protonvpn / protonvpn-cli Goto Github PK
View Code? Open in Web Editor NEWLegacy protonvpn-cli: ProtonVPN Command-Line Tool for Linux and macOS. This has been superseded by https://github.com/ProtonVPN/protonvpn-cli-ng
License: Other
Legacy protonvpn-cli: ProtonVPN Command-Line Tool for Linux and macOS. This has been superseded by https://github.com/ProtonVPN/protonvpn-cli-ng
License: Other
When running -update, I get the following error:
$ sudo ./protonvpn-cli.sh -update
[#] Checking for update.
./protonvpn-cli.sh: line 287: sha512sum: command not found
./protonvpn-cli.sh: line 293: sha512sum: command not found
[*] protonvpn-cli is up-to-date!
OSX 10.13.3
Hi!
protonvpn-cli
is great! Would it be possible to amend the CLI arguments to follow traditional standard of:
-f
short form--foo
long formThis would make it more consistent with all the other UNIX tools.
In particular for -connect
, -fastest-connect
, -disconnect
, -ip
, -update
, -install
, -uninstall
.
Hello!
First of all, thank you for this young but promising tool. I'm looking forward to seeing how it will evolve.
Secondly, it's more a question than an issue but how can someone distinguish a regular node from a node of the Secure Core environment? Is this feature already implemented in protonvpn-cli? Is there already a publicly accessible roadmap?
Thanks for your answers.
There are known issues for IPv6 management on macOS.
This will be fixed soon. In the meantime, please disable/enable ipv6 manually on your macOS.
user@user:~$ ./protonvpn-cli.sh
[!] Error: openvpn is not installed. Install `openvpn` package to continue.
user@user:~$ sudo apt install openvpn
Reading package lists... Done
Building dependency tree
Reading state information... Done
openvpn is already the newest version (2.4.0-6+deb9u2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
user@user:~$
Getting following error when trying to connect:
I have tried to disable IPv6 as per your blogpost and the same error.
Connecting...
[!] Error connecting to VPN.
[!] There are issues in managing IPv6 in the system. Please test the system for the root cause.
Not being able to manage IPv6 by protonvpn-cli might cause issues in leaking the system's IPv6 address.
Thank you.
For example, -init could create NetworkManager vpn configuration files for each of the available servers (/etc/NetworkManager/system-connections) as well as a systemd configuration and start/stop script. That should allow for the normal Ubuntu Network Manager to show when the VPN is connected, and also show which server is connected in the system tray. It would also allow the user to see when they are are connected at a glance. They could then optionally connect to different servers through the Network Manager interface.
Hey,
by scrolling through the code I noticed a little mistake:
The DNS server address is only saved to /etc/resolv.conf when using a paid tier. The echo command saving the address has to be located outside the inner if clause.
if [[ "$1" == "to_protonvpn_dns" ]]; then
if [[ $(cat ~/.protonvpn-cli/protonvpn_tier) == "0" ]]; then
dns_server="10.8.0.1" # free tier dns
else
dns_server="10.8.8.1" # paid tier dns
echo -e "# ProtonVPN DNS - protonvpn-cli\nnameserver $dns_server" > "/etc/resolv.conf"
fi
fi
should be
if [[ "$1" == "to_protonvpn_dns" ]]; then
if [[ $(cat ~/.protonvpn-cli/protonvpn_tier) == "0" ]]; then
dns_server="10.8.0.1" # free tier dns
else
dns_server="10.8.8.1" # paid tier dns
fi
echo -e "# ProtonVPN DNS - protonvpn-cli\nnameserver $dns_server" > "/etc/resolv.conf"
fi
Please upload ProtonVPN-Cli to Debian repos so it can be downloaded and installed easily and safely.
When trying to use -c
to specify an endpoint, I get an error:
$ sudo ./protonvpn-cli.sh -c uk5 tcp
Fetching ProtonVPN Servers...
./protonvpn-cli.sh: line 405: ${2,,}: bad substitution
I have tried various formats including the # in the server name as taken from the server list when running -c
by itself, but keep getting the same error.
I've been using protonvpn on Linux Ubuntu 16.04 LTS successfully for sometime now including yesterday. After reboot today I am receiving the following two flavors of ipv6 error messages and am unable to connect:
[!] Error connecting to VPN.
[!] There are issues in managing ipv6 in the system. Please test the system for the root cause.
Not able to manage ipv6 by protonvpn-cli might cause issues in leaking the system’s ipv6 address.
And
Failed to query password: Timer expired
Connecting...
[!] Error connecting to VPN.
