Hello all,
I am using the VPN provider Private Internet Access.
I am using the Raspberry Pi 4 with 4GB of RAM, performance on this upgraded board is great.
Anyways I am connecting to its service using systemd's openvpn-client @ US_New_York_City.service
I wonder if I can create a bash script to get a list of its servers, ping them for response times and choose the server with the lowest response times.
Here is a draft of a script I've created so far:
Code :
#!/bin/bash
# Script to choose best Private Internet Access server based on lowest Ping TTL
#
# Checks if resolv.conf is configured properly for Private Internet Access
#
#
#
FILE=/etc/resolv.conf
if [ -f "$FILE" ];
then {
# Test for Primary PIA DNS Server
echo "Testing for Primary PIA DNS Server"
cat /etc/resolv.conf | grep 'nameserver 209.222.18.222'
# Test for Secondary PIA DNS Server
echo " Testing for Secondary PIA DNS Server"
cat /etc/resolv.conf | grep 'nameserver 209.222.18.218'
# Checks to see if resolv.conf is immutable to changes
echo "Checking if resolv.conf is immutable"
lsattr /etc/resolv.conf | grep 'i'
}; echo "Private Internet Access DNS Seems to be set correctly"
else
{
# Check resolv.conf for symbolic links to Network Manager
echo "Checking resolv.conf for symbolic links"
ls -l /etc/resolv.conf
# Removes symbolic link by deleting resolv.conf
echo "Removing symbolic link by deleting resolv.conf file"
sudo rm /etc/resolv.conf
# Recreates an empty resolv.conf file
echo "Recreating resolv.conf file"
sudo touch /etc/resolv.conf
# Writes Private Internet Access DNS Server entries to resolv.conf
echo " Writing Private Internet Access DNS Server Entries to resolv.conf"
sudo sh -c "echo nameserver 209.222.18.222 > /etc/resolv.conf"
sudo sh -c "echo nameserver 209.222.18.218 >> /etc/resolv.conf"
# Makes the new resolv.conf file immutable to changes
echo "Making resolv.conf immutable to changes"
sudo chattr +i /etc/resolv.conf
};
fi
#
# Set IPtables rules to secure raspberry pi or other host device
#
sudo iptables -A *filter
sudo iptables -A :INPUT DROP [0:0]
sudo iptables -A :FORWARD DROP [0:0]
sudo iptables -A :OUTPUT DROP [0:0]
sudo iptables -A :ICMPIN - [0:0]
sudo iptables -A :ICMPOUT - [0:0]
sudo iptables -A :TCPIN - [0:0]
sudo iptables -A :TCPOUT - [0:0]
sudo iptables -A :UDPIN - [0:0]
sudo iptables -A :UDPOUT - [0:0]
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
sudo iptables -A INPUT -p icmp -j ICMPIN
sudo iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDPIN
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCPIN
sudo iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
sudo iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
sudo iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable
sudo iptables -A INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -s 172.16.0.0/12 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/8 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -s 127.0.0.0/8 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROP
sudo iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -p icmp -j ICMPOUT
sudo iptables -A OUTPUT -p udp -m conntrack --ctstate NEW -j UDPOUT
sudo iptables -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCPOUT
sudo iptables -A OUTPUT -j REJECT --reject-with icmp-net-unreachable
sudo iptables -A ICMPIN -i tun+ -j ACCEPT
sudo iptables -A ICMPIN -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A ICMPIN -s 172.16.0.0/12 -j ACCEPT
sudo iptables -A ICMPIN -s 10.0.0.0/8 -j ACCEPT
sudo iptables -A ICMPIN -s 127.0.0.0/8 -j ACCEPT
sudo iptables -A ICMPOUT -o tun+ -j ACCEPT
sudo iptables -A ICMPOUT -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A ICMPOUT -d 172.16.0.0/12 -j ACCEPT
sudo iptables -A ICMPOUT -d 10.0.0.0/8 -j ACCEPT
sudo iptables -A ICMPOUT -d 127.0.0.0/8 -j ACCEPT
sudo iptables -A TCPIN -i tun+ -j ACCEPT
sudo iptables -A TCPIN -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A TCPIN -s 172.16.0.0/12 -j ACCEPT
