Auto reconnect to VPN on disconnect?

Question

I'm an Ubuntu GNOME user and I was wondering if there is a way to be able to automatically reconnect to a VPN on disconnection. I'm using the OpenVPN protocol.

I've checked Network Manager thoroughly but could not find such an option, only to connect to the VPN when connected to a specific WiFi.

Answer 1

As of 18.10 (cannot check in earlier versions) VPN connections in NetworkManager have a setting vpn.persistent which does just that: reconnects to a VPN on connection loss until you disconnect manually. It is set to "no" by default and unfortunately isn't exposed neither in Gnome Network Settings nor in nm-connection-editor.

But you can set it through a CLI like this:

nmcli connection modify <Your VPN connection name> connection.autoconnect-retries 0
nmcli connection modify <Your VPN connection name> vpn.persistent yes

The connection must exist before you do that, of course. And autoconnect-retries 0 actually means "retry forever".

Also note that these settings get reset occasionally, probably with updates to NetworkManager or related packages, so you need to check them and correct back.

sources:

• https://developer-old.gnome.org/NetworkManager/stable/settings-connection.html
• https://developer-old.gnome.org/NetworkManager/stable/settings-vpn.html

Answer 2

OpenVPN has a build-in mechanism to automatically detect dead links and reconnect. In Network Manager go to "Edit Connections", select your VPN connection and choose "Edit". In the "VPN" tab click on "Advanced..." and go to the "General" Tab. There you have two relevant options:

"Specify ping interval" tell OpenVPN how frequently to check if the link is still alive. "Specify exit or restart ping" tells it how long to wait until it takes action and which action to take.

Example: My setting are "30 / ping-restart / 300". This means OpenVPN checks every 30 seconds if the link is still active. If the link is down for 300 seconds it initiates a restart.

This way there is no need for external scripts...

Answer 3

TLDR: None of these answers worked. I switched to wireguard (https://www.wireguard.com/install/)

sudo apt install wireguard

And then followed the wireguard setup from my VPN provider.

Details:

This issue was happening for me on Ubuntu 20.04. I tried the top two answers under this question (MonkeyBrain: https://askubuntu.com/a/1103326/327631 and OttoEisen: https://askubuntu.com/a/779391/327631), separately and together and the issue still occurred.

After using sudo grep openvpn /var/log/syslog I saw:

Mar  9 01:36:06 **** nm-openvpn[429236]: [vpn-ch5] Inactivity timeout (--ping-restart), restarting
Mar  9 01:36:06 **** nm-openvpn[429236]: SIGUSR1[soft,ping-restart] received, process restarting
Mar  9 01:36:11 **** nm-openvpn[429236]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
...
Mar  9 01:36:31 **** nm-openvpn[429236]: Server poll timeout, restarting
Mar  9 01:36:31 **** nm-openvpn[429236]: SIGUSR1[soft,server_poll] received, process restarting
...
Mar  9 01:36:46 **** nm-openvpn[429236]: WARNING: Failed running command (--up/--down): could not execute external program
Mar  9 01:36:46 **** nm-openvpn[429236]: Exiting due to fatal error

And some of those logs led to this answer which also did not fix the issue:

https://askubuntu.com/a/906055/327631

Finally found this from my VPN provider, which also did not solve the problem!

sudo mkdir -p /etc/openvpn/scripts
sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -P /etc/openvpn/scripts/
sudo chmod +x /etc/openvpn/scripts/update-systemd-resolved 

Then edit your OpenVPN client file (e.g. *.ovpn) by adding the up/down scripts. Add these 3 lines after the line where it shows your server name (e.g. remote servername.vpn.com 443 TCP):

script-security 2 
up /etc/openvpn/scripts/update-systemd-resolved 
down /etc/openvpn/scripts/update-systemd-resolved

So I gave up and switched to wireguard (https://www.wireguard.com/install/)

sudo apt install wireguard

And then followed the wireguard setup from my VPN provider.

Answer 4

After a bit of digging I found this answer, tested it (on Ubuntu GNOME 15.04) and so far it seems working.

The only thing I might add is that once the script file is created it doesn't necessarily need to be saved to your /home folder. You can save it anywhere, make it executable and add it to the list of startup programs.

Answer 5

I think the complete answer based on other answers goes as follow :

#!/bin/bash +x
  while [ "true" ]
   do
        CON="Your-VPN-Name"
        STATUS=`nmcli con show --active | grep $CON | cut -f1 -d " "`
        if [ -z "$STATUS" ]; then
                echo "Disconnected, trying to reconnect..."
                (sleep 1s && nmcli con up $CON)
        else
                echo "Already connected !"
        fi
        sleep 30
   done

Answer 6

After claiming it was a SMOP (Simple Matter of Programming), I wrote a bash script that monitors for "Link Down", then executes a user script. Less CPU usage, more responsive than the while true....sleep 30 method. See my answer at here. It's about "rotating WiFi connections", but will probably work for you, too

Answer 7

this script will work on 16.04 where nmcli con status no longer works:

#!/bin/bash
CON="purple"
STATUS=`nmcli con show --active | grep purple | cut -f1 -d " "`
if [ -z "$STATUS" ]; then
    nmcli con up $CON
fi