[!] This is an error in enabling ipv6 on the machine. Please enable it manually.
Updated sysctl to reenable ipv6 but that doesn't solve the problem just returns a generic can't connect message.
Hi,
I have been trying protonvpn-cli on Ubuntu 17.10 since the OpenVPN client has DNS leaks. When I try to connect using:
protonvpn-cli -c
I can select a VPN server and protocol, but whichever server I select I get:
Connecting...
[!] Error connecting to VPN.
[!] There are issues in managing IPv6 in the system. Please test the system for the root cause.
Not being able to manage IPv6 by protonvpn-cli might cause issues in leaking the system's IPv6 address.
How can I fix this?
Regards
Peter
Hi -
It would be great if there was a way to check the VPN status from the command line.
$ sudo ./proton-vpn -status
Status: Connected
Location: server-country
IP: ip-address
Protocol: protocol
This would allow for scripting status updates (i.e. with Übersicht) or other programmatic functions.
The script should trap
SIGINT
and tear down the setup if connection has not been established yet.
Currently Ctrl-C can put your system into a disconnected state until you rerun with -disconnect
.
On gentoo, in mine at least, openvpn fail with the config of your servers because it doesn't have /etc/openvpn/update-resolv-conf.
Saving
https://raw.githubusercontent.com/masterkorp/openvpn-update-resolv-conf/master/update-resolv-conf.sh as /etc/openvpn/update-resolv-conf, and "chmod +x" it, resolve the problem.
Maybe it's possible to check it and auto-add it?
Hi - when trying to run with PROTONVPN_CLI_LOG=true
enabled, I get the following error:
$ sudo PROTONVPN_CLI_LOG=true ./protonvpn-cli.sh -f
Fetching ProtonVPN Servers...
mktemp: illegal option -- -
usage: mktemp [-d] [-q] [-t prefix] [-u] template ...
mktemp [-d] [-q] [-u] -t prefix
[!] Error creating logging file.
On Mac, this works, though:
$ mktemp -t protonXXX
/var/folders/66/rxccsw0n7j5c02bcyfx2df940000gn/T/protonXXX.fEMGC17H
This is what I got after 4d68051:
$ sudo ./protonvpn-cli.sh -install
cp: /usr/bin/protonvpn-cli: Operation not permitted
ln: /usr/bin/pvpn: Operation not permitted
chown: /usr/bin/protonvpn-cli: No such file or directory
chown: /usr/bin/pvpn: No such file or directory
chmod: /usr/bin/protonvpn-cli: No such file or directory
chmod: /usr/bin/pvpn: No such file or directory
[*] Done.
when i connect to Tor servers which r available in VPN list it shows which type of connections i should choose UDP or TCP , and im wondering when was Tor running through UDP ??? (unless its not Tor)
When installing or running the latest version (just pulled this morning), I get the following errors when installing and running:
$ sudo ./protonvpn-cli.sh -init
./protonvpn-cli.sh: line 59: getent: command not found
./protonvpn-cli.sh: line 59: getent: command not found
Enter OpenVPN username: [Redacted]
Enter OpenVPN password:
./protonvpn-cli.sh: line 59: getent: command not found
./protonvpn-cli.sh: line 59: getent: command not found
./protonvpn-cli.sh: line 59: getent: command not found
[.] ProtonVPN Plans:
1) Free
2) Basic
3) Plus
4) Visionary
Enter Your ProtonVPN plan ID: 3
./protonvpn-cli.sh: line 59: getent: command not found
./protonvpn-cli.sh: line 59: getent: command not found
./protonvpn-cli.sh: line 59: getent: command not found
./protonvpn-cli.sh: line 59: getent: command not found
./protonvpn-cli.sh: line 59: getent: command not found
[*] Done.
$ sudo ./protonvpn-cli.sh -f
./protonvpn-cli.sh: line 59: getent: command not found
./protonvpn-cli.sh: line 59: getent: command not found
Fetching ProtonVPN Servers...
./protonvpn-cli.sh: line 59: getent: command not found
./protonvpn-cli.sh: line 59: getent: command not found
Connecting...
./protonvpn-cli.sh: line 59: getent: command not found
./protonvpn-cli.sh: line 143: ip: command not found
[$] Connected!
[#] New IP: 185.159.158.50
$ sudo ./protonvpn-cli.sh -d
Disconnecting...
./protonvpn-cli.sh: line 59: getent: command not found
cat: /Users/cantab/.protonvpn-cli/.ipv6_address: No such file or directory
./protonvpn-cli.sh: line 174: ip: command not found
[!] There are issues in managing ipv6 in the system. Please test the system for the root cause.