sudo iptables -A TCPIN -s 10.0.0.0/8 -j ACCEPT
sudo iptables -A TCPIN -s 127.0.0.0/8 -j ACCEPT
sudo iptables -A TCPOUT -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A TCPOUT -d 172.16.0.0/12 -j ACCEPT
sudo iptables -A TCPOUT -d 10.0.0.0/8 -j ACCEPT
sudo iptables -A TCPOUT -o tun+ -j ACCEPT
sudo iptables -A UDPIN -s 192.168.0.0/24 -j ACCEPT
sudo iptables -A UDPIN -i tun+ -j ACCEPT
sudo iptables -A UDPOUT -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A UDPOUT -d 209.222.18.222/32 -j ACCEPT
sudo iptables -A UDPOUT -d 209.222.18.218/32 -j ACCEPT
sudo iptables -A UDPOUT -p udp -m udp --dport 1197 -j ACCEPT
sudo iptables -A UDPOUT -p udp -m udp --dport 1198 -j ACCEPT
sudo iptables -A UDPOUT -o tun+ -j ACCEPT
sudo iptables -A COMMIT
#
# Ping Private Internet Access Servers for lowest TTL Response
ping au-melbourne.privateinternetaccess.com # Ping AU_Melbourne Private Internet Access location Domain Name
ping au-perth.privateinternetaccess.com # Ping AU_Perth Private Internet Access location Domain Name
ping au-sydney.privateinternetaccess.com # Ping AU_Sydney Private Internet Access location Domain Name
ping austria.privateinternetaccess.com # Ping Austria Private Internet Access location Domain Name
ping belgium.privateinternetaccess.com # Ping Belgium Private Internet Access location Domain Name
ping ca-montreal.privateinternetaccess.com # Ping CA_Montreal Private Internet Access location Domain Name
ping ca-toronto.privateinternetaccess.com # Ping CA_Toronto Private Internet Access location Domain Name
ping ca-vancouver.privateinternetaccess.com # Ping CA_Vancouver Private Internet Access location Domain Name
ping czech.privateinternetaccess.com # Ping Czech_Republic Private Internet Access location Domain Name
ping de-berlin.privateinternetaccess.com # Ping DE_Berlin Private Internet Access location Domain Name
ping de-frankfurt.privateinternetaccess.com # Ping DE_Frankfurt Private Internet Access location Domain Name
ping denmark.privateinternetaccess.com # Ping Denmark Private Internet Access location Domain Name
ping fi.privateinternetaccess.com # Ping Finland Private Internet Access location Domain Name
ping france.privateinternetaccess.com # Ping France Private Internet Access location Domain Name
ping hk.privateinternetaccess.com # Ping Hong Kong Private Internet Access location Domain Name
ping hungary.privateinternetaccess.com # Ping Hungary Private Internet Access location Domain Name
ping in.privateinternetaccess.com # Ping India Private Internet Access location Domain Name
ping israel.privateinternetaccess.com # Ping ISrael Private Internet Access location Domain Name
ping italy.privateinternetaccess.com # Ping Italy Private Internet Access location Domain Name
ping japan.privateinternetaccess.com # Ping Japan Private Internet Access location Domain Name
ping lu.privateinternetaccess.com # Ping Luxenmourg Private Internet Access location Domain Name
ping mexico.privateinternetaccess.com # Ping Mexico Private Internet Access location Domain Name
ping nl.privateinternetaccess.com # Ping Netherlands Private Internet Access location Domain Name
ping nz.privateinternetaccess.com # Ping New Zealand Private Internet Access location Domain Name
ping no.privateinternetaccess.com # Ping Norway Private Internet Access location Domain Name
ping poland.privateinternetaccess.com # Ping Poland Private Internet Access location Domain Name
ping ro.privateinternetaccess.com # Ping Romania Private Internet Access location Domain Name
ping sg.privateinternetaccess.com # Ping Singapore Private Internet Access location Domain Name
ping spain.privateinternetaccess.com # Ping Spain Private Internet Access location Domain Name
ping sweden.privateinternetaccess.com # Ping Sweden Private Internet Access location Domain Name
ping swiss.privateinternetaccess.com # Ping Switzerland Private Internet Access location Domain Name
