Skip to content

fraxflax/proton-wg

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
 
 
 
 
 
 

Repository files navigation

proton-wg

proton-wg.sh - ProtonVPN Linux Client WireGuard interface setup script

brings down/up an ProtonVPN WireGuard interface and sets up the routing and dns via it

proton-wg.sh must be run as root

proton-wg.sh is free software written by Fredrik Ax <proton-wg@axnet.nu>
Feel free to modify and/or (re)distribute it in any way you like. (It's always nice to be mentioned though ;-) )

proton-wg.sh comes with ABSOLUTELY NO WARRANTY.

If you expirence any problems with proton-wg.sh, are lacking any functionality or just want to voice your opions about it, feel free to contact me via e-mail: Fredrik Ax <proton-wg@axnet.nu>
(also, if you need a script for setting up a Linux router to route certain subnets via ProtonVPN, feel free to contact me)

INSTALL

Just copy / download the proton-wg.sh script into your PATH and make it executable:
https://raw.githubusercontent.com/fraxflax/proton-wg/refs/heads/main/proton-wg.sh

From CLI:

curl -o /usr/local/bin/proton-wg.sh https://raw.githubusercontent.com/fraxflax/proton-wg/refs/heads/main/proton-wg.sh
chmod a+rx /usr/local/bin/proton-wg.sh

USAGE

NAME

proton-wg.sh - ProtonVPN Linux Client WireGuard interface setup script

SYNOPSIS

proton-wg.sh [ --silent ] up CC [ rand | INDEX | rtt | CONFIGFILE ] [ dns ]

proton-wg.sh [ --silent ] down

DESCRIPTION

This script selects among config files that have been generated at

https://account.proton.me/vpn/WireGuard

and downloaded to /etc/wireguard/ named: wgp[a-z]{2}[0-9a-z]+.conf where [a-z]{2} is the two letter contrycode and [0-9a-z]+ is the INDEX using the selected config to bring up an wireguard Proton VPN.

OBSERVE that you need to edit the config files commenting out the Address line and the DNS line:

  #Address = 10.2.0.2/32
  #DNS = 10.2.0.1

BUT do not remove the lines, they are expected to be in the file, just commented out without whitespace after the #

Examples of of valid config filenames:

/etc/wireguard/wgpuk142.conf
/etc/wireguard/wgpch42tor.conf

OPTIONS

  • --silent
    If --silent is present, the script will silently (to allow for seamless integration with ifupdown or other network management tools) exit with status 0 on success and status 1 upon errors and failure.

  • down
    Bring down all interfaces matching wgp[a-z]{2} restoring the default routing and DNS.

  • up
    Bring up an wireguard interface named wgpcc (cc being the countrycode) and set the default routing via it. As only one wgp interface can be up at any time, it will firstly bring down any existing wgp[a-z]{2} interface.

  • CC
    Two letter country code.

  • rand
    Selects random conf for given country-code. (this is the default as well as fallback for ### and CONFIGFILE)

  • INDEX
    Select config for given country-code with this "index" matching the regex [0-9a-z]+

  • rtt
    Select config for peer with lowest latency (ping rtt).

  • CONFIGFILE
    hardcodes the config file to use

  • dns
    Update /etc/resolv.conf with the DNS server from the config file.

EXAMPLES

proton-wg.sh up ch
will randomly select a config file matching /etc/wireguard/wgpch[0-9a-z]+.conf

proton-wg.sh up dk rtt dns
will among config files matching /etc/wireguard/wgpdk[0-9a-z]+.conf select the one with lowest latency peer (ping rtt) and update /etc/resolv.conf with the DNS server from the config file

proton-wg.sh up us 42
will select a config file named /etc/wireguard/wgpus42.conf if present and otherwise randomly select one correctly named 'us' config file

Example of how one can use this script together with ifupdown:

/etc/network/interfaces.d/wgproton

allow noauto wgpch
iface wgpch inet manual
      pre-up /bin/sh /path/to/proton-wg.sh --silent up ch rtt dns
      down /bin/sh /path/to/proton-wg.sh --silent down

allow noauto wgpus
iface wgpus inet manual
      pre-up /bin/sh /path/to/proton-wg.sh --silent up us dns
      down /bin/sh /path/to/proton-wg.sh --silent down

DEPENDENCIES

This script depends on being executed as root in a POSIX shell environment with the following utilities available:
cat cut grep head id ip ls sed shuf wc wg

To ensure this in a Debian based distribution:

sudo apt install dash coreutils sed iproute2 wireguard-tools

About

proton-wg.sh - ProtonVPN Linux Client WireGuard interface setup script

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages