Sudo invocation on startup seems to break Fedora

Hello, I was looking to have a ProtonVPN ready to go on start up. As such, I wrote the following and placed it into my bashrc:

#run vpn client if it is not running
isconnected=$(protonvpn status | grep Status)
isconnectedword=$(echo $isconnected | cut -d' ' -f 2)
if [ $isconnectedword = "Connected" ]
then 
	echo VPN is connected
elif [ $isconnectedword = "Disconnected" ]
then
	echo VPN not Connected!
	echo Connecting now...
	read -p "Please press ENTER" var
	if [ $isconnectedword = "Disconnected" ]
	then
		sudo protonvpn c -f
	fi
fi
unset $isconnectedword

Now, the intention was to have the VPN ready to go upon booting up the computer, so, in tandem with this code, I used gnome tweaks to set the terminal to open on startup. Problem is; this combination of modifications causes some error in the operating system boot procedure, whereby the system hangs at a blank screen indefinitely. As such, I cannot get into the operating system unless I comment out the above code. A little bit of code testing has shown that the common cause in every test seems to be the sudo protonvpn c -f line. I thought adding an if statement after a call to action would solve the problem (as shown in the code) by ensuring there are steps that mean the command itself does not run at startup, but this method does not work, which is strange. Why would a line that is not run at startup be causing such an error? is having a sudo command in the bashrc not possible?

Options:

2 Likes

I’m not sure why your system boot is affected, because your user bashrc shouldn’t be involved until you log in. It’s a little hard to guess exactly what’s going wrong without more diagnostics, but I think @vgaetera has the right suggestion — there are tools better suited for this job. In fact, it’s literally what systemd is made to do.

I haven’t tried it myself, but here’s a systemd config someone made which should at least get you on the right track:

2 Likes

PS: that said, seriously good work in trying to figure out a way to do this. If you want to try to figure out more of why it’s failing just so you know, we can keep poking. My guess is sudo is waiting for a password at some point, but, again, not sure exactly when or why. The system logs for that failed boot (look at journalctl) might help.

1 Like

Hello both contributors. Apologies for not getting back to your replies. I really want this to work, so I will do some digging as to the links @mattdm and @vgaetera have provided. I am also interested in why such a script would cause my whole system to boot into a blank screen. So, @mattdm, I started poking around in the journalctl and realised that I might need to poke around a little more specifically. Are there any keyphrases you would suggest I grep in this instance? I am very new to this kind of playing around with booting and linux substructure. I don’t even know what systemd is (any explanation here would be great (thank you @vgaetera, the third link you posted has a great, concise explanation)).

Also, thank you @mattdm and @vgaetera for your help so far!

1 Like

Hello @mattdm, unfortunately the link you have provided, indicating a protonvpn systemd autostart configuration was not successful in my case. I followed the instructions and installed the config, but the vpn is not activated. Invoking the given troubleshooting line sudo systemctl status protonvpn.service, I received:

protonvpn.service - ProtonVPN CLI Auto-Start
   Loaded: loaded (/etc/systemd/system/protonvpn.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2020-11-21 11:50:00 AEDT; 10min ago
  Process: 1464 ExecStart=/usr/local/bin/protonvpn c --cc DE (code=exited, status=1/FAILURE)
      CPU: 147ms

systemd[1]: protonvpn.service: Scheduled restart job, restart counter is at 5.
systemd[1]: Stopped ProtonVPN CLI Auto-Start.
systemd[1]: protonvpn.service: Start request repeated too quickly.
systemd[1]: protonvpn.service: Failed with result 'exit-code'.
systemd[1]: Failed to start ProtonVPN CLI Auto-Start.

Any hints as to what this error might mean?

1 Like

Yeah, in this case the /usr/local/bin/protonvpn command is exiting with an error code value 1. In Linux, commands can exit with a value between 0 and 255, and anything other than 0 is considered an error. Sometimes the documentation will give a hint as to what each number means — or sometimes they just use 1 for any failure. Of course, in this case, you’re not expecting it to exit at all. Systemd is trying to restart it (that’s its job, after all) but is noticing that it keeps giving an error so gives up.

Does the protonvpn command have a log of its own? It might say what’s failing.

