My system requires the use of a vpn, of which I use expressvpn which is based upon OpenVpn but uses its own systemd daemon. All connect/disconnect commands must go through the provided binary. In order to not type these commands into the terminal after every reboot or wake from sleep (and to configure a few iptable rules) I have placed a script in /etc/NetworkManager/dispatcher.d/ catching the 'up' event.
While the script works, I am experiencing problems with expressvpn connect. After waking from sleep it acts as though multiple connect commands have been invoked. A simple solution is to restart its service.
I can issue a systemctl restart expressvpn followed by a expressvpn connect command from the terminal (as both user and sudo) without any problems, but if I add the restart command to the dispatcher script something breaks.
This is the problematic part of the script (including my temp logger lines):
date "+%H:%M:%S %d/%m/%y" &> /home/twifty/Desktop/up-log.txt
echo "restarting..." >> /home/twifty/Desktop/up-log.txt
#systemctl stop expressvpn >> /home/twifty/Desktop/up-log.txt
#systemctl start expressvpn >> /home/twifty/Desktop/up-log.txt
systemctl restart expressvpn.service
echo "connecting..." >> /home/twifty/Desktop/up-log.txt
#/usr/bin/expressvpn status >> /home/twifty/Desktop/up-log.txt
/usr/bin/expressvpn disconnect >> /home/twifty/Desktop/up-log.txt
/usr/bin/expressvpn connect >> /home/twifty/Desktop/up-log.txt
echo "setup..." >> /home/twifty/Desktop/up-log.txt
The expressvpn disconnect and connect command should output its sucess or failure, but nothing is written to the file.
The service status systemctl status expressvpn after running the script looks like:
● expressvpn.service - ExpressVPN Daemon
Loaded: loaded (/usr/lib/systemd/system/expressvpn.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2017-08-21 11:53:20 CST; 16s ago
Main PID: 5043 (expressvpnd)
Tasks: 10 (limit: 4915)
CGroup: /system.slice/expressvpn.service
└─5043 /usr/sbin/expressvpnd --client-version 1.2.0 --client-build 167
Aug 21 11:53:20 twifty-lynx systemd[1]: Started ExpressVPN Daemon.
Aug 21 11:53:20 twifty-lynx expressvpnd[5043]: /sbin/resolvconf: illegal option -- -
Aug 21 11:53:20 twifty-lynx expressvpnd[5043]: /sbin/resolvconf: illegal option -- e
Aug 21 11:53:20 twifty-lynx expressvpnd[5043]: /sbin/resolvconf: illegal option -- n
Aug 21 11:53:20 twifty-lynx expressvpnd[5043]: event_dispather: invalid subscriber addr or protocol2017/08/21 11:53:20 method Authenticate
Aug 21 11:53:20 twifty-lynx expressvpnd[5043]: 2017/08/21 11:53:20 method SetAuth has wrong number of ins: 2
Aug 21 11:53:20 twifty-lynx expressvpnd[5043]: openvpn-expressvpn: no process found
whereas, running from the terminal, the output will contain:
Aug 21 13:12:09 twifty-lynx sudo[4673]: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/dmidecode -s system-uuid
Aug 21 13:12:09 twifty-lynx sudo[4673]: pam_unix(sudo:session): session opened for user root by (uid=0)
Aug 21 13:12:09 twifty-lynx sudo[4673]: pam_unix(sudo:session): session closed for user root
without the systemctl restart line, the script runs correctly, or if I run that command as myself sudo -u twifty systemctl restart, it will also succeed. I believe this is a bug within expressvpn itself (not supporting multiple simultaneous users).
I don't want to hard code my user name within the script, I also want to support remote as well as local access. How can I set this up to support multiple users?
Update:
Prefixing the commands with sudo -u twifty does not work. When waking from a long sleep, expressvpn still acts as though multiple connect commands have been invoked, as evident by there being two tunX interfaces created when there should only be a single tun0. This is exactly the same behaviour I noticed before the reset the service fix.
