What's new

vpnmgr vpnmgr - Manage and update VPN Client configurations for NordVPN and PIA

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Which VPN provider do you use?


  • Total voters
    315
WeVPN is the only other at the moment
ok Thanks There are so many of them it would be next to impossible to account for all of them thanks so much for all you do I really appreciate you i dont reckon theres a period on this mouse must be that time of month..
 
It would be great if we could manually select a specific server of specific country.
List all servers in X country and select one from the list. (NORD VPN)
 
It would be great if we could manually select a specific server of specific country.
List all servers in X country and select one from the list.
At best I could list the top X recommended servers for NordVPN. Parsing the list is just too mich for the little CPU. What's the use case for this as opposed to using the one that is recommended?
 
At best I could list the top X recommended servers for NordVPN. Parsing the list is just too mich for the little CPU. What's the use case for this as opposed to using the one that is recommended?
For months the NordVPN stupid algo picks a broken server from "Standard" type server for my country (same thing if I use a web browser extension) and the P2P works fine but picks my ISP company server. I know for sure there are much better standard servers for my country but almost never picked up because they are a bit more loaded (still got enough room).
It would be great to have 10 top servers .

Either way, your script is absolutely great and a life savior :)

Also forgot to ask if it was possible to switch between 1-5 profiles . For example, I want to configure 1 VPN client with a server from my country and a second one for a server abroad - when I select 1 the second is turns off and when I select the second client the first turns off and second on.
 
Would it be possible to have vpnmgr automatically reload/update a VPN Client configuration if the client goes into an error state? Every once in a while I notice that one of my VPN clients is in an error and since I block access without a VPN, it means the internet is down until I can manually log in to refresh.
 
At best I could list the top X recommended servers for NordVPN. Parsing the list is just too mich for the little CPU. What's the use case for this as opposed to using the one that is recommended?
What if we could add a blacklist of servers? This might help Delusion's use case. I have a similar use case in which my banks block some of Nord's servers. A refresh usually switches to a different server and then all is well. If I could just make note of the server with an issue and add it to a blacklist, that would work well.
 
@Jack Jaz,

I currently use the "standard" ovpn files for PIA VPN.

I noticed when I make any changes using "vpnmgr" the custom configuration box gets automatically loaded with additional lines compared to what's inside the actual opvn file that I use from the PIA webiste.

For instance, the downloaded opvn file (downloaded thru PIA website) has the following lines when uploading file thru the original GUI under custom configuration:

Code:
resolv-retry infinite
cipher aes-128-cbc
tls-client
remote-cert-tls server
disable-occ

This is what's inside the custom configuration box when using vpnmgr:

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3

I don't think the additional lines should be there correct? Any info is greatly appreciated.
 
@Jack Jaz,

I currently use the "standard" ovpn files for PIA VPN.

I noticed when I make any changes using "vpnmrg" the custom configuration box gets automatically loaded with additional lines compared to what's inside the actual opvn file that I use from the PIA webiste.

For instance, the downloaded opvn file (downloaded thru PIA website) has the following lines when uploading file thru the original GUI under custom configuration:

Code:
resolv-retry infinite
cipher aes-128-cbc
tls-client
remote-cert-tls server
disable-occ

This is what's inside the custom configuration box when using vpnmgr:

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3

I don't think the additional lines should be there correct? Any info is greatly appreciated.
vpnmgr applies extra configuration which should provide a fast and stable connection
 
vpnmgr applies extra configuration which should provide a fast and stable connection
I appreciate the quick response!!! Thanks alot!
 
@Jack Yaz - I've noticed that I sometimes switch to my UK VPN instead of staying in the US. If I go to the VPN Client and simply click Apply (don't change anything) it correctly uses my routing rules to put me back on the US VPN. I'm not sure if this is the correct place to post this issue.

I have my LAN and Guest 1 use the US VPN with the following routing rules:
1613663181228.png

I have the UK VPN use the following routing rules for Guest 2:
1613663260127.png

Is this a vpnmgr issue or is this somewhere else? I also noticed that when this happens, my Guest 1 network loses internet access. I am fairly certain it is a routing hiccough, but I don't know where to begin to find the culprit so I can identify a fix.
 
I find this code very useful to check on the status.
Code:
echo -e "\n\t"RPDB Rules;ip rule;echo;for I in 1 2 3 4 5;do [ -n "$(nvram get vpn_client${I}_addr)" ] && echo -e "\t"Client ovpnc$I port $(nvram get vpn_client${I}_port) $(nvram get vpn_client${I}_proto) || echo -e "\t"Client ovpnc${I} NOT configured;ip route show table 11$I |  grep -E "^0\.|^128.|^default|^prohibit|tun1";done;echo -e "\n\t"Table main;ip route show table 254 | grep -E "^0\.|^128.|^default"; echo -e "\n\n\tFWMARK Tagging";iptables -nvL PREROUTING -t mangle --line;echo -e "\n\n\tPort Forward";nvram get vts_rulelist
 
I find this code very useful to check on the status.
Code:
echo -e "\n\t"RPDB Rules;ip rule;echo;for I in 1 2 3 4 5;do [ -n "$(nvram get vpn_client${I}_addr)" ] && echo -e "\t"Client ovpnc$I port $(nvram get vpn_client${I}_port) $(nvram get vpn_client${I}_proto) || echo -e "\t"Client ovpnc${I} NOT configured;ip route show table 11$I |  grep -E "^0\.|^128.|^default|^prohibit|tun1";done;echo -e "\n\t"Table main;ip route show table 254 | grep -E "^0\.|^128.|^default"; echo -e "\n\n\tFWMARK Tagging";iptables -nvL PREROUTING -t mangle --line;echo -e "\n\n\tPort Forward";nvram get vts_rulelist
It just happened again.

