I have simple conky that I run on my main desktop box (which is currently in storage as I'm homeless... looking for another one ) & now that my notebook is my prime machine, it has been getting a lot of attention lately. Having just changed from AirVPN to PIA VPN, I've had to write some little scripts so that I can call a PIA exit server from whatever country I choose. Not having Air's Eddie GUI, to easily see by its colour, or to mouse over in the Tint2 tray to check on it condition is something that I miss.
So, I put my old conky up, modified it a little to suit this hardware & added:
# execi tells a command to repeat - below every 30 (or whatever) seconds it checks the external IP address
${color pink}External IP:$color ${color red}${execi 10 curl -s ipinfo.io/ip}$color
execi is cool.
I would like to make a tiny conky that is windowed & sits on top of any other windows (my browser in particular), so that I can always keep an eye on my external IP. I'd also like to make something so that if I loose connection to the VPN, it will immediately kill my internet connection. In my early days using Air (before they had released their GUI), I rigged up a pretty clumsy way of doing that by swapping resolv.conf files & changing the iptable rules. I'd really like to find an easier way than that this time. Apart from the fact that the resolv.conf part won't work with PIA.
Here is the script:
#!/bin/bash
## Starts IPTables & shows that it is running.
## Then:
## Function to swap 2 files holding DNS addresses, /etc/resolv.conf
## & /etc/resolv.conf_VPN.
## To protect from the possibility of the resolv.conf with non-VPN
## DNS address overwriting your resolv.conf_VPN & causing you to use
## the wrong DNS, this script now checks whether resolv.conf &
## resolv.conf_VPN are the same, & if they are, then resolv.conf_VPN
## is replaced by its backup, ie, /etc/resolv.conf_VPN.bak.
##
## After the above is done, then OpenVPN with AirVPN server is
## called. When OpenVPN closes, the resolv.conf files are swapped
## back again, so the original, non VPN file (DNS) is restored to
## /etc/resolv.conf .
## You need to create the /etc/resolv.conf_VPN & the
## /etc/resolv.conf.VPN.bak files with the AirVPN DNS & a backup
## DNS that is NOT your ISP's DNS.
##
## I use the following 4 lines of text for those two previously
## mentioned files:
##
## # AirVPN DNS followed by Google's DNS:
## domain home
## nameserver 10.4.0.1
## nameserver 8.8.8.8
##
###########################################
# Turn on iptables - which protects my IP by allowing only VPN DNS
# if I lose VPN all internet connections are imediately stopped.
systemctl start iptables.service
systemctl status iptables.service
iptables -nvL --line-numbers
#Check entered arguments
if [ ! $1 ] || [ ! $2 ]
then
echo "Using inbuilt defaults"
file1="/etc/resolv.conf"
file2="/etc/resolv.conf_VPN"
else
file1=$1
file2=$2
fi
#Check if the files exist
if [ ! -f $file1 ] || [ ! -f $file2 ]
then
echo "File(s) doesnt exist"
exit 1
fi
#Check whether the files are same
if [[ ! `cmp $file1 $file2` ]]
then
echo "Files $file1 $file2 same"
echo "Replacing $file2 with $file2.bak"
if [ ! -f "$file2.bak" ]
then
echo "File $file2.bak doesnt exist"
echo "Exiting.."
exit 1
else
cp "$file2.bak" "$file2"
fi
fi
#The swap function
swap()
{
cp $file2 file.bak
mv $file1 $file2
mv file.bak $file1
}
#Swap the files
swap $file1 $file2
echo "Files $file1 and $file2 swapped"
#Do openVPN stuff
cd /etc/openvpn
#openvpn --config /etc/openvpn/AirVPN_NL_Dorsum_UDP-443.ovpn
openvpn --config AirVPN_NL_Dorsum_UDP-443.ovpn
cd ~
#Again swap the files, ie, go back to the original state
swap $file2 $file1
echo "Files $file2 and $file1 swapped"
# Turn off iptables - this allows usage of NON-VPN internet & DNS
# this is here for certain circumstances when it may be useful.
# Just uncomment the following two lines if needed. Doing so
# renders the identity protection that may be offered by your
# IPTables setup useless.
#systemctl stop iptables.service
#echo "Turned off iptables - normal internet is now accessible BEWARE!"
#Done
exit 0
Yeh, it has a little systemd stuff in it, but that could be replaced.