DietPi icon indicating copy to clipboard operation
DietPi copied to clipboard
verified publisher icon MichaIng

DietPi-VPN | ProtonVPN

Open ghost opened this issue 8 months ago • 6 comments

ghost avatar Apr 27 '25 13:04 ghost

I guess this could be related https://www.reddit.com/r/ProtonVPN/comments/1k3lrl5/great_the_httpsapiprotonvpnchvpnlogicals_api_has/

Joulinar avatar Apr 27 '25 13:04 Joulinar

Yeah or this deprecation notice: https://github.com/Rafficer/linux-cli-community?tab=readme-ov-file#deprecation-notice

Someone says it still works when being logged in, respectively when adding an authentication token to the request. @black00019 do you have a token as alternative to user/password and is it somehow visibly added to the URL in browser when accessing the ProtonVPN website, so that you could test adding that query string to https://api.protonvpn.ch/vpn/logicals?

MichaIng avatar Apr 27 '25 13:04 MichaIng

And when you login into ProtonVPN website/interface, can you then open https://api.protonvpn.ch/vpn/logicals in that browser from there?

MichaIng avatar Apr 27 '25 17:04 MichaIng

I guess they have disabled the API completely

Joulinar avatar Apr 28 '25 07:04 Joulinar

Yeah, or at least we'd first need to find out how to add a token to the request. At least, if this works, the same token can then be used for VPN connection instead of username/password.

MichaIng avatar Apr 28 '25 11:04 MichaIng

I can confirm, that https://api.protonvpn.ch/vpn/logicals API still works. However Proton does not suggest authentication tokens (aka Bearer) for personal accounts (I did not find) - only for business and only in the scope of identities management: https://protonvpn.com/support/scim-provisioning-api

For personal accounts you have to use your username+password + optional 2FA for login. After successful login you will get auth cookies, that could be reused for subsequent API calls with any client of your choice (WEB browser, curl, wget, postman, etc). When you log out, cookies are invalidated immediately, the same happens after timeout.

For that reason, I can suggest three options here:

  • reverse engineering of the official ProtonVPN client for Linux - I use it at my home Linux desktop every day and it works good. But it also uses the same username+password+2FA authentication scheme. In my opinion, this option does not worth the efforts - we will be always behind Proton continuously trying to catch up with never-ending changes;
  • rewrite dietpi-vpn script to pass previously mentioned user cookies inside curl https://api.protonvpn.ch/vpn/logicals command - here is an example, how another project solves similar kind of problem. Sounds as an option, but very sophisticated;
  • rewrite dietpi-vpn script to follow standard and supported way of using ProtonVPN on headless machines. Yes, it is not scalable and not very elegant, however it is a working setup representing more or less stable interface. In my opinion, this option is the best one - easy to implement and fits very well into existing script. It also should preserve already available functionality the script provides.

dandycyclone avatar Sep 20 '25 21:09 dandycyclone