vpnmon [RELEASE] VPNON v1.2 - Script discontinued - please use VPNMON-R2 from here forward...

Viktor Jaep

Very Senior Member
v1.2 - Now with even more SuperRandom(tm) goodness!!
Updated May 02, 2022

Executive Summary: VPNON 1.2 (VPNON.SH) is an all-in-one script which compliments @JackYaz's VPNMGR program to maintain a NordVPN/PIA/WeVPN setup, though this is not a requirement, and can function without problems in a standalone environment using the options/parameters below. VPNON is meant to be run with a CRU job in order to reset and randomly connect to a new VPN server each day, or multiple times a day/week, at a different location specified within VPNMGR through NordVPN/PIA/WeVPN. It also optionally downloads a list of US-based NordVPN server IP addresses, and optionally adds them to the Skynet whitelist each time this runs, as these frequently change. Set the variable below to enable/disable this functionality. Logging has been added to capture relevant events for later review.

VPNON is free to use under the GNU General Public License version 3 (GPL 3.0).

This project is hosted on GitHub

Changelog here / What's new: YazFi Integration + Multi-Country support

The Problem I was trying to solve​

  • As a VPNMGR user, I had 5 different NordVPN VPN Client configurations populated on my Asus router running Merlin FW, each with a different city. I wanted a way for my VPN connection to reset each night, so that it would randomly select and connect to a different configuration, thus endpoint, so that I wouldn't be connected to the same city 24x7x365.
  • NordVPN has thousands of VPN endpoint servers which change frequently, depending on the distance or latency from your location scattered across the globe. On several occations, my Asus-Merlin-based Skynet firewall would block these VPN servers, and wanted to make sure I had a way to find all the latest VPN server IPs, and add them to the Skynet whitelist.
  • Above all, I wanted to make this script flexible enough for those who aren't running VPNMGR, using NordVPN or making use of the Skynet Firewall, so options have been built-in to bypass this functionality to make it usable in any VPN usage scenario.

How is this script supposed to run?​

Personally, I run this script 1x a day at night using a CRU job. But you can run it as much as you want... read up on CRU formatting. Secondarily, this script is also integrated directly into my other program, VPNMON-R2, and runs when it detects that the VPN connection has dropped. Here are some instructions and steps to make a nightly job happen:
  1. Download and install from your favorite SSH tool, copy & paste this command:
    Code:
    curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNON/master/vpnon-1.2.sh" -o "/jffs/scripts/vpnon.sh" && chmod a+rx "/jffs/scripts/vpnon.sh"
  2. To initially configure this script, open up a dedicated SSH window, and simply execute the script:
    Code:
    sh /jffs/scripts/vpnon-r2.sh -config
  3. Once you've successfully configured the various options, you can run the script using this command:
    Code:
    sh /jffs/scripts/vpnon-r2.sh -reset
  4. To run this script every night at 01:00 (for instance), from a command prompt, enter:
    Code:
    cru a vpnon "00 01 * * * /jffs/scripts/vpnon.sh -reset"
  5. To ensure that this job is added each time after you reboot your router, make sure you add this cru statement above to your "services-start" file.

What this script does​

  1. Kills all VPN Clients, if they're running or not
  2. Updates Skynet whitelist with all US-based NordVPN endpoint IP addresses (optional) - FYI, you can easily change this for the country of your choice.
  3. Updates VPNMGR cache with recommended NordVPN/PIA/WeVPN endpoint information (optional), and merges/refreshes these changes with your Merlin VPN Client configurations
  4. Uses a randomizer to pick one of 5 different VPN Clients to connect to (configurable between 1 and 5)
  5. Initiates the connection to the specified VPN endpoint.
  6. Logs major events (resets/connection errors/etc) to /jffs/scripts/vpnmon-r2.log (optional)
  7. Added a new API lookup to display the VPN exit node city/location on screen and in the logs. This API is free, and guarantees at least 1000 lookups per month. In lieu of doing a lookup each single refresh interval, a location lookup is only done when VPNON is doing a reset.
  8. Added the concept of SuperRandom(tm) NordVPN Connections! This is a NordVPN feature only! When enabled (NordVPNSuperRandom=1), it will fill your VPN client slots with random VPN servers across the country of your choice (set by the NordVPNCountry variable). Distance, load, and performance be damned!!
  9. Added an integrated configuration utility (by running "vpnon.sh -config") that steps you through all the options and saves results to a config file, without the need to manually edit and configure the script itself.
  10. Added a script update checker, which notifies you when a new version becomes available while the script is running and within the logs, and allows you to easily download an install the latest script by using the 'vpnon.sh -update' command.
  11. Added the ability to specify up to 2 additional NordVPN countries (for a total of 3) to randomly pick VPN servers located within that country. Yes, we have gone completely international!
  12. Happy to report that VPNON now integrates beautifully with YazFi - the premier expanded guest network utility for Merlin firmware! For those running multiple guest networks, VPNON can now automatically update your guest network slots with the latest VPN slot that VPNON just made a connection to, then performs the necessary steps to make YazFi acknowledge the change to ensure your guest client devices continue to work without interruption!

