add is that once the script file is created it doesn't necessarily need to be saved to your /home folder. You can save it anywhere, make it executable and add it to the list of startup programs.

    • 1

  4. TLDR: None of these answers worked. I switched to wireguard (https://www.wireguard.com/install/)

    sudo apt install wireguard

    And then followed the wireguard setup from my VPN provider.

    Details:

    This issue was happening for me on Ubuntu 20.04. I tried the top two answers under this question (MonkeyBrain: https://askubuntu.com/a/1103326/327631 and OttoEisen: https://askubuntu.com/a/779391/327631), separately and together and the issue still occurred.

    After using sudo grep openvpn /var/log/syslog I saw:

    Mar  9 01:36:06 **** nm-openvpn[429236]: [vpn-ch5] Inactivity timeout (--ping-restart), restarting
Mar  9 01:36:06 **** nm-openvpn[429236]: SIGUSR1[soft,ping-restart] received, process restarting
Mar  9 01:36:11 **** nm-openvpn[429236]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
...
Mar  9 01:36:31 **** nm-openvpn[429236]: Server poll timeout, restarting
Mar  9 01:36:31 **** nm-openvpn[429236]: SIGUSR1[soft,server_poll] received, process restarting
...
Mar  9 01:36:46 **** nm-openvpn[429236]: WARNING: Failed running command (--up/--down): could not execute external program
Mar  9 01:36:46 **** nm-openvpn[429236]: Exiting due to fatal error

    And some of those logs led to this answer which also did not fix the issue:

    https://askubuntu.com/a/906055/327631

    Finally found this from my VPN provider, which also did not solve the problem!

    sudo mkdir -p /etc/openvpn/scripts 

sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -P /etc/openvpn/scripts/ 

sudo chmod +x /etc/openvpn/scripts/update-systemd-resolved

    Then edit your OpenVPN client file (e.g. *.ovpn) by adding the up/down scripts. Add these 3 lines after the line where it shows your server name (e.g. remote servername.vpn.com 443 TCP):

    script-security 2 
up /etc/openvpn/scripts/update-systemd-resolved 
down /etc/openvpn/scripts/update-systemd-resolved

    So I gave up and switched to wireguard (https://www.wireguard.com/install/)

    sudo apt install wireguard

    And then followed the wireguard setup from my VPN provider.

    • 1

  5. After claiming it was a SMOP (Simple Matter of Programming), I wrote a bash script that monitors for "Link Down", then executes a user script. Less CPU usage, more responsive than the while true....sleep 30 method. See my answer at here. It's about "rotating WiFi connections", but will probably work for you, too

    • 0

  6. this script will work on 16.04 where nmcli con status no longer works:

    #!/bin/bash
CON="purple"
STATUS=`nmcli con show --active | grep purple | cut -f1 -d " "`
if [ -z "$STATUS" ]; then
    nmcli con up $CON
fi
    • 0

  7. I think the complete answer based on other answers goes as follow :

    #!/bin/bash +x
  while [ "true" ]
   do
        CON="Your-VPN-Name"
        STATUS=`nmcli con show --active | grep $CON | cut -f1 -d " "`
        if [ -z "$STATUS" ]; then
                echo "Disconnected, trying to reconnect..."
                (sleep 1s && nmcli con up $CON)
        else
                echo "Already connected !"
        fi
        sleep 30
   done
    • 0