Choosing VPN server based on server response times


Login or Register for Dates, Times and to Reply

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Choosing VPN server based on server response times
# 1  
Choosing VPN server based on server response times

Hello all,


I am using the VPN provider Private Internet Access.


I am using the Raspberry Pi 4 with 4GB of RAM, performance on this upgraded board is great.


Anyways I am connecting to its service using systemd's openvpn-client @ US_New_York_City.service


I wonder if I can create a bash script to get a list of its servers, ping them for response times and choose the server with the lowest response times.


Here is a draft of a script I've created so far:


Code:
#!/bin/bash
# Script to choose best Private Internet Access server based on lowest Ping TTL
#
# Checks if resolv.conf is configured properly for Private Internet Access
#
#
#
FILE=/etc/resolv.conf
if  [ -f "$FILE" ]; 
    then {
    # Test for Primary PIA DNS Server
    echo "Testing for Primary PIA DNS Server"
    cat /etc/resolv.conf | grep 'nameserver 209.222.18.222'
    # Test for Secondary PIA DNS Server
    echo " Testing for Secondary PIA DNS Server"    
    cat /etc/resolv.conf | grep 'nameserver 209.222.18.218'
    # Checks to see if resolv.conf is immutable to changes
    echo "Checking if resolv.conf is immutable"
    lsattr /etc/resolv.conf | grep 'i' 
   }; echo "Private Internet Access DNS Seems to be set correctly"
else
    {
    # Check resolv.conf for symbolic links to Network Manager
    echo "Checking resolv.conf for symbolic links"
    ls -l /etc/resolv.conf
    # Removes symbolic link by deleting resolv.conf
    echo "Removing symbolic link by deleting resolv.conf file"    
    sudo rm /etc/resolv.conf
    # Recreates an empty resolv.conf file
    echo "Recreating resolv.conf file"
    sudo touch /etc/resolv.conf
    # Writes Private Internet Access DNS Server entries to resolv.conf
    echo " Writing Private Internet Access DNS Server Entries to resolv.conf"
    sudo sh -c "echo nameserver 209.222.18.222 > /etc/resolv.conf"
    sudo sh -c "echo nameserver 209.222.18.218 >> /etc/resolv.conf"
    # Makes the new resolv.conf file immutable to changes
    echo "Making resolv.conf immutable to changes"
    sudo chattr +i /etc/resolv.conf
    };
fi
#
# Set IPtables rules to secure raspberry pi or other host device
#
sudo iptables -A *filter
sudo iptables -A :INPUT DROP [0:0]
sudo iptables -A :FORWARD DROP [0:0]
sudo iptables -A :OUTPUT DROP [0:0]
sudo iptables -A :ICMPIN - [0:0]
sudo iptables -A :ICMPOUT - [0:0]
sudo iptables -A :TCPIN - [0:0]
sudo iptables -A :TCPOUT - [0:0]
sudo iptables -A :UDPIN - [0:0]
sudo iptables -A :UDPOUT - [0:0]
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
sudo iptables -A INPUT -p icmp -j ICMPIN
sudo iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDPIN
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCPIN
sudo iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
sudo iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
sudo iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable
sudo iptables -A INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -s 172.16.0.0/12 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/8 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -s 127.0.0.0/8 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROP
sudo iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -p icmp -j ICMPOUT
sudo iptables -A OUTPUT -p udp -m conntrack --ctstate NEW -j UDPOUT
sudo iptables -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCPOUT
sudo iptables -A OUTPUT -j REJECT --reject-with icmp-net-unreachable
sudo iptables -A ICMPIN -i tun+ -j ACCEPT
sudo iptables -A ICMPIN -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A ICMPIN -s 172.16.0.0/12 -j ACCEPT
sudo iptables -A ICMPIN -s 10.0.0.0/8 -j ACCEPT
sudo iptables -A ICMPIN -s 127.0.0.0/8 -j ACCEPT
sudo iptables -A ICMPOUT -o tun+ -j ACCEPT
sudo iptables -A ICMPOUT -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A ICMPOUT -d 172.16.0.0/12 -j ACCEPT
sudo iptables -A ICMPOUT -d 10.0.0.0/8 -j ACCEPT
sudo iptables -A ICMPOUT -d 127.0.0.0/8 -j ACCEPT
sudo iptables -A TCPIN -i tun+ -j ACCEPT
sudo iptables -A TCPIN -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A TCPIN -s 172.16.0.0/12 -j ACCEPT
sudo iptables -A TCPIN -s 10.0.0.0/8 -j ACCEPT
sudo iptables -A TCPIN -s 127.0.0.0/8 -j ACCEPT
sudo iptables -A TCPOUT -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A TCPOUT -d 172.16.0.0/12 -j ACCEPT
sudo iptables -A TCPOUT -d 10.0.0.0/8 -j ACCEPT
sudo iptables -A TCPOUT -o tun+ -j ACCEPT
sudo iptables -A UDPIN -s 192.168.0.0/24 -j ACCEPT
sudo iptables -A UDPIN -i tun+ -j ACCEPT
sudo iptables -A UDPOUT -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A UDPOUT -d 209.222.18.222/32 -j ACCEPT
sudo iptables -A UDPOUT -d 209.222.18.218/32 -j ACCEPT
sudo iptables -A UDPOUT -p udp -m udp --dport 1197 -j ACCEPT
sudo iptables -A UDPOUT -p udp -m udp --dport 1198 -j ACCEPT
sudo iptables -A UDPOUT -o tun+ -j ACCEPT
sudo iptables -A COMMIT
#
# Ping Private Internet Access Servers for lowest TTL Response
ping au-melbourne.privateinternetaccess.com # Ping AU_Melbourne Private Internet Access location Domain Name
ping au-perth.privateinternetaccess.com # Ping AU_Perth Private Internet Access location Domain Name
ping au-sydney.privateinternetaccess.com # Ping AU_Sydney Private Internet Access location Domain Name
ping austria.privateinternetaccess.com # Ping Austria Private Internet Access location Domain Name
ping belgium.privateinternetaccess.com # Ping Belgium Private Internet Access location Domain Name
ping ca-montreal.privateinternetaccess.com # Ping CA_Montreal Private Internet Access location Domain Name
ping ca-toronto.privateinternetaccess.com # Ping CA_Toronto Private Internet Access location Domain Name
