Posted: Wed Sep 19, 2018 7:21 Post subject: OpenVPN: Random Server with changing ca.crt
Implementing a random server selection with some VPN providers like TorGuard is easy...
* Use remote-random command to select server from a list given on the same script.
* Ca.crt file is same for all servers - so just load the same file always
With NordVPN, this is complicated since all servers use separate ca.crt and auth-key.
* Random server can be selected from a list (say xy12.nordvpn.com is chosen)
* Next the script needs to select the certificate file for same server (xy12_nordvpn_com_ca.crt) and also the auth-key (xy12_nordvpn_com_tls.key)
Problem: How to make the script select the correct ca.crt and Auth-key from a folder where all the certificates and auth-key are stored. Naming convention is as shown in the examples above. I have a USB drive where I can store the all the certificate and auth-key files permanently
The script will need to first select the random server, then use the random server name to select the correct certificate file and auth-key file. Is this possible in the script? Anyone who can help please...
Would have been nice to be able to load the files via script, but that is beyond my level of knowledge. Anyways ... turnaround found, in case any other person is interested.
I manually checked and compared the ca.crt and tls-auth key files of several servers of NordVPN. Some of the newer servers have the same ca.crt and tls-auth key.
User needs to manually (and painstakingly) open selected server-configs and compare the relevant files to make a master list. Remote-Random can be done with the common ca.crt and auth key files and a sub-set of servers from this master list.
I have asked NordVPN support for help (list of servers with common ca.crt and tls-auth key files). If they help me, I will post here for other's benefit.
Thanks.
That's a starting point for gathering further knowledge. It's nice to see an expert working on the same issue and still improving his script (last change was yesterday)
Often, just a small pointer from experts (like your short comment here) puts people on the right track. Multiple google searches did not take me to this page ... maybe I was using the wrong keywords.
I was looking for a similar solution and finally found this solution from tobse which did an excellent job of automating NordVPN server changes. The only drawback I found was the need to load up my router with all the NordVPN server config files which slows down the server selection and also has a lot of slow servers to go through before it finds a decent server to connect to.
I however wanted to only have a subset of servers that were fast and downloads the config from NordVPN site to the router. My solution was to build this in Python3 (I am not a bash expert, sorry), so it works across OS (Windows/Linux...)
Thanks.
That's a starting point for gathering further knowledge. It's nice to see an expert working on the same issue and still improving his script (last change was yesterday)
Often, just a small pointer from experts (like your short comment here) puts people on the right track. Multiple google searches did not take me to this page ... maybe I was using the wrong keywords.
I am curious how you would automate the endpoint changes? You still need to change the openvpn.conf to update remote server changes, right? Also you need to know the list of valid (and least loaded) remote servers to connect to...
I am not a networking expert and would like to know if there are better solutions out there.