Not able to manage ipv6 by protonvpn-cli might cause issues in leaking the system's ipv6 address.
[#] Disconnected.
[#] Current IP: [Redacted]
Running OSX 10.13.3
IP6 set to "Automatic" configuration
Bash v3.2
Hi,
It would be very nice to be able to set autostart and a killswitch with a simple option.
Thanks
Hi,
Getting this error when trying to start the VPN. Running on Debian 8.x.
Connecting…
[!] Error connecting to VPN.
/usr/local/bin/protonvpn-cli: line 170: /root/.protonvpn-cli//.ipv6_address: No such file or directory
Tried as root or normal user using sudo. Same error. IPv6 is disabled.
Thank you,
rborsaru
Before connect I have both IPv4 and IPv4 addresses on my system.
While the VPN is active, the IPv6 interfaces are disabled.
When disconnected the IPv6 interface is not restored.
The installation of the tool works fine with Solus but once the installation I get an error "sudo: protonvpn-cli: command not found" (even after a reboot). The file is copied to the "/usr/local/bin" folder but don't seems to work
OS: Solus x86_64
OpenVPN: 2.4.5
sysctl: 3.3.12
python: 3.6.4
Dialog: 1.3-20170131
This "issue" is really just cosmetic, and maybe no one else cares, but I feel like mixing python code in with bash code is kind of janky. It also causes the GitHub project stats to be misleading: 100% shell, and yet we have a python dependency. None of any of this is truly important to the functioning of the utility, but does anyone else think it might be more clear to move this python code into separate .py
files? Or maybe eliminate bash altogether and make this a 100% python script?
I'm running Solus, the install is failing, am I missing something?
stanislas@xps ~/g/protonvpn-cli> (master|✔) sudo ./protonvpn-cli.sh -install
cp: cannot create regular file '/usr/local/bin/protonvpn-cli': No such file or directory
ln: failed to create symbolic link '/usr/local/bin/pvpn': No such file or directory
chown: cannot access '/usr/local/bin/protonvpn-cli': No such file or directory
chown: cannot access '/usr/local/bin/pvpn': No such file or directory
chmod: cannot access '/usr/local/bin/protonvpn-cli': No such file or directory
chmod: cannot access '/usr/local/bin/pvpn': No such file or directory
Done.
Thanks
When trying to connect, I get an error:
$sudo ./protonvpn-cli.sh -connect
[pick a server and protocol from the list]
[!] Error connecting to VPN.
sysctl: unknown oid 'net.ipv6.conf.all.disable_ipv6'
sysctl: unknown oid 'net.ipv6.conf.default.disable_ipv6'
Mac running 10.13.3 and Brew-installed utilities, if that helps at all.
function install_cli() {
mkdir -p "/usr/bin/"
cli="$( cd "$(dirname "$0")" ; pwd -P )/$0"
errors_counter=0
cp "$cli" "/usr/local/bin/protonvpn-cli" &> /dev/null
if [[ $? != 0 ]]; then errors_counter=$((errors_counter+1)); fi
ln -s -f "/usr/local/bin/protonvpn-cli" "/usr/local/bin/pvpn" &> /dev/null
if [[ $? != 0 ]]; then errors_counter=$((errors_counter+1)); fi
ln -s -f "/usr/local/bin/protonvpn-cli" "/usr/bin/protonvpn-cli" &> /dev/null
if [[ $? != 0 ]]; then errors_counter=$((errors_counter+1)); fi
ln -s -f "/usr/local/bin/protonvpn-cli" "/usr/bin/pvpn" &> /dev/null
if [[ $? != 0 ]]; then errors_counter=$((errors_counter+1)); fi
chown "$USER:$(id -gn $USER)" "/usr/local/bin/protonvpn-cli" "/usr/local/bin/pvpn" "/usr/bin/protonvpn-cli" "/usr/bin/pvpn" &> /dev/null
if [[ $? != 0 ]]; then errors_counter=$((errors_counter+1)); fi
chmod 0755 "/usr/local/bin/protonvpn-cli" "/usr/local/bin/pvpn" "/usr/bin/protonvpn-cli" "/usr/bin/pvpn" &> /dev/null
if [[ $? != 0 ]]; then errors_counter=$((errors_counter+1)); fi
if [[ ($errors_counter == 0) || ( $(which protonvpn-cli) != "" ) ]]; then
echo "[*] Done."
else
echo "[!] Error: There was an error in installing protonvpn-cli."
fi
}
The script tries to create /usr/bin, then copies itself to /usr/local/bin, which might not exist on all distros (like Solus), and the script doesn't try to create it. And if this first copy fails, all the others do as well since it tries to copy from the failed location.