What if I'm not running VPNMGR/NordVPN(PIA/WeVPN)/Skynet?​

  1. As long as your VPN slots are configured and tested using the VPN provider of your choice, this script will run perfectly fine, and can monitor, reset and randomly start a new VPN client slot for you each day. Please know, this script was written to compliment VPNMGR, and gives a heavy preference to NordVPN, but neither is required.
  2. While stepping through the configuration utility ("vpnon.sh -config"), you can choose to disable the ability to update VPNMGR hosts, enable/disable specific NordVPN functionality, and the ability to whitelist the latest NordVPN servers in Skynet.
  3. Let me know how you're using this script! Feel free to post in these forums. ;)

Usage​

  • VPNON is driven with commandline parameters. These are the available options:
    • vpnon.sh -h (or vpnon.sh -help) -- displays a short overview of available commands
    • vpnon.sh -log -- displays the contents of the VPNON activity log in the NANO text editor
    • vpnon.sh -config -- launches the configuration utility and saves your settings to a local config file
    • vpnon.sh -update -- launches the script update utility to download the newest version
    • vpnon.sh -reset -- runs the familiar VPN reset and randomize functionality

Gotchas​

  • If you want to make the integration with VPNMGR, please make sure you have installed VPNMGR, have populated your VPN slots with it, have tested refreshing its cache, and that you are able to successfully connect to NordVPN before running this script. You may find the program and installation/configuration information here: https://www.snbforums.com/threads/v...ent-configurations-for-nordvpn-and-pia.64930/
  • If you don't want to integrate with VPNMGR, or whitelist NordVPN IPs in your Skynet Firewall, etc... please choose to disable this functionality in the configuration utility ("vpnon.sh -config")
  • Make sure you keep your VPN Client slots sequential... don't use 1, 2, and 4... for instance. Keep it to 1, 2, and 3.
  • If you're using the SuperRandom(tm) functionality, please be sure that each of your VPN slots are fully configured, as this function will only replace your "server address" IP and the "description" in NordVPN - [CITY] format. It is also important to disable the VPNMGR update so they don't conflict.
 
Last edited:

Viktor Jaep

Very Senior Member
Screenshots

Sample of vpnon.sh kicking off:
vpnon11-1.PNG


Optionally, it will update and refresh VPNMGR's configuration to update your NordVPN/PIA/WeVPN client slots:
vpnon11-3.PNG


Or, if you choose, enabling SuperRandom(tm) functionality will fill your VPN slots with completely random NordVPN servers:
vpnon11-2.PNG


Example contents of vpnmon-r2.log file:
Screenshot 2022-02-20 12.56.33.png


Here's a view of the new configuration utility that steps you through configurable options without the need to manually edit variables at the top of the script:
vpnon10-config.PNG
 
Last edited:

Viktor Jaep

Very Senior Member
In case anyone is curious how I have VPNMGR and my OVPN client slots setup, here are some screenshots:

Each one of my 5 VPNMGR clients is configured in this same exact way, basically pointing to a different city. I wanted to make sure that it's not doing a scheduled update/reload, because I wanted to control that with this script.
Screenshot 2022-02-20 19.08.44.png


Much of this information in your VPN Client below is populated by VPNMGR, but it's not a requirement. You can have 5 standalone VPN clients configured without the need for VPNMGR for this all to work. NordVPN is configured below to use OpenVPN UDP on port 1194. The "server address" and "description" are being automatically filled in by the VPNMON-R2 script if you enable NordVPNSuperRandom=1
Screenshot 2022-02-20 19.11.11.png

Screenshot 2022-02-20 19.11.56.png


These are the same Custom Configuration settings that VPNMGR makes use of when you enable "Use VPNMGR custom settings?", and work absolutely perfect with NordVPN:
Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
 
Last edited:

Viktor Jaep

Very Senior Member
New NordVPN-only Feature Introduction: SuperRandom(tm)

v0.8 - (Feb 20, 2022)