Here is the before and after:
Code:
        RPDB Rules
0:      from all lookup local
10001:  from all to 192.168.1.254 lookup main
10101:  from 192.168.50.0/24 lookup ovpnc1
10102:  from 192.168.101.0/24 lookup ovpnc1
10103:  from 192.168.111.0/24 lookup ovpnc1
10301:  from 192.168.102.0/24 lookup ovpnc2
10302:  from 192.168.112.0/24 lookup ovpnc2
32766:  from all lookup main
32767:  from all lookup default

        Client ovpnc1 port 1194 udp
default via 10.8.1.1 dev tun12
10.8.1.0/24 dev tun11  proto kernel  scope link  src 10.8.1.7
        Client ovpnc2 port 1194 udp
10.8.1.0/24 dev tun12  proto kernel  scope link  src 10.8.1.2
        Client ovpnc3 NOT configured
        Client ovpnc4 NOT configured
        Client ovpnc5 NOT configured

        Table main
default via 192.168.1.254 dev eth0


        FWMARK Tagging
Chain PREROUTING (policy ACCEPT 4673 packets, 1219K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1    1834K 2384M BWDPI_FILTER  udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0

Code:
        RPDB Rules
0:      from all lookup local
10001:  from all to 192.168.1.254 lookup main
10101:  from 192.168.50.0/24 lookup ovpnc1
10102:  from 192.168.101.0/24 lookup ovpnc1
10103:  from 192.168.111.0/24 lookup ovpnc1
10301:  from 192.168.102.0/24 lookup ovpnc2
10302:  from 192.168.112.0/24 lookup ovpnc2
32766:  from all lookup main
32767:  from all lookup default

        Client ovpnc1 port 1194 udp
default via 10.8.0.1 dev tun11
10.8.0.0/24 dev tun11  proto kernel  scope link  src 10.8.0.4
        Client ovpnc2 port 1194 udp
10.8.1.0/24 dev tun12  proto kernel  scope link  src 10.8.1.2
        Client ovpnc3 NOT configured
        Client ovpnc4 NOT configured
        Client ovpnc5 NOT configured

        Table main
default via 192.168.1.254 dev eth0


        FWMARK Tagging
Chain PREROUTING (policy ACCEPT 529 packets, 169K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     4054 1947K BWDPI_FILTER  udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0

It looks like when it happens it switched my default to 10.8.1.1 which is the UK connection. It should be 10.8.0.1. The question is, why?
 
It just happened again.

Here is the before and after:
Code:
        RPDB Rules
0:      from all lookup local
10001:  from all to 192.168.1.254 lookup main
10101:  from 192.168.50.0/24 lookup ovpnc1
10102:  from 192.168.101.0/24 lookup ovpnc1
10103:  from 192.168.111.0/24 lookup ovpnc1
10301:  from 192.168.102.0/24 lookup ovpnc2
10302:  from 192.168.112.0/24 lookup ovpnc2
32766:  from all lookup main
32767:  from all lookup default

        Client ovpnc1 port 1194 udp
default via 10.8.1.1 dev tun12
10.8.1.0/24 dev tun11  proto kernel  scope link  src 10.8.1.7
        Client ovpnc2 port 1194 udp
10.8.1.0/24 dev tun12  proto kernel  scope link  src 10.8.1.2
        Client ovpnc3 NOT configured
        Client ovpnc4 NOT configured
        Client ovpnc5 NOT configured

        Table main
default via 192.168.1.254 dev eth0


        FWMARK Tagging
Chain PREROUTING (policy ACCEPT 4673 packets, 1219K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1    1834K 2384M BWDPI_FILTER  udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0

Code:
        RPDB Rules
0:      from all lookup local
10001:  from all to 192.168.1.254 lookup main
10101:  from 192.168.50.0/24 lookup ovpnc1
10102:  from 192.168.101.0/24 lookup ovpnc1
10103:  from 192.168.111.0/24 lookup ovpnc1
10301:  from 192.168.102.0/24 lookup ovpnc2
10302:  from 192.168.112.0/24 lookup ovpnc2
32766:  from all lookup main
32767:  from all lookup default

