Choosing VPN server based on server response times
Hello all,
I am using the VPN provider Private Internet Access.
I am using the Raspberry Pi 4 with 4GB of RAM, performance on this upgraded board is great.
Anyways I am connecting to its service using systemd's openvpn-client @ US_New_York_City.service
I wonder if I can create a bash script to get a list of its servers, ping them for response times and choose the server with the lowest response times.
Here is a draft of a script I've created so far:
Code:
#!/bin/bash
# Script to choose best Private Internet Access server based on lowest Ping TTL
#
# Checks if resolv.conf is configured properly for Private Internet Access
#
#
#
FILE=/etc/resolv.conf
if [ -f "$FILE" ];
then {
# Test for Primary PIA DNS Server
echo "Testing for Primary PIA DNS Server"
cat /etc/resolv.conf | grep 'nameserver 209.222.18.222'
# Test for Secondary PIA DNS Server
echo " Testing for Secondary PIA DNS Server"
cat /etc/resolv.conf | grep 'nameserver 209.222.18.218'
# Checks to see if resolv.conf is immutable to changes
echo "Checking if resolv.conf is immutable"
lsattr /etc/resolv.conf | grep 'i'
}; echo "Private Internet Access DNS Seems to be set correctly"
else
{
# Check resolv.conf for symbolic links to Network Manager
echo "Checking resolv.conf for symbolic links"
ls -l /etc/resolv.conf
# Removes symbolic link by deleting resolv.conf
echo "Removing symbolic link by deleting resolv.conf file"
sudo rm /etc/resolv.conf
# Recreates an empty resolv.conf file
echo "Recreating resolv.conf file"
sudo touch /etc/resolv.conf
# Writes Private Internet Access DNS Server entries to resolv.conf
echo " Writing Private Internet Access DNS Server Entries to resolv.conf"
sudo sh -c "echo nameserver 209.222.18.222 > /etc/resolv.conf"
sudo sh -c "echo nameserver 209.222.18.218 >> /etc/resolv.conf"
# Makes the new resolv.conf file immutable to changes
echo "Making resolv.conf immutable to changes"
sudo chattr +i /etc/resolv.conf
};
fi
#
# Set IPtables rules to secure raspberry pi or other host device
#
sudo iptables -A *filter
sudo iptables -A :INPUT DROP [0:0]
sudo iptables -A :FORWARD DROP [0:0]
sudo iptables -A :OUTPUT DROP [0:0]
sudo iptables -A :ICMPIN - [0:0]
sudo iptables -A :ICMPOUT - [0:0]
sudo iptables -A :TCPIN - [0:0]
sudo iptables -A :TCPOUT - [0:0]
sudo iptables -A :UDPIN - [0:0]
sudo iptables -A :UDPOUT - [0:0]
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
sudo iptables -A INPUT -p icmp -j ICMPIN
sudo iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDPIN
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCPIN
sudo iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
sudo iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
sudo iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable
sudo iptables -A INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -s 172.16.0.0/12 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/8 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -s 127.0.0.0/8 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROP
sudo iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -p icmp -j ICMPOUT
sudo iptables -A OUTPUT -p udp -m conntrack --ctstate NEW -j UDPOUT
sudo iptables -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCPOUT
sudo iptables -A OUTPUT -j REJECT --reject-with icmp-net-unreachable
sudo iptables -A ICMPIN -i tun+ -j ACCEPT
sudo iptables -A ICMPIN -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A ICMPIN -s 172.16.0.0/12 -j ACCEPT
sudo iptables -A ICMPIN -s 10.0.0.0/8 -j ACCEPT
sudo iptables -A ICMPIN -s 127.0.0.0/8 -j ACCEPT
sudo iptables -A ICMPOUT -o tun+ -j ACCEPT
sudo iptables -A ICMPOUT -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A ICMPOUT -d 172.16.0.0/12 -j ACCEPT
sudo iptables -A ICMPOUT -d 10.0.0.0/8 -j ACCEPT
sudo iptables -A ICMPOUT -d 127.0.0.0/8 -j ACCEPT
sudo iptables -A TCPIN -i tun+ -j ACCEPT
sudo iptables -A TCPIN -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A TCPIN -s 172.16.0.0/12 -j ACCEPT
sudo iptables -A TCPIN -s 10.0.0.0/8 -j ACCEPT
sudo iptables -A TCPIN -s 127.0.0.0/8 -j ACCEPT
sudo iptables -A TCPOUT -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A TCPOUT -d 172.16.0.0/12 -j ACCEPT
sudo iptables -A TCPOUT -d 10.0.0.0/8 -j ACCEPT
sudo iptables -A TCPOUT -o tun+ -j ACCEPT
sudo iptables -A UDPIN -s 192.168.0.0/24 -j ACCEPT
sudo iptables -A UDPIN -i tun+ -j ACCEPT
sudo iptables -A UDPOUT -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A UDPOUT -d 209.222.18.222/32 -j ACCEPT
sudo iptables -A UDPOUT -d 209.222.18.218/32 -j ACCEPT
sudo iptables -A UDPOUT -p udp -m udp --dport 1197 -j ACCEPT