ping ca-vancouver.privateinternetaccess.com # Ping CA_Vancouver Private Internet Access location Domain Name
ping czech.privateinternetaccess.com # Ping Czech_Republic Private Internet Access location Domain Name
ping de-berlin.privateinternetaccess.com # Ping DE_Berlin Private Internet Access location Domain Name
ping de-frankfurt.privateinternetaccess.com # Ping DE_Frankfurt Private Internet Access location Domain Name
ping denmark.privateinternetaccess.com # Ping Denmark Private Internet Access location Domain Name
ping fi.privateinternetaccess.com # Ping Finland Private Internet Access location Domain Name
ping france.privateinternetaccess.com # Ping France Private Internet Access location Domain Name
ping hk.privateinternetaccess.com # Ping Hong Kong Private Internet Access location Domain Name
ping hungary.privateinternetaccess.com # Ping Hungary Private Internet Access location Domain Name
ping in.privateinternetaccess.com # Ping India Private Internet Access location Domain Name
ping israel.privateinternetaccess.com # Ping ISrael Private Internet Access location Domain Name
ping italy.privateinternetaccess.com # Ping Italy Private Internet Access location Domain Name
ping japan.privateinternetaccess.com # Ping Japan Private Internet Access location Domain Name
ping lu.privateinternetaccess.com # Ping Luxenmourg Private Internet Access location Domain Name
ping mexico.privateinternetaccess.com # Ping Mexico Private Internet Access location Domain Name
ping nl.privateinternetaccess.com # Ping Netherlands Private Internet Access location Domain Name
ping nz.privateinternetaccess.com # Ping New Zealand Private Internet Access location Domain Name
ping no.privateinternetaccess.com # Ping Norway Private Internet Access location Domain Name
ping poland.privateinternetaccess.com # Ping Poland Private Internet Access location Domain Name
ping ro.privateinternetaccess.com # Ping Romania Private Internet Access location Domain Name
ping sg.privateinternetaccess.com # Ping Singapore Private Internet Access location Domain Name
ping spain.privateinternetaccess.com # Ping Spain Private Internet Access location Domain Name
ping sweden.privateinternetaccess.com # Ping Sweden Private Internet Access location Domain Name
ping swiss.privateinternetaccess.com # Ping Switzerland Private Internet Access location Domain Name
ping ae.privateinternetaccess.com # Ping UAE Private Internet Access location Domain Name
ping uk-london.privateinternetaccess.com # Ping UK_London Private Internet Access location Domain Name
ping uk-manchester.privateinternetaccess.com # Ping UK_Manchester Private Internet Access location Domain Name
ping uk-southampton.privateinternetaccess.com # Ping UK_Southampton Private Internet Access location Domain Name
ping us-atlanta.privateinternetaccess.com # Ping US_Atlanta Private Internet Access location Domain Name
ping us-california.privateinternetaccess.com # Ping US_California Private Internet Access location Domain Name
ping us-chicago.privateinternetaccess.com # Ping US_Chicago Private Internet Access location Domain Name
ping us-denver.privateinternetaccess.com # Ping US_Denver Private Internet Access location Domain Name
ping us-east.privateinternetaccess.com # Ping US_East Private Internet Access location Domain Name
ping us-florida.privateinternetaccess.com # Ping US_Florida Private Internet Access location Domain Name
ping us-houston.privateinternetaccess.com # Ping US_Houston Private Internet Access location Domain Name
ping us-lasvegas.privateinternetaccess.com # Ping US_Las_Vegas Private Internet Access location Domain Name
ping us-newyorkcity.privateinternetaccess.com # Ping US_New_York_City Private Internet Access location Domain Name
ping us-seattle.privateinternetaccess.com # Ping US_Seattle Private Internet Access location Domain Name
ping us-siliconvalley.privateinternetaccess.com # Ping US_Silicon_Valley Private Internet Access location Domain Name
ping us-texas.privateinternetaccess.com # Ping US_Texas Private Internet Access location Domain Name
ping us-washingtondc.privateinternetaccess.com # Ping US_Washington_DC Private Internet Access location Domain Name
ping us-west.privateinternetaccess.com # Ping US_West Private Internet Access location Domain Name
#
# Same but without DNS lookups
#
ping 168.1.75.8 # AU_Melbourne
ping 103.231.89.12 # AU_Perth
ping 137.59.252.156 #AU_Sydney
ping 185.216.34.228 #Austria
ping 77.243.191.20 #Belgium
ping 199.229.249.182 #CA_Montreal
ping 172.98.67.31 #CA_Toronto
ping 107.181.189.76 #CA Vancouver
ping 89.238.186.229 #Czesh Republic
ping 193.176.86.124 #DE_Berlin
ping 185.220.70.140 #DE_Frankfurt
ping 82.102.20.184 #Denmark
ping 196.244.191.50 #Finland
ping 185.128.25.158 #France
ping 119.81.135.2 #Hong_Kong
ping 185.128.26.19 #Hungary
ping 138.128.180.66 #India
ping 31.168.172.142 #Israel
ping 82.102.21.213 #Italy
ping 103.208.220.134 #Japan
ping 92.223.89.134 #Luxemborgh
ping 169.57.0.214 #Mexico
ping 46.166.137.235 # Netherlands
ping 103.231.90.173 #New Zealand
ping 82.102.27.74 #Norway
ping 185.244.214.194 #Poland
ping 86.105.25.70 #Romania
ping 37.120.208.77 #Singapore
ping 185.230.124.50 #Spain
ping 45.12.220.228 #Sweden
ping 185.156.175.91 #Switzerland
ping 45.9.250.42 #UAE
ping 89.238.154.242 #UK_London
ping 89.238.137.37 #UK_Manchester
ping 31.24.226.208 #UK_Southampton
ping 66.115.168.11 #US_Atlanta
ping 91.207.175.47 #US_California
ping 104.200.153.96 #US_Chicago
ping 174.128.226.2 #US_Denver
ping 194.59.251.53 #US_East
ping 193.37.252.40 #US_Florida
ping 74.81.88.74 #US_Houston
ping 162.251.236.7 #US_Las_Vegas
ping 107.182.231.27 #US_New_York_City
ping 104.200.154.75 #US_Seattle
ping 199.116.118.189 #US_Silicon_Valley
ping 162.216.46.43 #US_Texas
ping 70.32.0.134 #US_Washington_DC
ping 104.200.151.9 #US_West