* Added the concept of SuperRandom(tm) NordVPN Connections! This mode, when enabled (NordVPNSuperRandom=1) -- if you choose to be so incredibly daring and adventurous -- will fill your VPN client slots with random VPN servers across the country of your choice! Distance, load, and performance be damned!! In the US, the number of available VPN servers is up to around 1920, which fluctuates. This option will bypass VPNMGR functionality to update your VPN slots with its recommendations (based on chosen city, performance and load). Thus -- it is assumed that each of your (up to 5) VPN client slots are fully configured and operational! The SuperRandom(tm) function will only replace the "server address" IP and "description" (in a "NordVPN - [City]" format), and reinitiate the connection as usual after losing your connection, having multiple connections going, or after a scheduled reset. Enjoy!
* The NordVPNCountry variable is now available for you to populate with the country of your choice without having to mess around with the code. These are all available country names to choose from: Albania, Argentina, Australia, Austria, Belgium, Bosnia and Herzegovina, Brazil, Bulgaria, Canada, Chile, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hong Kong, Hungary, Iceland, India, Indonesia, Ireland, Israel, Italy, Japan, Latvia, Lithuania, Luxembourg, Malaysia, Mexico, Moldova, Netherlands, New Zealand, North Macedonia, Norway, Poland, Portugal, Romania, Serbia, Singapore, Slovakia, Slovenia, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States, Vietnam.
* Other code optimizations, error catching, and formatting fixes just to make it more pleasing to the eye. ;)
 

SomeWhereOverTheRainBow

Part of the Furniture
In case anyone is curious how I have VPNMGR and my OVPN client slots setup, here are some screenshots:

Each one of my 5 VPNMGR clients is configured in this same exact way, basically pointing to a different city. I wanted to make sure that it's not doing a scheduled update/reload, because I wanted to control that with this script.
View attachment 39672

Much of this information in your VPN Client below is populated by VPNMGR, but it's not a requirement. You can have 5 standalone VPN clients configured without the need for VPNMGR for this all to work. NordVPN is configured below to use OpenVPN UDP on port 1194. The "server address" and "description" are being automatically filled in by the VPNMON-R2 script if you enable NordVPNSuperRandom=1
View attachment 39673
View attachment 39674

These are the same Custom Configuration settings that VPNMGR makes use of when you enable "Use VPNMGR custom settings?", and work absolutely perfect with NordVPN:
Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
Very Nice!
 

machinist

Occasional Visitor
@Viktor Jaep Very nice work, this looks like something I could use.

I don't use VPNMGR as I don't use any of the supported VPN's. I really just need something that will re-run my OVPN connection, so that it picks another "best for now" server. My OVPN config is set to "country" for my provider, so re-running the connection picks a better server. I also have Skynet installed. And this script looks like it does just that, excellent.

My question is in regards to how exactly it works, so let me know if I have this right:

It kills all connections
Updates Skynet whitelist
Re-connects


So, if I have "kill switch" turned on, this would automatically block all internet access the instant it kills the VPN connection, right?

What I'm essentially concerned about is the possible unencrypted connection between the killed OVPN and reconnection. I figure you've thought of this and what I'm asking is redundant, but just making sure.

Thank you
 

Viktor Jaep

Very Senior Member
@Viktor Jaep Very nice work, this looks like something I could use.

I don't use VPNMGR as I don't use any of the supported VPN's. I really just need something that will re-run my OVPN connection, so that it picks another "best for now" server. My OVPN config is set to "country" for my provider, so re-running the connection picks a better server. I also have Skynet installed. And this script looks like it does just that, excellent.

My question is in regards to how exactly it works, so let me know if I have this right:

It kills all connections
Updates Skynet whitelist
Re-connects


So, if I have "kill switch" turned on, this would automatically block all internet access the instant it kills the VPN connection, right?

What I'm essentially concerned about is the possible unencrypted connection between the killed OVPN and reconnection. I figure you've thought of this and what I'm asking is redundant, but just making sure.

Thank you
Thanks @machinist ... in your case, I would disable these features at the top of the script:

Code:
UpdateVPNMGR=0                          # This variable checks to see whether you want to integrate more deeply with
                                        # VPNMGR, and should only do so if you're running NordVPN, PIA or WeVPN. Enabling
                                        # this calls VPNMGR-specific scripts to update your VPN Client configs. Disabling
                                        # this function would make VPNON compatible with any other VPN setup.
                                        # Default = 1, change to 0 to disable, and set NordVPNSuperRandom=1.
UpdateSkynet=0                          # This variable checks to see whether or not to update Skynet Firewall whitelist
                                        # with NordVPN IPs.  Default = 1, change to 0 to disable.

