I’d really like nordvpn to survive sleep/resume events but of course, if the remote end doesn’t hear from my laptop then it’s going to drop the connection. Fair enough, I’m happy to do a disconnect before sleep and a re-connect on resume as long as I can automate it – I have the usual thing in /usr/lib/systemd/system-sleep/sleep-stuff (below).
But it doesn’t quite work. On resume, ‘nordvpn connect’ is run and the routing table looks good if observed immediately (ie from within the sleep/resume script:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.8.1.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlp3s0
10.8.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
103.137.12.219 192.168.0.1 255.255.255.255 UGH 0 0 0 wlp3s0
128.0.0.0 10.8.1.1 128.0.0.0 UG 0 0 0 tun0
172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
172.16.71.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp3s0
Unfortunately, by the time I log in, the routing table has been zapped back to non-vpn mode by ‘something’, I don’t know what, maybe NetworkManager:
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlp3s0
172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
172.16.71.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp3s0
nordvpn status reports that its working:
$ nordvpn status
Status: Connected
Current server: au492.nordvpn.com
Country: Australia
City: Brisbane
Your new IP: 144.48.39.91
Current technology: OpenVPN
Current protocol: UDP
Transfer: 7.89 MiB received, 6.00 MiB sent
Uptime: 24 minutes 52 seconds
… but of course I have to do an additional disconnect/connect which is cheesy.
Any ideas?
Here’s the script (put into /usr/lib/systemd/system-sleep/sleep-stuff and chmod +x):
#!/bin/sh
if [ "${1}" == "pre" ]; then
# before suspend
pgrep nordvpnd &> /dev/null && nordvpn status |grep -q 'Status: Connected' && {
# This will run as root, so root needs to have been initialised by
# nordvpn login at some time in the past.
/bin/nordvpn disconnect
}
elif [ "${1}" == "post" ]; then
# after resume
pgrep nordvpnd &> /dev/null && {
# This will run as root, so root needs to have been initialised by
# nordvpn login at some time in the past.
(
sleep 5 # I've tried sleep from 0 to 5
/bin/nordvpn connect
netstat -rn # routing table looks OK now but it gets zapped by something else later!!
) &
}
fi
This is on Fedora-31.