I've also tried to append all the firewall rules used to help secure the Raspberry Pi. Seeing as its a somewhat more mobile desktop in this case, I've added entries for all the different IPv4 private network schemes. As well as ssh access from my home LAN.


Is there a way I can get the script to ping all these servers and add it to a dataset at startup, then have it choose the lowest server. This seems to be my only snag at this point.


Any tips or advice is greatly appreciated.


Have a good day all,

HaloSlayer255
# 2  
Seems like a lot of unnecessary work to me.

Network response times can change from minute to minute, based on network conditions you have no control over.

You are better off to pick the "best" access point geographically close to you (initially), measured by the number of hops normally (and maybe bandwidth / delay), and not try to over optimize, in my opinion.

Sorry, not to be more encouraging.

Of course, if you want to "over optimize", go for it.
# 3  
Thank you for the reply Neo,


I should have remembered that, my networking and telecommunications skills are a bit rusty.


Come to think of it the private internet access vpn app for android and arch x86_64 has the functionality I'm trying to mirror. Perhaps I can take a look at the relevent code in the arch package and try to port some of its functionality to this.


Trying to get this idea working for raspberry pi which uses the arm cpu architecture. I also noticed that sometimes webpages would load slower based on server congestion. Example New_York_City could have 35ms one moment then at 11:00PM could have 530ms, even though its relatively closer. I thought perhaps I could socket the services similar to how dnscrypt-proxy could be socketed.