sudo iptables -A UDPOUT -p udp -m udp --dport 1198 -j ACCEPT
sudo iptables -A UDPOUT -o tun+ -j ACCEPT
sudo iptables -A COMMIT
#
# Ping Private Internet Access Servers for lowest TTL Response
ping au-melbourne.privateinternetaccess.com # Ping AU_Melbourne Private Internet Access location Domain Name
ping au-perth.privateinternetaccess.com # Ping AU_Perth Private Internet Access location Domain Name
ping au-sydney.privateinternetaccess.com # Ping AU_Sydney Private Internet Access location Domain Name
ping austria.privateinternetaccess.com # Ping Austria Private Internet Access location Domain Name
ping belgium.privateinternetaccess.com # Ping Belgium Private Internet Access location Domain Name
ping ca-montreal.privateinternetaccess.com # Ping CA_Montreal Private Internet Access location Domain Name
ping ca-toronto.privateinternetaccess.com # Ping CA_Toronto Private Internet Access location Domain Name
ping ca-vancouver.privateinternetaccess.com # Ping CA_Vancouver Private Internet Access location Domain Name
ping czech.privateinternetaccess.com # Ping Czech_Republic Private Internet Access location Domain Name
ping de-berlin.privateinternetaccess.com # Ping DE_Berlin Private Internet Access location Domain Name
ping de-frankfurt.privateinternetaccess.com # Ping DE_Frankfurt Private Internet Access location Domain Name
ping denmark.privateinternetaccess.com # Ping Denmark Private Internet Access location Domain Name
ping fi.privateinternetaccess.com # Ping Finland Private Internet Access location Domain Name
ping france.privateinternetaccess.com # Ping France Private Internet Access location Domain Name
ping hk.privateinternetaccess.com # Ping Hong Kong Private Internet Access location Domain Name
ping hungary.privateinternetaccess.com # Ping Hungary Private Internet Access location Domain Name
ping in.privateinternetaccess.com # Ping India Private Internet Access location Domain Name
ping israel.privateinternetaccess.com # Ping ISrael Private Internet Access location Domain Name
ping italy.privateinternetaccess.com # Ping Italy Private Internet Access location Domain Name
ping japan.privateinternetaccess.com # Ping Japan Private Internet Access location Domain Name
ping lu.privateinternetaccess.com # Ping Luxenmourg Private Internet Access location Domain Name
ping mexico.privateinternetaccess.com # Ping Mexico Private Internet Access location Domain Name
ping nl.privateinternetaccess.com # Ping Netherlands Private Internet Access location Domain Name
ping nz.privateinternetaccess.com # Ping New Zealand Private Internet Access location Domain Name
ping no.privateinternetaccess.com # Ping Norway Private Internet Access location Domain Name
ping poland.privateinternetaccess.com # Ping Poland Private Internet Access location Domain Name
ping ro.privateinternetaccess.com # Ping Romania Private Internet Access location Domain Name
ping sg.privateinternetaccess.com # Ping Singapore Private Internet Access location Domain Name
ping spain.privateinternetaccess.com # Ping Spain Private Internet Access location Domain Name
ping sweden.privateinternetaccess.com # Ping Sweden Private Internet Access location Domain Name
ping swiss.privateinternetaccess.com # Ping Switzerland Private Internet Access location Domain Name
ping ae.privateinternetaccess.com # Ping UAE Private Internet Access location Domain Name
ping uk-london.privateinternetaccess.com # Ping UK_London Private Internet Access location Domain Name
ping uk-manchester.privateinternetaccess.com # Ping UK_Manchester Private Internet Access location Domain Name
ping uk-southampton.privateinternetaccess.com # Ping UK_Southampton Private Internet Access location Domain Name
ping us-atlanta.privateinternetaccess.com # Ping US_Atlanta Private Internet Access location Domain Name
ping us-california.privateinternetaccess.com # Ping US_California Private Internet Access location Domain Name
ping us-chicago.privateinternetaccess.com # Ping US_Chicago Private Internet Access location Domain Name
ping us-denver.privateinternetaccess.com # Ping US_Denver Private Internet Access location Domain Name
ping us-east.privateinternetaccess.com # Ping US_East Private Internet Access location Domain Name
ping us-florida.privateinternetaccess.com # Ping US_Florida Private Internet Access location Domain Name
ping us-houston.privateinternetaccess.com # Ping US_Houston Private Internet Access location Domain Name
ping us-lasvegas.privateinternetaccess.com # Ping US_Las_Vegas Private Internet Access location Domain Name
ping us-newyorkcity.privateinternetaccess.com # Ping US_New_York_City Private Internet Access location Domain Name