Please remember, that the feature of updating Skynet is for NordVPN only... it basically extracts a current list of VPN end point IPs direct from NordVPN, and whitelists them. I don't have that capability with other types of VPNs, and would be a manual task to figure out on your end unfortunately.

I don't have any familiarity with the killswitch functionality, but I don't think this script will interfere much with it. In your case, after the script kills the VPN connections, it will basically just go through the necessary steps to re-establish the connection, and randomly pick a VPN slot for you. If you only want it to only deal with 1 VPN slot, make sure you change the N value to the number of slots you want it to randomly pick from.

Let me know how it works out for you! :)
 
Last edited:

Viktor Jaep

Very Senior Member
Pleased to announce an update to VPNON. Yes, I've skipped v0.9, only because Microsoft skipped Windows 9. ;)

v1.0 - (Mar 16, 2022)
* Bringing some of the capabilities over from VPNMON-R2 into VPNON to give it some similar functionality in the area of configuration and the use of commandline switches to execute or configure the script.
* Added an integrated configuration utility that steps you through all available configurable options to give you the most compatible experience for your setup. This tools makes the experience much more pleasing than having to deal with manually editing (and understanding) the options that were available at the top of the script. The configuration tool is called by using the following command: "sh vpnon.sh -config"
* Introduced the capability to use commandline arguments to perform various functions in the script. Available commands are (1) -h or -help -- to display a quick overview of available commands, (2) -log -- to display the contents of the log file within the NANO text editor, (3) -config -- this runs the configuration utility, and steps you through all available options, and writes your selections to a config file, and (4) -reset -- this runs VPNON as it normally would to perform a complete reset and random reconnection on one of your VPN slots.
* Moved all working files (config, log) to its own dedicated folder named "vpnon.d" under "/jffs/addons". The main script can still be found under "/jffs/scripts/vpnon.sh"
* Various optimizations and small bug fixes (more like annoyances that bother my OCD).
 

Viktor Jaep

Very Senior Member
v1.1 - (Mar 18, 2022)
* Again, added functionality to bring more in line with VPNMON-R2's features and capabilities
* Added for the capability of VPNON to check for a new version on a periodic basis, and will alert you when you run the script, or is noted in the log when a new version becomes available for download. From v1.1 moving forward, the script will provide for the capability to check and alert you for new updates.
* Added a new commandline argument to the list of available commands: "sh vpnon.sh -update" -- this runs the script update utility which downloads and installs the latest version from the github repository.
* Minor optimizations and enhancements

vpnon11-4.png
 

Viktor Jaep

Very Senior Member
v1.2 - (May 02, 2022)
* Always looking to bring the best of VPNMON-R2 to VPNON... and this update is no different! :)
* The big news today is that VPNON is now able to integrate with YazFi! Thanks to @iTyPsIDg or the great suggestion! Using the setup utility (-config switch), you can now specify which of the 3 x 2.4Ghz, 5Ghz and secondary 5Ghz guest networks you want to sync with VPNON when it randomly picks a new VPN connection and updates the slot number directly in YazFi. This should make life a lot more bearable for those running multiple guest networks, and wanting to make use of the full power of randomized VPN connections! :)
* The other big news is that VPNON can now also accept 2 additional NordVPN countries for a total of 3 supported countries to randomly connect to! Also configurable through the setup utility (-config switch), you can now specify which additional (up to) 2 countries you want to add. When VPNON goes through it's reset function, it will randomly pick from one of the (up to) 3 countries, optionally whitelist all available NordVPN servers for that country in your Skynet firewall, and optionally make a SuperRandom(r) connection to one out of the many available servers in the specified country! Yes, we have gone international! Thanks goes to @Spud for the excellent suggestion!
* Some more code cleanup, optimizations and expanded on the config menu to handle the new YazFi and multiple country questions during setup.
 
Last edited:

Viktor Jaep

Very Senior Member
Please note: The VPNON project has been discontinued. This thread will be shutting down/no longer monitored. But fear not, even though VPNON dies today, it will rise out of the ashes and continue to function within the VPNMON-R2 project. In an upcoming release, you will be able to call "vpnmon-r2 -reset", and will produce the same desired effect as VPNON did, if you were using CRON to randomly reset your connections. My reasoning is: why try to maintain almost 2 similarly functioning products when I could just continue putting all my efforts into the one... it's basically a win-win. ;)

From this point forward, please direct all questions, comments, or feature requests in the VPNMON-R2 thread: https://www.snbforums.com/threads/r...witching-nord-surfshark-perfectprivacy.76748/

Thank you!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top