Will keep trying different ideas.


Thanks again Neo,
HaloSlayer255
# 4  
Network conditions change constantly.

If you create an algorithm to select the fastest VPN host at time = T0, it is highly possible a few minutes later that same selection, which appeared optimal at time = T0, will be much slower than it was before at time = T0 + "not too many seconds later"; especially when you are on a public network shared by many people.

You have no control over when someone else who shares the same host decides to upload or download a huge file. You have no control over others who might also be trying to "optimize" like you, on a shared public network.

The architecture, android, arch x86_64, etc are not relevant because the issue is not under the control of your architecture on shared public networks.

Sounds like you have not done much network management or Internet system design work before.....
# 5  
Not really too much work,


Just configuring wireless access points, and a few related devices.


Cant find anything right now in my area (or state) so I daylight at a store. Would jump ship in a heartbeat though, but only have associates degree.


Designing networks, and coming up with network topology. Didn't do much work with that, just configuration of device interfaces, routing protocols. Its been so long, that its cobwebs in my brain now.


HaloSlayer255
This User Gave Thanks to haloslayer255 For This Post:
# 6  
Well, I commend you for your project ideas and your work, plus your honesty, positive attitude and creativeness.

Every project we conceive and build brings us knowledge; and so I say " go for it" if you are having fun and have the time.

What are your next steps?
Login or Register for Dates, Times and to Reply

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #237
Difficulty: Easy
Paul Baran was the first to build a theoretical model for communication using packet switching.
True or False?

10 More Discussions You Might Find Interesting

1. IP Networking

VPN Server & Client

First of all, hello. I have a problem installing a vpn server and client. My server is a computer running windows 7, and windows, running a virtual machine running debian. In the debian system, I've the vpn server installed (SoftEther VPN Server) The problems come when I try to connect to... (1 Reply)
Discussion started by: Blues23
1 Replies

2. UNIX for Dummies Questions & Answers

VPN on an online server

Hi there, Believe it or not, the word VPN doesn't give any search result in the forum. I'm trying to get started with VPN. I'm currently in the process of setting up a server. I found a lot of howtos on the web. There's still one thing that I'm not sure of. My plan is to setup the VPN... (4 Replies)
Discussion started by: chebarbudo
4 Replies

3. AIX

Help Me - AIX server connect to a VPN network

Hi, I have a task requested by my boss to create a script to enable a server to connect to a vpn network and then to connect to another server to upload some data... How can I connect to a vpn network from AIX server? via telnet? ssh? I have tried to google but mostly the answers are... (1 Reply)
Discussion started by: mushr00m
1 Replies

4. UNIX for Dummies Questions & Answers

Need help explaining how to use a VPN on a UNIX server with a Mac OS

I have gotten a gig to teach someone how to use a VPN client for a UNIX server on a MAC os. The problem is I have never used UNIX, dont mess with VPN's (my dad has a VPN that I have used a couple of times). I'm currently taking a crash course on UNIX but I was wondering if anyone could help me with... (0 Replies)
Discussion started by: psycopuppy
0 Replies

5. Web Development

Apache Web Server - Invalid Response

Hi, I have a SCO Unix Openserver V6 server which is hosting a website with Apache V1.3 as the http server. The web site has an initial login screen which re-directs to another page once the user name and password has been verified. When connecting to the website and trying to login, it times... (0 Replies)
Discussion started by: Martyn
0 Replies

6. Solaris

Cisco IOS VPN server IKE

How do I tell if Cisco IOS VPN server IKE is running on my solaris 10 system (1 Reply)
Discussion started by: pgsanders
1 Replies

7. AIX

how would you know your server was rebooted 3 times or 5 times

Is there such location or command to know how many times did you reboot your server in that particular day?in AIX. (3 Replies)
Discussion started by: kenshinhimura
3 Replies

8. Shell Programming and Scripting

SNMP Timeout: No Response from server

When I tried to connect snmp from one server to another server Timeout: No Response from server is comming Pls suggest (0 Replies)
Discussion started by: madhusmita
0 Replies

9. Solaris

Solaris 10 - vpn server

I would like to setup my solaris 10 x86 system as a vpn server. I can't seem to find any good links on setting it up. Do you guys have some links that could walk me thru on setting up the vpn server so that windows clients can connect to it? (4 Replies)
Discussion started by: kungpow
4 Replies

10. Shell Programming and Scripting

Reading response from server

I am trying to write a korn shell script which posts commands to a server and read the response back from the server. Any idea how I can read the servers response? I have tried doing the following: ( LOGIN:xxxxx command to server read ANSWER echo $ANSWER >file1... (4 Replies)
Discussion started by: frustrated1
4 Replies

Featured Tech Videos