ping ae.privateinternetaccess.com # Ping UAE Private Internet Access location Domain Name
ping uk-london.privateinternetaccess.com # Ping UK_London Private Internet Access location Domain Name
ping uk-manchester.privateinternetaccess.com # Ping UK_Manchester Private Internet Access location Domain Name
ping uk-southampton.privateinternetaccess.com # Ping UK_Southampton Private Internet Access location Domain Name
ping us-atlanta.privateinternetaccess.com # Ping US_Atlanta Private Internet Access location Domain Name
ping us-california.privateinternetaccess.com # Ping US_California Private Internet Access location Domain Name
ping us-chicago.privateinternetaccess.com # Ping US_Chicago Private Internet Access location Domain Name
ping us-denver.privateinternetaccess.com # Ping US_Denver Private Internet Access location Domain Name
ping us-east.privateinternetaccess.com # Ping US_East Private Internet Access location Domain Name
ping us-florida.privateinternetaccess.com # Ping US_Florida Private Internet Access location Domain Name
ping us-houston.privateinternetaccess.com # Ping US_Houston Private Internet Access location Domain Name
ping us-lasvegas.privateinternetaccess.com # Ping US_Las_Vegas Private Internet Access location Domain Name
ping us-newyorkcity.privateinternetaccess.com # Ping US_New_York_City Private Internet Access location Domain Name
ping us-seattle.privateinternetaccess.com # Ping US_Seattle Private Internet Access location Domain Name
ping us-siliconvalley.privateinternetaccess.com # Ping US_Silicon_Valley Private Internet Access location Domain Name
ping us-texas.privateinternetaccess.com # Ping US_Texas Private Internet Access location Domain Name
ping us-washingtondc.privateinternetaccess.com # Ping US_Washington_DC Private Internet Access location Domain Name
ping us-west.privateinternetaccess.com # Ping US_West Private Internet Access location Domain Name
#
# Same but without DNS lookups
#
ping 168.1.75.8 # AU_Melbourne
ping 103.231.89.12 # AU_Perth
ping 137.59.252.156 #AU_Sydney
ping 185.216.34.228 #Austria
ping 77.243.191.20 #Belgium
ping 199.229.249.182 #CA_Montreal
ping 172.98.67.31 #CA_Toronto
ping 107.181.189.76 #CA Vancouver
ping 89.238.186.229 #Czesh Republic
ping 193.176.86.124 #DE_Berlin
ping 185.220.70.140 #DE_Frankfurt
ping 82.102.20.184 #Denmark
ping 196.244.191.50 #Finland
ping 185.128.25.158 #France
ping 119.81.135.2 #Hong_Kong
ping 185.128.26.19 #Hungary
ping 138.128.180.66 #India
ping 31.168.172.142 #Israel
ping 82.102.21.213 #Italy
ping 103.208.220.134 #Japan
ping 92.223.89.134 #Luxemborgh
ping 169.57.0.214 #Mexico
ping 46.166.137.235 # Netherlands
ping 103.231.90.173 #New Zealand
ping 82.102.27.74 #Norway
ping 185.244.214.194 #Poland
ping 86.105.25.70 #Romania
ping 37.120.208.77 #Singapore
ping 185.230.124.50 #Spain
ping 45.12.220.228 #Sweden
ping 185.156.175.91 #Switzerland
ping 45.9.250.42 #UAE
ping 89.238.154.242 #UK_London
ping 89.238.137.37 #UK_Manchester
ping 31.24.226.208 #UK_Southampton
ping 66.115.168.11 #US_Atlanta
ping 91.207.175.47 #US_California
ping 104.200.153.96 #US_Chicago
ping 174.128.226.2 #US_Denver
ping 194.59.251.53 #US_East
ping 193.37.252.40 #US_Florida
ping 74.81.88.74 #US_Houston
ping 162.251.236.7 #US_Las_Vegas
ping 107.182.231.27 #US_New_York_City
ping 104.200.154.75 #US_Seattle
ping 199.116.118.189 #US_Silicon_Valley
ping 162.216.46.43 #US_Texas
ping 70.32.0.134 #US_Washington_DC
ping 104.200.151.9 #US_West
I've also tried to append all the firewall rules used to help secure the Raspberry Pi. Seeing as its a somewhat more mobile desktop in this case, I've added entries for all the different IPv4 private network schemes. As well as ssh access from my home LAN.
Is there a way I can get the script to ping all these servers and add it to a dataset at startup, then have it choose the lowest server. This seems to be my only snag at this point.
Any tips or advice is greatly appreciated.
Have a good day all,
HaloSlayer255