I don't understand why the help command needs root access. As well, providing no arguments should display the help message, regardless of user access
Hello!
While investigating a bit on the source code, I noticed the tool currently stores its data on a ~/.protonvpn-cli/
folder, which is alright. However credentials are stored in plain text. How is ProtonVPN positioned about that? I mean, is it foreseen at some point to have at least the password encrypted or are the credentials considered as "reasonably safe to store in plain text"?
Thanks in advance for your answer.
P.S: please note I'm not blaming anybody, I'm just asking out of curiosity because I noticed that fact. :)
It would be nice if users could directly pass a server name (and optional protocol) to the --connect option so they can connect quickly when they already know what server they want to use. For example:
sudo protonvpn-cli --connect us-ca#6
or
sudo protonvpn-cli --connect us-ca#6 tcp
Hi all,
First of all, thank you everyone for your help in protonvpn-cli. It has been a young journey, but the progress we did is very impressive.
The next milestone we have is to confirm the macOS support for protonvpn-cli. The problems we have:
Issues in IPv6.
There is a built-in function that does the ipv6 handling. This protects against original IP leaks via ipv6 addresses.
We need to add support to handle ipv6 correctly in macOS.
Issues in DNS management.
There is a built-in function that does the DNS management in order to protect against DNS leaks.
We need to add support for macOS in this part.
If you are a macOS app user/developer, please help us by submitting a PR with fixes.
Also, the PR needs to be tested well, we will post PRs here for testers to confirm if it adds support on their machines.
Thanks again!
Mazin
protonvpn-cli doesn't seem to ever recover if a computer loses its internet connection, even for a moment. Both suspending the computer and disconnecting/reconnecting to the same (or a different) wifi network will do the trick.
After that happens, any requests just kind of hang out in limbo until it times out or until you run protonvpn-cli -d
.
It's nice that protonvpn doesn't allow any connections when the VPN connection dies, but it should be able to get back up on its own. Shutting it off to restart it allows all the stuff it's been blocking to slip through.
The issue is shortly described here:
There’s a bit of a debate on how best to update your DNS resolver on Mac OS X when connecting to an OpenVPN Server. For whatever reason, even if use DHCP on the VPN server, OS X won’t use the assigned DNS server(s). It’s been recommended to use scutil, but the scripts are crazy long and I’ve read the resolver order sometimes gets reset anyway.
The usual route of using /etc/resolv.conf does not work on OS X but specifying DNS servers in your Network Preferences does.
The solution is using scutil
, mostly recommended and used by Tunnelblick, or networksetup
for a shorter approach.
According to the script the config files shoud be stored under the home dir of the user, but the ower is still root. Is it on purpose?
chown "$USER:$(id -gn $USER)" "$(get_home)/.protonvpn-cli/protonvpn_openvpn_credentials"
GNU bash, version 4.4.19(1)-release (x86_64-unknown-linux-gnu)
I call the script in the zsh shell with sudo ./protonvpn-cli.sh -init
.
zsh 5.4.2 (x86_64-unknown-linux-gnu)
OS: Linux HOSTNAME 4.14.29-1-MANJARO #1 SMP PREEMPT Wed Mar 21 16:48:46 UTC 2018 x86_64 GNU/Linux
changed to Cloudflare's new encrypted dns nameserver 1.1.1.1 / 1.0.0.1 and it isnt allowng internet connection now using any of the ovpn configs
When uninstalling the program while currently connected, it leaves the user without an option to disconnect the session after that (except manually finding and killing the process)
While using any form of connection: -c, -r, -f and --update; I get:
[!] Error: There is an internet connection issue.
On --ip I get:
Error.
In the meantime, connecting by openvpn using provided config. files works just fine.
I'm using the latest version of raspbian on a Raspberry PI 3
If I directly use the "protonvpn-cli.sh" from the git folder or the file located in "/usr/local/bin" I can't connect to any server with either the -connect (tested with tcp and upd protocol) and the -fastest-connect commands. I have a the following message:
Connecting...
[!] Error connecting to VPN.
Disconnecting...
OS: Solus x86_64
OpenVPN: 2.4.5
sysctl: 3.3.12
python: 3.6.4
Dialog: 1.3-20170131
-c works just fine, but here are the error outputs:
$ sudo protonvpn-cli -f
Fetching ProtonVPN Servers...
Traceback (most recent call last):
File "<stdin>", line 5542, in <module>
IndexError: list index out of range
Connecting...
