Auto reconnect to VPN on disconnect?
Solution 1
As of 18.10 (cannot check in earlier versions) VPN connections in NetworkManager have a setting vpn.persistent
which does just that: reconnects to a VPN on connection loss until you disconnect manually. It is set to "no"
by default and unfortunately isn't exposed neither in Gnome Network Settings nor in nm-connection-editor.
But you can set it through a CLI like this:
nmcli connection modify <Your VPN connection name> connection.autoconnect-retries 0
nmcli connection modify <Your VPN connection name> vpn.persistent yes
The connection must exist before you do that, of course. And autoconnect-retries 0
actually means "retry forever".
Also note that these settings get reset occasionally, probably with updates to NetworkManager or related packages, so you need to check them and correct back.
sources:
- https://developer-old.gnome.org/NetworkManager/stable/settings-connection.html
- https://developer-old.gnome.org/NetworkManager/stable/settings-vpn.html
Solution 2
OpenVPN has a build-in mechanism to automatically detect dead links and reconnect. In Network Manager go to "Edit Connections", select your VPN connection and choose "Edit". In the "VPN" tab click on "Advanced..." and go to the "General" Tab. There you have two relevant options:
"Specify ping interval" tell OpenVPN how frequently to check if the link is still alive. "Specify exit or restart ping" tells it how long to wait until it takes action and which action to take.
Example: My setting are "30 / ping-restart / 300". This means OpenVPN checks every 30 seconds if the link is still active. If the link is down for 300 seconds it initiates a restart.
This way there is no need for external scripts...
Solution 3
TLDR: None of these answers worked. I switched to wireguard (https://www.wireguard.com/install/)
sudo apt install wireguard
And then followed the wireguard setup from my VPN provider.
Details:
This issue was happening for me on Ubuntu 20.04. I tried the top two answers under this question (MonkeyBrain: https://askubuntu.com/a/1103326/327631 and OttoEisen: https://askubuntu.com/a/779391/327631), separately and together and the issue still occurred.
After using sudo grep openvpn /var/log/syslog
I saw:
Mar 9 01:36:06 **** nm-openvpn[429236]: [vpn-ch5] Inactivity timeout (--ping-restart), restarting
Mar 9 01:36:06 **** nm-openvpn[429236]: SIGUSR1[soft,ping-restart] received, process restarting
Mar 9 01:36:11 **** nm-openvpn[429236]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
...
Mar 9 01:36:31 **** nm-openvpn[429236]: Server poll timeout, restarting
Mar 9 01:36:31 **** nm-openvpn[429236]: SIGUSR1[soft,server_poll] received, process restarting
...
Mar 9 01:36:46 **** nm-openvpn[429236]: WARNING: Failed running command (--up/--down): could not execute external program
Mar 9 01:36:46 **** nm-openvpn[429236]: Exiting due to fatal error
And some of those logs led to this answer which also did not fix the issue:
https://askubuntu.com/a/906055/327631
Finally found this from my VPN provider, which also did not solve the problem!
sudo mkdir -p /etc/openvpn/scripts
sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -P /etc/openvpn/scripts/
sudo chmod +x /etc/openvpn/scripts/update-systemd-resolved
Then edit your OpenVPN client file (e.g. *.ovpn) by adding the up/down scripts. Add these 3 lines after the line where it shows your server name (e.g. remote servername.vpn.com 443 TCP):
script-security 2
up /etc/openvpn/scripts/update-systemd-resolved
down /etc/openvpn/scripts/update-systemd-resolved
So I gave up and switched to wireguard (https://www.wireguard.com/install/)
sudo apt install wireguard
And then followed the wireguard setup from my VPN provider.
Solution 4
After a bit of digging I found this answer, tested it (on Ubuntu GNOME 15.04) and so far it seems working.
The only thing I might add is that once the script file is created it doesn't necessarily need to be saved to your /home folder. You can save it anywhere, make it executable and add it to the list of startup programs.
Related videos on Youtube
![SNH](https://i.stack.imgur.com/9EaHb.jpg?s=256&g=1)
SNH
Updated on September 18, 2022Comments
-
SNH almost 2 years
I'm an Ubuntu GNOME user and I was wondering if there is a way to be able to automatically reconnect to a VPN on disconnection. I'm using the OpenVPN protocol.
I've checked Network Manager thoroughly but could not find such an option, only to connect to the VPN when connected to a specific WiFi.
-
smac89 about 7 yearsA bit shorter
STATUS="$(nmcli con show -f name | grep purple)"
. Or you can simply check if the actual connection is active by doingnmcli con show --active id 'purple'
-
necbot almost 7 yearsThis should be the accepted answer.
-
Display Name almost 6 yearsThis is not true for Ubuntu 18.04 at least. I have ping interval and ping-restart but it will disable itself anyway.
-
kontextify about 5 years@SargeBorsch: the answer by m0NKey bR4in seems to work (setting
vpn.persistent
toyes
). -
Wyatt Ward about 5 yearsthis is what I wanted. Thanks a million
-
Seung almost 5 yearsSince this setting is available, why doesn't network settings show it? And where / how did you find out? There is no mention of this at developer.gnome.org/NetworkManager/stable/nmcli.html but since running the command seems to succeed I guess it works...
-
m0NKey bR4in over 4 years@alf I think I found this setting just by poking at nmcli in the terminal, but it's also documented at developer.gnome.org/NetworkManager/stable/… and in nm-settings man page
-
nightwatch almost 4 yearsIf you have multiple connections, can you use this solution for all of them... assuming that it will recognize the current connection, and not attempt to connect the connections not currently being used?
-
Shadi over 3 yearsUse "nmcli con show" to list VPN names in the terminal (as well as wifi connection names)
-
Bruno Grieder over 3 years... and
nmcli connection show <Connection Name>
to show all the settings/details of the connection -
Rolf over 3 yearsHow do you do this without the GUI?
-
OttoEisen about 3 years@Rolf Add an entry
keepalive <Interval> <Timeout>
to your OpenVPN conf. This will ping the peer all <Interval> seconds and restart the connection after the <Timeout> expires without getting a reply.