Jump to content
Not connected, Your IP: 54.237.183.249
gzoido

SCRIPT - Update your AirVPN configuration with working IPs sorted by ping.

Recommended Posts

Hey all! I ran into an issue the other day when setting up AirVPN where I found alot of the AirVPN IP's appear to be blocked by my ISP. In my quest to resolve this issue, I ended up creating a script that uses fping and dig to get all the IPs for a region, check that they work, and add those to your AirVPN configuration. I figured this script might be helpful to some, so I'd share it here.

You can download it here: https://gist.github.com/zikeji/144247cb20793a5a7c65653e5f7c572b

A simple one line to download it and set the executable bit:


Warning: Remember, for your safety ALWAYS review a downloaded script before executing it!

The command's help output:

airvpn_remotes.sh

Description:
  Use dig and fping generate multiple remotes for an AirVPN config, replacing existing remote(s), and ignoring IPs that aren't responding. Remotes are placed in order of lowest ping to highest.

Usage:
  airvpn_remotes.sh [--port=<int>] [--query=<fqdn>] [--ipv4] [--ipv6] [--remote-random] [--in-place] [input-file]
  airvpn_remotes.sh -h | --help

Options:
  -h, --help                       Show this screen.
  -p <int>, --port=<fqdn>          Override the port supplied on each remote line [default: 443].
  -q <fqdn>, --query=<fqdn>        Supply the DNS record you wish to query to use the IPs from [default: ca.all.vpn.airdns.org].
  -s <ns>, --server=<ns>           The name server you wish to query the records against [default: ns1.airvpn.org].
  -c <int>, --count=<int>          Change the amount of pings ran by fping for more accurate ping sorting [default: 4].
  -4, --ipv4                       Only query IPv4.
  -6, --ipv6                       Only query IPv6.
  -r, --remote-random              Add remote-random to the AirVPN config (this will cause OpenVPN to randomize the server order when connecting).
  -i<ext>, --in-place=<ext>        Edit the file in place (makes backup if extension supplied), ignored if no input file is supplied.

The first non-option argument is the name of the input file; if no input file is specified, then the standard input is read. All other non-option arguments after the first are ignored.


You'll need to ensure dig and fping are installed on your distribution before you can use it. Additionally, if your system doesn't support IPv6 it'll only return IPv4 be default (because naturally pinging the IPv6 addresses will fail). And finally, I've only tested the script on Ubuntu 20.04, but hopefully you don't run into trouble.

By default the script checks the DNS record AirVPN maintains for all of CA's servers. You can find out more about the records option here: https://airvpn.org/faq/servers_ip/

The help file should be pretty clear as to how to use the script, but I'll provide an example.

I want to update my AirVPN.ovpn file with new remotes that'll be executed randomly and only include IPv4 remotes, and I want them from the Netherlands. Additionally, instead of connecting in order I want it to connect to a random server defined in the config. Since I use port 1194 instead of port 443, I also want each remote to use port 1194 instead of the default. I also want it to backup my original config before overwriting it. I would run:

./airvpn_remotes.sh -r4 -qnl.all.vpn.airdns.org -p1194 -iold AirVPN.ovpn


Which would remove any lines from my AirVPN conf that are a remote or a remote-random and add the new remotes, sorted by lowest ping first (which is irrelevant because we're also adding remote-random).

Hopefully this script might be useful for someone else as well!
 

Share this post


Link to post

It works on Debian, but that was to be expected. :) I particularly like the help section, nicely done. Also tested all options and they work. Very nice, great job!

  • Future improvement: Move away from the input-file dependency, even if you created the script to explicitly edit existing configs with it. You could accept the options and then print the remote lines to STDOUT if input-file is missing.
  • Small remark: Your help presents input-file as optional but it doesn't work without it. If you are not going with the option above, you should remove its [ ] .

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
49 minutes ago, giganerd said:

It works on Debian, but that was to be expected. :) I particularly like the help section, nicely done. Also tested all options and they work. Very nice, great job!

  • Future improvement: Move away from the input-file dependency, even if you created the script to explicitly edit existing configs with it. You could accept the options and then print the remote lines to STDOUT if input-file is missing.
  • Small remark: Your help presents input-file as optional but it doesn't work without it. If you are not going with the option above, you should remove its [ ] .

Input file is optional, it expects stdin if no input file is presented. I was more or less just toying with the idea of piping so it would be possible to do something like "cat AirVPN.ovpn | ./airvpn_remotes.sh > AirVPN_new.ovpn". But you're right, considering some people may not care for the script's functionality of inline replacing those lines it would probably be better to handle lack of an input-file and stdin as just generating without the original config, which then the user could manually add to their config. I've made that change to the script and updated the OP (which resolves both your improvement suggestion and your remark).

Other possible improvements I've considered:
  • allowing the script to update the config's IP protocol. e.g. using IPv6 or IPv4 exclusively (I'm not well versed with OpenVPN configurations so I'd just have to compare the configs I generate from AirVPN's terminal)
  • giving a flag for transport protocol tcp/udp to update / add that respective line
  • more comprehensive scanning of the IPs, instead of a simple ICMP the script could also (optionally) check TCP + UDP availability on the supplied port - granted at some point this evolves from a simple availability checking script to a port scanning script which would get you flagged by your ISP, which I want to avoid. so maybe not the best idea
  • validate the provided port against possible ports
  • instead of requiring the user to specify the DNS query being made explicitly (should they not want the default) and requiring them to refer to AirVPN's FAQ page to figure out which FQDN they need to ping, I could instead have preset options/values. It would make it less flexible though.
  • could add an option to query ALL vpn servers used by AirVPN (the earth.all.vpn.airdns.org record), test them, then add filtering options to either filter by maximum remotes desired (e.g. 20 by default) or by maximum ping allowed
Ultimately though I made the script to accomplish my goal, and then got lost refining it to make it pretty. Most of my possible improvements provide no benefit to me and probably minimal benefit for other users, so I'll probably just keep it as is. Additionally, the script itself has the main drawback of specifically using their IPs for single servers and not their DNS records that update every 5 minutes to load balance their servers (which isn't really a drawback in a case like mine where some of their servers are completely blocked).

Thanks for taking a look, the compliments, and the advice!

Share this post


Link to post
13 hours ago, gzoido said:

Additionally, the script itself has the main drawback of specifically using their IPs for single servers and not their DNS records that update every 5 minutes to load balance their servers (which isn't really a drawback in a case like mine where some of their servers are completely blocked).


It'd be a drawback the other way around. If de.vpn.airdns.org points to the best server, but your script determined that this server is not reachable, you would get no connection at all. Both things handle different use cases, and your script is correctly written to use the all DNS name here and sort by latency ascending.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...