gzoido 5 Posted ... Hey all! I ran into an issue the other day when setting up AirVPN where I found alot of the AirVPN IP's appear to be blocked by my ISP. In my quest to resolve this issue, I ended up creating a script that uses fping and dig to get all the IPs for a region, check that they work, and add those to your AirVPN configuration. I figured this script might be helpful to some, so I'd share it here. You can download it here: https://gist.github.com/zikeji/144247cb20793a5a7c65653e5f7c572bA simple one line to download it and set the executable bit: wget https://gist.githubusercontent.com/zikeji/144247cb20793a5a7c65653e5f7c572b/raw/a414cc4f6828904992f18e0a0bdecf6cf5e4f85c/airvpn_remotes.sh -q -O airvpn_remotes.sh && chmod +x airvpn_remotes.sh Warning: Remember, for your safety ALWAYS review a downloaded script before executing it!The command's help output: airvpn_remotes.sh Description: Use dig and fping generate multiple remotes for an AirVPN config, replacing existing remote(s), and ignoring IPs that aren't responding. Remotes are placed in order of lowest ping to highest. Usage: airvpn_remotes.sh [--port=<int>] [--query=<fqdn>] [--ipv4] [--ipv6] [--remote-random] [--in-place] [input-file] airvpn_remotes.sh -h | --help Options: -h, --help Show this screen. -p <int>, --port=<fqdn> Override the port supplied on each remote line [default: 443]. -q <fqdn>, --query=<fqdn> Supply the DNS record you wish to query to use the IPs from [default: ca.all.vpn.airdns.org]. -s <ns>, --server=<ns> The name server you wish to query the records against [default: ns1.airvpn.org]. -c <int>, --count=<int> Change the amount of pings ran by fping for more accurate ping sorting [default: 4]. -4, --ipv4 Only query IPv4. -6, --ipv6 Only query IPv6. -r, --remote-random Add remote-random to the AirVPN config (this will cause OpenVPN to randomize the server order when connecting). -i<ext>, --in-place=<ext> Edit the file in place (makes backup if extension supplied), ignored if no input file is supplied. The first non-option argument is the name of the input file; if no input file is specified, then the standard input is read. All other non-option arguments after the first are ignored. You'll need to ensure dig and fping are installed on your distribution before you can use it. Additionally, if your system doesn't support IPv6 it'll only return IPv4 be default (because naturally pinging the IPv6 addresses will fail). And finally, I've only tested the script on Ubuntu 20.04, but hopefully you don't run into trouble. By default the script checks the DNS record AirVPN maintains for all of CA's servers. You can find out more about the records option here: https://airvpn.org/faq/servers_ip/ The help file should be pretty clear as to how to use the script, but I'll provide an example. I want to update my AirVPN.ovpn file with new remotes that'll be executed randomly and only include IPv4 remotes, and I want them from the Netherlands. Additionally, instead of connecting in order I want it to connect to a random server defined in the config. Since I use port 1194 instead of port 443, I also want each remote to use port 1194 instead of the default. I also want it to backup my original config before overwriting it. I would run: ./airvpn_remotes.sh -r4 -qnl.all.vpn.airdns.org -p1194 -iold AirVPN.ovpn Which would remove any lines from my AirVPN conf that are a remote or a remote-random and add the new remotes, sorted by lowest ping first (which is irrelevant because we're also adding remote-random). Hopefully this script might be useful for someone else as well! 3 1 sueperontu, SumRndmDude, benfitita and 1 other reacted to this Quote Share this post Link to post
OpenSourcerer 1441 Posted ... It works on Debian, but that was to be expected. I particularly like the help section, nicely done. Also tested all options and they work. Very nice, great job! Future improvement: Move away from the input-file dependency, even if you created the script to explicitly edit existing configs with it. You could accept the options and then print the remote lines to STDOUT if input-file is missing. Small remark: Your help presents input-file as optional but it doesn't work without it. If you are not going with the option above, you should remove its [ ] . Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
gzoido 5 Posted ... 49 minutes ago, giganerd said: It works on Debian, but that was to be expected. I particularly like the help section, nicely done. Also tested all options and they work. Very nice, great job! Future improvement: Move away from the input-file dependency, even if you created the script to explicitly edit existing configs with it. You could accept the options and then print the remote lines to STDOUT if input-file is missing. Small remark: Your help presents input-file as optional but it doesn't work without it. If you are not going with the option above, you should remove its [ ] . Input file is optional, it expects stdin if no input file is presented. I was more or less just toying with the idea of piping so it would be possible to do something like "cat AirVPN.ovpn | ./airvpn_remotes.sh > AirVPN_new.ovpn". But you're right, considering some people may not care for the script's functionality of inline replacing those lines it would probably be better to handle lack of an input-file and stdin as just generating without the original config, which then the user could manually add to their config. I've made that change to the script and updated the OP (which resolves both your improvement suggestion and your remark). Other possible improvements I've considered: allowing the script to update the config's IP protocol. e.g. using IPv6 or IPv4 exclusively (I'm not well versed with OpenVPN configurations so I'd just have to compare the configs I generate from AirVPN's terminal) giving a flag for transport protocol tcp/udp to update / add that respective line more comprehensive scanning of the IPs, instead of a simple ICMP the script could also (optionally) check TCP + UDP availability on the supplied port - granted at some point this evolves from a simple availability checking script to a port scanning script which would get you flagged by your ISP, which I want to avoid. so maybe not the best idea validate the provided port against possible ports instead of requiring the user to specify the DNS query being made explicitly (should they not want the default) and requiring them to refer to AirVPN's FAQ page to figure out which FQDN they need to ping, I could instead have preset options/values. It would make it less flexible though. could add an option to query ALL vpn servers used by AirVPN (the earth.all.vpn.airdns.org record), test them, then add filtering options to either filter by maximum remotes desired (e.g. 20 by default) or by maximum ping allowed Ultimately though I made the script to accomplish my goal, and then got lost refining it to make it pretty. Most of my possible improvements provide no benefit to me and probably minimal benefit for other users, so I'll probably just keep it as is. Additionally, the script itself has the main drawback of specifically using their IPs for single servers and not their DNS records that update every 5 minutes to load balance their servers (which isn't really a drawback in a case like mine where some of their servers are completely blocked). Thanks for taking a look, the compliments, and the advice! 1 dedo299 reacted to this Quote Share this post Link to post
OpenSourcerer 1441 Posted ... 13 hours ago, gzoido said: Additionally, the script itself has the main drawback of specifically using their IPs for single servers and not their DNS records that update every 5 minutes to load balance their servers (which isn't really a drawback in a case like mine where some of their servers are completely blocked). It'd be a drawback the other way around. If de.vpn.airdns.org points to the best server, but your script determined that this server is not reachable, you would get no connection at all. Both things handle different use cases, and your script is correctly written to use the all DNS name here and sort by latency ascending. 1 dedo299 reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
benfitita 39 Posted ... Thank you! This is a nice script you have there. It would be interesting to see server's name and location in a comment (API or perhaps reverse lookup), but otherwise very useful. Quote Share this post Link to post