Skip to content

This document is a WORK IN PROGRESS.
This is just a quick personal cheat sheet: treat its contents with caution!


ProtonVPN

Reference(s)

Table of contents


Install

A correct kernel config is needed:

$ cd /usr/src/linux
# make nconfig # or `# make menuconfig`

    # Double check here:
    # <https://wiki.gentoo.org/wiki/OpenVPN#Kernel>

    > Device Drivers  --->
    >     [*] Network device support  ---> # Symbol: NETDEVICES [=y]
    >         [*] Network core driver support # Symbol: NET_CORE [=y]
    >         <*>   Universal TUN/TAP device driver support  # Symbol: TUN [=y]

Warning

After configuring the kernel don't forget to do a kernel make and rebuild!

TODO

TODO

TODO

# vi /etc/portage/package.accept_keywords
    > ...
    > # last protonvpn-cli
    > net-vpn/protonvpn-cli ~amd64
    > ...
# emerge -a net-vpn/protonvpn-cli
# nix-env -iA nixos.protonvpn-cli
# nix-env -iA nixpkgs.protonvpn-cli

Install with AUR:

$ mkdir -p ~/apps/aur-apps
$ cd ~/apps/aur-apps
$ git clone https://aur.archlinux.org/protonvpn-cli-ng.git
$ cd protonvpn-cli-ng
$ makepkg -is # --syncdeps to auto-install deps, --install to install after building

TODO

TODO

TODO

Initialize protonvpn-cli:

# protonvpn init

During the initialization step, when being asked the username and the password, use your ProtonVPN - OpenVPN credentials (not your account username and password). I.e. go to ProtonVPN website -> login -> account -> OpenVPN / IKEv2.


Config

Change protonvpn-cli configuration if needed:

# protonvpn configure


Use

  • Get status:

    $ protonvpn status
    

  • Connect to a random server:

    # protonvpn c -r
    

  • Connect to the fastest server:

    # protonvpn c -f
    

  • Connect to the fastest P2P server:

    # protonvpn c --p2p
    

  • Connect to the fastest server in a specified country:

    # protonvpn c --cc [countrycode]
    

  • Connect to the fastest "secure core" server:

    # protonvpn c --sc
    

  • Reconnect to the last server used:

    # protonvpn r
    

  • Disconnect the current session:

    # protonvpn disconnect, d
    

  • Refresh OpenVPN configuration and server data:

    # protonvpn refresh
    

  • Print example commands:

    # protonvpn examples
    

  • Display version:

    # protonvpn --version
    

  • Show help message:

    # protonvpn --help
    


OpenVPN

Reference(s)

ProtonVPN can entirely be used through OpenVPN.

$ sudo pacman -S openresolv
$ sudo emerge -a net-dns/openresolv
$ sudo apt install resolvconf

TODO


TODO


  • Create a dedicated config directory:

    $ mkdir -p $HOME/.config/openvpn/protonvpn-server-configs
    

  • Download the desired configuration files:

    • Go to the ProtonVPN website
    • Login
    • Downloads
    • OpenVPN configuration files
      1. Select platform: GNU/Linux
      1. Select protocol: UDP (recommended) or TCP if you experience slow VPN speeds
      1. Select config file and download: Standard server configs
    • Download all configurations in $HOME/.config/openvpn/protonvpn-server-configs
  • Get your credentials:

  • Install the ProtonVPN update-resolv-conf script:

    $ sudo wget "https://raw.githubusercontent.com/ProtonVPN/scripts/master/update-resolv-conf.sh" -O "/etc/openvpn/update-resolv-conf"
    $ sudo chmod +x "/etc/openvpn/update-resolv-conf"
    

  • Put you ProtonVPN credentials into a pass file:

    $ vi $HOME/.config/openvpn/protonvpn-pass.conf
        > OpenVPN-IKEv2-username
        > OpenVPN-IKEv2-password
    

  • Append the path to the pass file to all your downloaded .ovpn files:

    $ cd $HOME/.config/openvpn/protonvpn-server-configs
    $ for file in *; do echo "auth-user-pass /home/username/.config/openvpn/protonvpn-pass.conf" >> "$file"; done
    

  • Now you can connect to a ProtonVPN server like so (e.g. on server fr-36):

    $ sudo openvpn ~/.config/openvpn/protonvpn-server-configs/fr-36.protonvpn.com.udp.ovpn
    


Tips

Run the VPN per application

See vpnify.

Configure the VPN to accept traffic from public IP and respond on the same channel

TODO: /opt/update-duckdnsip

When a VPN is set up on a server, how to access it via SSH ? Or how to still let the server be available e.g. with Nginx ? I.e. how to accept traffic from public IP and respond on the same channel, not with the VPN channel ?

Find the interface name you are using to connect to the internet:

$ ifconfig
E.g. wlp2s0 is my interface.

Find your inet (/inet4) on your interface:

$ ip a show dev wlp2s0
    > ...
    > wlp2s0: ...
    >   ...
    >   inet 192.168.1.42/24 ...
    >   ...
E.g. my inet is 192.168.1.42/24. 192.168.1.42 is the local address, 24 is the netmask, and 192.168.1.0 is the subnet. (NOTE: you can configure your internet router to get a fixed inet)

Find your gateway:

$ ip route show dev wlp2s0
The gateway is the address next to "default via ...". E.g. 192.168.1.1 is my gateway.

Add a table rule:

# ip rule add from [LOCAL ADDRESS] table 128

Add routing rules:

# ip route add table 128 to [SUBNET]/[NETMASK] dev [INTERFACE]
# ip route add table 128 default via [GATEWAY]

NOTE: These rules will only last until the system shuts down. Consider reapplying them when the system reboots.

How to undo this ?

Show table:

# ip rule show
# ip route show table 128
Remove table:
# ip rule del table 128
# ip route flush table 128


If this cheat sheet has been useful to you, then please consider leaving a star here.