ping us-seattle.privateinternetaccess.com # Ping US_Seattle Private Internet Access location Domain Name
ping us-siliconvalley.privateinternetaccess.com # Ping US_Silicon_Valley Private Internet Access location Domain Name
ping us-texas.privateinternetaccess.com # Ping US_Texas Private Internet Access location Domain Name
ping us-washingtondc.privateinternetaccess.com # Ping US_Washington_DC Private Internet Access location Domain Name
ping us-west.privateinternetaccess.com # Ping US_West Private Internet Access location Domain Name
#
# Same but without DNS lookups
#
ping 168.1.75.8 # AU_Melbourne
ping 103.231.89.12 # AU_Perth
ping 137.59.252.156 #AU_Sydney
ping 185.216.34.228 #Austria
ping 77.243.191.20 #Belgium
ping 199.229.249.182 #CA_Montreal
ping 172.98.67.31 #CA_Toronto
ping 107.181.189.76 #CA Vancouver
ping 89.238.186.229 #Czesh Republic
ping 193.176.86.124 #DE_Berlin
ping 185.220.70.140 #DE_Frankfurt
ping 82.102.20.184 #Denmark
ping 196.244.191.50 #Finland
ping 185.128.25.158 #France
ping 119.81.135.2 #Hong_Kong
ping 185.128.26.19 #Hungary
ping 138.128.180.66 #India
ping 31.168.172.142 #Israel
ping 82.102.21.213 #Italy
ping 103.208.220.134 #Japan
ping 92.223.89.134 #Luxemborgh
ping 169.57.0.214 #Mexico
ping 46.166.137.235 # Netherlands
ping 103.231.90.173 #New Zealand
ping 82.102.27.74 #Norway
ping 185.244.214.194 #Poland
ping 86.105.25.70 #Romania
ping 37.120.208.77 #Singapore
ping 185.230.124.50 #Spain
ping 45.12.220.228 #Sweden
ping 185.156.175.91 #Switzerland
ping 45.9.250.42 #UAE
ping 89.238.154.242 #UK_London
ping 89.238.137.37 #UK_Manchester
ping 31.24.226.208 #UK_Southampton
ping 66.115.168.11 #US_Atlanta
ping 91.207.175.47 #US_California
ping 104.200.153.96 #US_Chicago
ping 174.128.226.2 #US_Denver
ping 194.59.251.53 #US_East
ping 193.37.252.40 #US_Florida
ping 74.81.88.74 #US_Houston
ping 162.251.236.7 #US_Las_Vegas
ping 107.182.231.27 #US_New_York_City
ping 104.200.154.75 #US_Seattle
ping 199.116.118.189 #US_Silicon_Valley
ping 162.216.46.43 #US_Texas
ping 70.32.0.134 #US_Washington_DC
ping 104.200.151.9 #US_West
I've also tried to append all the firewall rules used to help secure the Raspberry Pi. Seeing as its a somewhat more mobile desktop in this case, I've added entries for all the different IPv4 private network schemes. As well as ssh access from my home LAN.
Is there a way I can get the script to ping all these servers and add it to a dataset at startup, then have it choose the lowest server. This seems to be my only snag at this point.
I am trying to write a korn shell script which posts commands to a server and read the response back from the server.
Any idea how I can read the servers response?
I have tried doing the following:
(
LOGIN:xxxxx
command to server
read ANSWER
echo $ANSWER >file1... (4 Replies)
I would like to setup my solaris 10 x86 system as a vpn server. I can't seem to find any good links on setting it up. Do you guys have some links that could walk me thru on setting up the vpn server so that windows clients can connect to it? (4 Replies)
Hi,
I have a SCO Unix Openserver V6 server which is hosting a website with Apache V1.3 as the http server. The web site has an initial login screen which re-directs to another page once the user name and password has been verified.
When connecting to the website and trying to login, it times... (0 Replies)
I have gotten a gig to teach someone how to use a VPN client for a UNIX server on a MAC os. The problem is I have never used UNIX, dont mess with VPN's (my dad has a VPN that I have used a couple of times). I'm currently taking a crash course on UNIX but I was wondering if anyone could help me with... (0 Replies)
Hi,
I have a task requested by my boss to create a script to enable a server to connect to a vpn network and then to connect to another server to upload some data...
How can I connect to a vpn network from AIX server? via telnet? ssh?
I have tried to google but mostly the answers are... (1 Reply)
Hi there,
Believe it or not, the word VPN doesn't give any search result in the forum.
I'm trying to get started with VPN.
I'm currently in the process of setting up a server.
I found a lot of howtos on the web.
There's still one thing that I'm not sure of.
My plan is to setup the VPN... (4 Replies)
First of all, hello.
I have a problem installing a vpn server and client.
My server is a computer running windows 7, and windows, running a virtual machine running debian.
In the debian system, I've the vpn server installed (SoftEther VPN Server)
The problems come when I try to connect to... (1 Reply)
12-02-2019