2 Likes

So, I sent a support request to protonvpn, asking if they have any error logging. In the meantime, I think I’ve found the problem.

My wireless adapter (Broadcom 802.11ac) is always giving me problems. I managed to download some linux drivers for it, and it works, but not at startup. Before the first password screen, there is no internet connection as there is no wireless adapter recognised. Only once I login, does the adapter engage. I tried tethering up my computer to a connection that is recognised in the normal way and the script worked fine, the vpn connected on startup. Note, I tried going through the @vgaetera post and I had the same problem/the same solution. I am not sure why this happens with the adapter or if this could be involved in the issue outlined in the original post. I’d have to do some digging. Please let me know if you guys/gals have any ideas/advice.

The alternate connection is not practical to use so, in the meantime, I will need to find a workaround for this. Is there a way to edit a systemd service so that it waits until after initial login before running?

Edit: I found a way (of sorts). Essentially, it’s a combination of all the solutions presented here so far. So, with the systemd solution in systemctl, I re-engage gnome tweaks, set the terminal to open on startup and modify the script in bashrc as:

#run vpn client if it is not running
isconnected=$(protonvpn status | grep Status)
isconnectedword=$(echo $isconnected | cut -d' ' -f 2)
if [ $isconnectedword = "Connected" ]
then 
	echo VPN is connected
elif [ $isconnectedword = "Disconnected" ]
then
	echo VPN not Connected!
	echo Connecting now...
	systemctl restart protonvpn
fi
unset $isconnectedword

It’s not perfect, but when I startup the operating system and I login, the terminal opens and I am immediately confronted with a Graphical User Interface request for my password. The VPN then runs. This is essentially what I was going for in the original post.

1 Like

Usually, VPN is activated when the system establishes the main connection.
So, it is not actually related to the login event.

1 Like

Interesting. Again, I’m still new to this, so please feel free to tell me I’m wrong.

It seems to me that the wireless adapter cannot be found, so no main connection can be established. The VPN is activated before the login event, tries to connect but is prevented because there is no internet connection prior to the login, so the systemd process exits with the error seen above before the login is completed. As such, the issue is not with the VPN and login, but rather with the VPN, login and internet connection all being activated in the wrong order. Would you know a better way to solve this problem than the messy way I have above? I’m at a loss.

How do I make sure that my service starts after the network is really online?

1 Like

For the sake of completeness, and to aid anyone else in this predicament, I have been notified by protonVPN that they do indeed have error logs, which can be found at /.pvpn-cli/pvpn-cli.log and ~/.pvpn-cli/ovpn.log

Would anyone have any answers for the original question asked in this thread or is going to remain a mystery? I’m okay if it does remain a mystery because I have solved the problem, but I am curious as to why such behaviour occurred in the first place.

p.s. connected and disconnected are not the only two states the vpn can be in. I had some errors pop up with the script in the solution I posted. Just had to modify it to reset also if the isconnectedword string is empty. Here is that solution description again, with the correction:

I found a way (of sorts). Essentially, it’s a combination of all the solutions presented here so far. So, with the systemd solution in systemctl, I re-engage gnome tweaks, set the terminal to open on startup and modify the script in bashrc as:

#run vpn client if it is not running
isconnected=$(protonvpn status | grep Status)
isconnectedword=$(echo $isconnected | cut -d' ' -f 2)
if [ -z "$isconnectedword" ] || [ $isconnectedword = "Disconnected" ]
then
	echo VPN not Connected!
	echo Connecting now...
	systemctl restart protonvpn
	protonvpn status
elif [ $isconnectedword = "Connected" ]
then 
	echo VPN is connected
fi
unset $isconnectedword

It’s not perfect, but when I startup the operating system and I login, the terminal opens and I am immediately confronted with a Graphical User Interface request for my password. The VPN then runs. This is essentially what I was going for in the original post.

1 Like

I find the NetworkManager OpenVPN plugin significantly more convenient than third party services:

  • Allows you to manage VPN connections using both CLI and GUI.
  • Provides VPN connection autostart binding it to the main connection.
  • Displays connection status on the panel.
3 Likes

This post was flagged by the community and is temporarily hidden.