        Client ovpnc1 port 1194 udp
default via 10.8.0.1 dev tun11
10.8.0.0/24 dev tun11  proto kernel  scope link  src 10.8.0.4
        Client ovpnc2 port 1194 udp
10.8.1.0/24 dev tun12  proto kernel  scope link  src 10.8.1.2
        Client ovpnc3 NOT configured
        Client ovpnc4 NOT configured
        Client ovpnc5 NOT configured

        Table main
default via 192.168.1.254 dev eth0


        FWMARK Tagging
Chain PREROUTING (policy ACCEPT 529 packets, 169K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     4054 1947K BWDPI_FILTER  udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0

It looks like when it happens it switched my default to 10.8.1.1 which is the UK connection. It should be 10.8.0.1. The question is, why?
The after one actually looks ok. VPN Client 1 assigned local IP 10.8.0.0/24 and VPN Client 2 assigned 10.8.1.0/24. Both VPN are in different subnet.
The before one looks like both VPN Client 1 and 2 assigned local IP are in the same subnet (10.8.1.0/24). This will cause problems.
Code:
        Client ovpnc1 port 1194 udp
default via 10.8.1.1 dev tun12
10.8.1.0/24 dev tun11  proto kernel  scope link  src 10.8.1.7
        Client ovpnc2 port 1194 udp
10.8.1.0/24 dev tun12  proto kernel  scope link  src 10.8.1.2

I face the same issue before. We cannot control the assigned IP from VPN provider. When the assigned IP refreshed, both VPN may end up in the same subnet.
What I did is select TCP protocol for VPN Client 2. In my case, the local IP assigned for TCP is 10.7.0.0/24. So it will not clash with the 10.8.0.0/24 assigned from UDP protocol.
 
The after one actually looks ok. VPN Client 1 assigned local IP 10.8.0.0/24 and VPN Client 2 assigned 10.8.1.0/24. Both VPN are in different subnet.
The before one looks like both VPN Client 1 and 2 assigned local IP are in the same subnet (10.8.1.0/24). This will cause problems.
Code:
        Client ovpnc1 port 1194 udp
default via 10.8.1.1 dev tun12
10.8.1.0/24 dev tun11  proto kernel  scope link  src 10.8.1.7
        Client ovpnc2 port 1194 udp
10.8.1.0/24 dev tun12  proto kernel  scope link  src 10.8.1.2

I face the same issue before. We cannot control the assigned IP from VPN provider. When the assigned IP refreshed, both VPN may end up in the same subnet.
What I did is select TCP protocol for VPN Client 2. In my case, the local IP assigned for TCP is 10.7.0.0/24. So it will not clash with the 10.8.0.0/24 assigned from UDP protocol.
Correct, 2 UDP clients runs the risk of clash. Use 1TCP and 1 UDP from Nord.
 
Correct, 2 UDP clients runs the risk of clash. Use 1TCP and 1 UDP from Nord.

This is how mine looks like using 1 UDP and 1 UDP from Nord.
Code:
        Client ovpnc1 port 1194 udp
default via 10.8.1.1 dev tun11 
10.8.1.0/24 dev tun11  proto kernel  scope link  src 10.8.1.3 
        Client ovpnc2 port 443 tcp-client
default via 10.7.1.1 dev tun12 
10.7.1.0/24 dev tun12  proto kernel  scope link  src 10.7.1.2
 
The after one actually looks ok. VPN Client 1 assigned local IP 10.8.0.0/24 and VPN Client 2 assigned 10.8.1.0/24. Both VPN are in different subnet.
The before one looks like both VPN Client 1 and 2 assigned local IP are in the same subnet (10.8.1.0/24). This will cause problems.
Code:
        Client ovpnc1 port 1194 udp
default via 10.8.1.1 dev tun12
10.8.1.0/24 dev tun11  proto kernel  scope link  src 10.8.1.7
        Client ovpnc2 port 1194 udp
10.8.1.0/24 dev tun12  proto kernel  scope link  src 10.8.1.2

I face the same issue before. We cannot control the assigned IP from VPN provider. When the assigned IP refreshed, both VPN may end up in the same subnet.
What I did is select TCP protocol for VPN Client 2. In my case, the local IP assigned for TCP is 10.7.0.0/24. So it will not clash with the 10.8.0.0/24 assigned from UDP protocol.
I see. Thanks. By after, I meant after clicking Apply which fixes things. I'll switch client 2 to TCP.

@Jack Yaz - Would this be worth error-proofing it by requiring only one use of UDP?
 
Also, I wonder if this is because I have VPN client one set to refresh every two hours and client two set to refresh every four hours? That means that every four hours they both refresh at the same time.
 
Also, I wonder if this is because I have VPN client one set to refresh every two hours and client two set to refresh every four hours? That means that every four hours they both refresh at the same time.
my 2 NordVPN refresh at the same time every night, but i have 1 tcp and 1 udp due to the aforementioned issue
 
Whats the benefit of allowing vpnmgr refresh every night?

For my setup under 'scheduled update/reload I chosed 'yes' but i untick all the days so it doesn't refresh every night. When it was set to 'no' it would still refresh at midnight.

Just curious if I would benefit to refresh once per day. Thanks.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top