proxpn-bash-client icon indicating copy to clipboard operation
proxpn-bash-client copied to clipboard

Published 20 hours ago verified publisher icon MattSurabian

Close Apps on Disconnect

Open MattSurabian opened this issue 8 years ago • 6 comments

I've had some requests to make this script cause apps to close on disconnect like the native ProXPN clients do. I don't believe there is a way to do this with OpenVPN itself but there might be another way to notify processes if given their ID or name?

This issue is to brainstorm possible solutions

MattSurabian avatar Mar 14 '16 20:03 MattSurabian

xargs + killall with a list of command names seems like the simplest way to do this off the top of my head.

The problem would be getting a trigger. Does openvpn return when the connection is lost, or does it prompt to reconnect?

wmdiem avatar Mar 15 '16 05:03 wmdiem

Usefull: https://github.com/primaryobjects/vpndemon

MattSurabian avatar Mar 17 '16 01:03 MattSurabian

VPNdemon relies on networkmanager to detect when the tunnel interface goes down, so if you are aiming for portability you'll need to find a cross platform method.

I had thought using netcat might work: run it as a server listening on the VPN connection and have it return when the interface it was listening on goes down, but at least in the implementation of nc I have, I just keeps listening and never returns.

wmdiem avatar Mar 21 '16 00:03 wmdiem

Yeah it's a bummer the demon is NetworkManager based though mostly I was curious to see the structure of the script itself.

Worst case, if a cross platform method doesn't shake out we can maybe document third party alternatives on various OSs

MattSurabian avatar Mar 21 '16 01:03 MattSurabian

Wanted to toss my two cents on this conversation.

I use the openvpn native feature 'down' and 'down-pre' to fire scripts that I want executed when a proxpn tunnel is torn down.

It does require that you also have 'script-security' set to 2 at the minimum, which is something to be mindful of.

But I'm finding the 'down script' automation works well enough as long as the openvpn thread gets a SIGTERM signal. ((Apparently SIGQUIT doesn't cause it to fire the 'down script'))

After a couple hours tinkering I have the proxpn bash client running as an init-script. That, after some small changes to /usr/local/bin/proxpn where it reads in the proxpn.ovpn config file. I wanted to move the .ovpn and other config files to /etc/proxpn where they could assume a more service-y type role.

Service goes up, and I'm on the VPN.

Service goes down, and the openvpn Down trigger executes the script provided.

It's pretty rough, and I'd like to refactor openvpn to shed root privileges after launch (which requires some specially crafted sudoers rights for the _openvpn user account to access route and ifconfig), but it works neatly enough.

james-mcgoodwin avatar May 02 '16 12:05 james-mcgoodwin

Sorry for the late reply here, but I've been playing around with down and down-pre as well but wasn't sure how to handle those cases where the down scripts don't run. Haven't found anything better than what you've suggested here.

What I need help figuring out is:

How do we help folks configure the programs they want killed if the VPN goes does? What is that user experience?

MattSurabian avatar May 28 '16 04:05 MattSurabian