36

I'm an Ubuntu GNOME user and I was wondering if there is a way to be able to automatically reconnect to a VPN on disconnection. I'm using the OpenVPN protocol.

I've checked Network Manager thoroughly but could not find such an option, only to connect to the VPN when connected to a specific WiFi.

SNH
  • 963
  • I have this problem and I am not using OpenVPN. It is openconnect and fortisslvpn. – Sia Aug 08 '23 at 14:37

7 Answers7

63

As of 18.10 (cannot check in earlier versions) VPN connections in NetworkManager have a setting vpn.persistent which does just that: reconnects to a VPN on connection loss until you disconnect manually. It is set to "no" by default and unfortunately isn't exposed neither in Gnome Network Settings nor in nm-connection-editor.

But you can set it through a CLI like this:

nmcli connection modify <Your VPN connection name> connection.autoconnect-retries 0
nmcli connection modify <Your VPN connection name> vpn.persistent yes

The connection must exist before you do that, of course. And autoconnect-retries 0 actually means "retry forever".

Also note that these settings get reset occasionally, probably with updates to NetworkManager or related packages, so you need to check them and correct back.

sources:

m0NKey bR4in
  • 961
  • 2
    this is what I wanted. Thanks a million – Wyatt Ward Jun 03 '19 at 22:39
  • Since this setting is available, why doesn't network settings show it? And where / how did you find out? There is no mention of this at https://developer.gnome.org/NetworkManager/stable/nmcli.html but since running the command seems to succeed I guess it works... – Al F Jul 29 '19 at 12:48
  • 1
    @alf I think I found this setting just by poking at nmcli in the terminal, but it's also documented at https://developer.gnome.org/NetworkManager/stable/nm-settings.html#id-1.2.7.4.41 and in nm-settings man page – m0NKey bR4in Nov 23 '19 at 18:22
  • If you have multiple connections, can you use this solution for all of them... assuming that it will recognize the current connection, and not attempt to connect the connections not currently being used? – nightwatch Jul 24 '20 at 07:07
  • 4
    Use "nmcli con show" to list VPN names in the terminal (as well as wifi connection names) – Shadi Oct 23 '20 at 08:56
  • ... and nmcli connection show <Connection Name> to show all the settings/details of the connection – Bruno Grieder Dec 01 '20 at 07:52
  • Probably it's out of scope of the answer, but vpn.persistent yes doesn't reconnect when you re-login in the system (e. g. open your laptop back) – Tarasovych Jan 13 '23 at 06:36
  • 1
    On 22.04 at least, I also needed connection.autoconnect yes. – bparker Jan 18 '23 at 15:16
  • comment about connection.autoconnect yes seems incorrect per man nm-settings-nmcli documentation (or online). I say this because the entry for connection.autoconnect specifically mentions "Note that autoconnect is not implemented for VPN profiles. See "secondaries" as an alternative to automatically connect VPN profiles." - AFAIU secondaries is more for initial auto-connect after log into Linux session (at least thats how I use it). Also vpn.persistent still exists with no plans to deprecate as of nmcli v1.42.8 – zpangwin Jan 28 '24 at 03:17
22

OpenVPN has a build-in mechanism to automatically detect dead links and reconnect. In Network Manager go to "Edit Connections", select your VPN connection and choose "Edit". In the "VPN" tab click on "Advanced..." and go to the "General" Tab. There you have two relevant options:

"Specify ping interval" tell OpenVPN how frequently to check if the link is still alive. "Specify exit or restart ping" tells it how long to wait until it takes action and which action to take.

Example: My setting are "30 / ping-restart / 300". This means OpenVPN checks every 30 seconds if the link is still active. If the link is down for 300 seconds it initiates a restart.

This way there is no need for external scripts...

OttoEisen
  • 766
1

TLDR: None of these answers worked. I switched to wireguard (https://www.wireguard.com/install/)

sudo apt install wireguard

And then followed the wireguard setup from my VPN provider.

Details:

This issue was happening for me on Ubuntu 20.04. I tried the top two answers under this question (MonkeyBrain: https://askubuntu.com/a/1103326/327631 and OttoEisen: https://askubuntu.com/a/779391/327631), separately and together and the issue still occurred.

After using sudo grep openvpn /var/log/syslog I saw:

Mar  9 01:36:06 **** nm-openvpn[429236]: [vpn-ch5] Inactivity timeout (--ping-restart), restarting
Mar  9 01:36:06 **** nm-openvpn[429236]: SIGUSR1[soft,ping-restart] received, process restarting
Mar  9 01:36:11 **** nm-openvpn[429236]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
...
Mar  9 01:36:31 **** nm-openvpn[429236]: Server poll timeout, restarting
Mar  9 01:36:31 **** nm-openvpn[429236]: SIGUSR1[soft,server_poll] received, process restarting
...
Mar  9 01:36:46 **** nm-openvpn[429236]: WARNING: Failed running command (--up/--down): could not execute external program
Mar  9 01:36:46 **** nm-openvpn[429236]: Exiting due to fatal error

And some of those logs led to this answer which also did not fix the issue:

https://askubuntu.com/a/906055/327631

Finally found this from my VPN provider, which also did not solve the problem!

sudo mkdir -p /etc/openvpn/scripts

sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -P /etc/openvpn/scripts/


sudo chmod +x /etc/openvpn/scripts/update-systemd-resolved

Then edit your OpenVPN client file (e.g. *.ovpn) by adding the up/down scripts. Add these 3 lines after the line where it shows your server name (e.g. remote servername.vpn.com 443 TCP):

script-security 2 
up /etc/openvpn/scripts/update-systemd-resolved 
down /etc/openvpn/scripts/update-systemd-resolved

So I gave up and switched to wireguard (https://www.wireguard.com/install/)

sudo apt install wireguard

And then followed the wireguard setup from my VPN provider.

Kestrell
  • 66
1

After a bit of digging I found this answer, tested it (on Ubuntu GNOME 15.04) and so far it seems working.

The only thing I might add is that once the script file is created it doesn't necessarily need to be saved to your /home folder. You can save it anywhere, make it executable and add it to the list of startup programs.

SNH
  • 963
0

I think the complete answer based on other answers goes as follow :

#!/bin/bash +x
  while [ "true" ]
   do
        CON="Your-VPN-Name"
        STATUS=`nmcli con show --active | grep $CON | cut -f1 -d " "`
        if [ -z "$STATUS" ]; then
                echo "Disconnected, trying to reconnect..."
                (sleep 1s && nmcli con up $CON)
        else
                echo "Already connected !"
        fi
        sleep 30
   done
ali mohebbi
  • 1
0

After claiming it was a SMOP (Simple Matter of Programming), I wrote a bash script that monitors for "Link Down", then executes a user script. Less CPU usage, more responsive than the while true....sleep 30 method. See my answer at here. It's about "rotating WiFi connections", but will probably work for you, too

Community
  • 1
waltinator
  • 36,399
0

this script will work on 16.04 where nmcli con status no longer works:

#!/bin/bash
CON="purple"
STATUS=`nmcli con show --active | grep purple | cut -f1 -d " "`
if [ -z "$STATUS" ]; then
    nmcli con up $CON
fi
derHugo
  • 3,356
  • 5
  • 31
  • 51
george
  • 1
  • A bit shorter STATUS="$(nmcli con show -f name | grep purple)". Or you can simply check if the actual connection is active by doing nmcli con show --active id 'purple' – smac89 May 29 '17 at 02:38