[!] Error connecting to VPN
$ sudo protonvpn-cli -r
Fetching ProtonVPN Servers...
Traceback (most recent call last):
File "<stdin>", line 5542, in <module>
IndexError: list index out of range
Connecting...
[!] Error connecting to VPN.
As mentioned above, the server list is pulled and parsed successfully in the dialog presented when using the -c option. If I have some time, I will look into this myself.
I just stepped upon it while reviewing #72.
The problem is the following code:
if [[ ("$1" == "to_protonvpn_dns") && ( $(detect_machine_type) != "Mac") ]]; then
if [[ $(cat "$(get_protonvpn_cli_home)/protonvpn_tier") == "0" ]]; then
dns_server="10.8.0.1" # free tier dns
else
dns_server="10.8.8.1" # paid tier dns
fi
echo -e "# ProtonVPN DNS - protonvpn-cli\nnameserver $dns_server" > "/etc/resolv.conf"
fi
This sets the DNS server to a fixed value based on what the users tier is. But the DNS server isn't determined by the users tier, but by the server the user connects to. The free servers use 10.8.0.1 and therefore the paid users can't resolve hostnames as 10.8.8.1 is set for them in all instances.
Whiel using the new CLI for ProtonVPN, the VPN connection keeps getting disconnected in the Background without giving user a warning message. So user is practically unaware of such disconnection.
I am using Linux EagleNest 4.4.0-116-generic #140~14.04.1-Ubuntu SMP Fri Feb 16 09:25:20 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux.
This issue not new, I have faced it while using ProtonVPN using just openvpn without CLI..
BUT there user sees couple of error messages and his connection blocked from leaking from regular public IP.
I hope you will FIx this ASAP. And the last fix didn't worked..
Please consider to add a checksum for the update-resolv-conf.sh
script that is downloaded.
Without verifying the checksum there is no way to verify if protovpn-cli
is safe, because there is no definite state. The downloaded script can change at any time and start to do something malicious.
[edit: just realised this Git is for the CLI and not the app. Don't file bugs before you've had coffee]
Hi - I downloaded the current update this morning and the app won't start.
The icon appears in the dock and just sits there - the only option is to Force Quit.
On system start, the app launches and hangs. This is the only entry in /var/log/system.log:
com.apple.xpc.launchd[1] (ch.protonvpn.mac.25484[676]): Service exited due to signal: Terminated: 15 sent by Dock[350]
Running the app directly from the command line gives this:
$ ./ProtonVPN
2018-03-26 07:35:32.491 ProtonVPN[968:25097] Successfully add login item.
^C
Issue is not solved.. I reinstalled & configured ProtonVPN CLI. Still connection get disconnected before manual disconnection after long duration standby period. Is it because Ubuntu drops Administrator rights given by issuing Sudo after some predefined time?
I thought this was may be because I was free user. But since now I am a paid user, I still facing the same issue.
When I connect to ProtonVPN using this CLI, traffic leaks with my real public IP address..
Earlier I used to connect ProtonVPN on Ubuntu via openvpn (using Terminal bu issuing command openvpn) and if I let the connection to be unused for long time then that time the connection hangs doesn't allow any traffic to pass any traffic thus preventing Real Public IP Leak..
But this new CLI doesn't seem to prevent that leak.
Means if connect to ProtonVPN via this new CLI at start it route all my traffic via ProtonVPN servers and issuing command like curl ifconfig.me or search on Duckduckgo shows IP address of ProronVPN servers, but if I leave connection unused for a while then issue command like curl ifconfig.me or Duckduckgo search reveals my real Public IP Address.. The frequency of constant disconnection in background is increased..
I hope you will be able to fix this soon. And Sorry for so much late reply..
Here is what I see in terminal (connection gets disconnected in background):
Connecting...
[$] Connected!
[#] New IP: 217.23.3.171
crownedeagle@EagleNest:~$ curl ifconfig.me
217.23.3.171
crownedeagle@EagleNest:~$ curl ifconfig.me
217.23.3.171
crownedeagle@EagleNest:~$ curl ifconfig.me
217.23.3.171
crownedeagle@EagleNest:~$ curl ifconfig.me
117.228.XX.XXX
crownedeagle@EagleNest:~$ sudo protonvpn-cli -disconnect
[sudo] password for crownedeagle:
Disconnecting...
[!] This is an error in enabling ipv6 on the machine. Please enable it manually.
[#] Disconnected.
[#] Current IP: 117.233.XX.XXX
crownedeagle@EagleNest:~$
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.