Auto run "nordvpn connect (country)" Command on qube start? Safe setup of VPN in a qube/template

User Support General
1

I have a qube with nord vpn installed on the template, Autoconnect is turned on. But it seems that the command
“nordvpn set autoconnect on (desired country)”
Is not working. It always connects to the fastest server. In most cases fastest is closest server to me…

So i want to be able to automatically run command
nordvpn connect (desired country)
On my qube boot.

I am guessing that I need to make changes to my template.
Do I need to install some startup manager software or what?

Thanks in advance :slightly_smiling_face:

2

There are multiple ways to do this.

  1. Write a systemd service
  2. Write a cron job
  3. Write it into ~./profile
  4. Write it into ~/.bash_rc (nope)

From elegant, to more hacky.

For 2, add:

@reboot sleep 5 && nordvpn connect (desired country)

To your /etc/crontab

The sleep is there to make sure, that the system is more or less booted.

1 Like
3

Run the following in your nordvpn appvm

$ mkdir -p /home/user/.config/autostart
$ cat << EOF > /home/user/.config/autostart/nordvpn-connect.desktop
[Desktop Entry]
Type=Application
Name=Nordvpn connect
Exec=nordvpn connect <country>
EOF
$ chmod +x /home/user/.config/autostart/nordvpn-connect.desktop
2 Likes
4

That’ll run only if he opens the terminal though, and every time he does so.

1 Like
5

Or use an autostart of course :slight_smile:

6

Yes, i kinda thought that, but was not 100% sure. You are right.

7

Must i do this in my VPN template?
If I have understood correctly all changes made in my vpn qube will be restored to settings from von template.

When I try this in my VPN template I get
… connect.desktop: Permission denied

8

No, in your VPNAppVM.

Some places (like your home directory) are persistent over the AppVMs restarts. If you modify them in your template, you will see no change in your AppVM as it will get those folders from your last shutdown. As this is modifying a file in your home, you need to do this in your actual running AppVM.

At what specific command? They all seem fine to me, looking at the permissions. But i think i know where the error is: Your username is not user!

So quick linux Bash 101:

Alternatively you can do all of this manually. Here is what those commands do:

Creates an “autostart” directory in /home/user/.config/ and any parent directories needed.

Writes:

[Desktop Entry]
Type=Application
Name=Nordvpn connect
Exec=nordvpn connect <country>

To the file /home/user/.config/autostart/nordvpn-connect.desktop

chmod +x /home/user/.config/autostart/nordvpn-connect.desktop

makes this file executable.

As you might not use user for your name, one can use variables, as the term $HOME (or ~) will point to your home directory, regardless of your name. The directory /home/ holds all your user directoriers. If your are called “userA” on your qubes, your only have permission to write to your $HOME which would be /home/userA. Therefore the creation of (or stuff in) /home/user/ is denied.

Here is a name independed version that should work:

mkdir -p $HOME/.config/autostart
cat << EOF > $HOME/.config/autostart/nordvpn-connect.desktop
[Desktop Entry]
Type=Application
Name=Nordvpn connect
Exec=nordvpn connect <country>
EOF
chmod +x $HOME/.config/autostart/nordvpn-connect.desktop

I know, this stuff seems hard at first, but try to understand what is going on. It will help you a lot for your understanding of how linux works “under the hood”.

Extra!
cat does read files to your terminal. But with

cat << EOF
hello
EOF

You instruct it to read the next lines below that command, until it reads EOF (can be anything else too).
With:

cat << EOF > somefile
content of somfile
EOF

You instruct it to read the next lines until EOF, but instead of writing it into your terminal, it writes that to the file somefile.

If it still fails:
Try doing this manually or at least step by step. If one command does not work, try posting the whole error message, of everything so we can see what command fails, and how exactly.

9

Here are pictures. It seems that I have no acces to my home/user/.config/autostart folder
It is locked for me.
I am doing this in my vpn qube, not in template
Also my name is user in this Qube

IMG_20221116_004135
IMG_20221116_0041351834×738 248 KB

IMG_20221116_003720
IMG_20221116_0037201762×1620 202 KB

10

I understand how Linux works enough to not be a complete noob. I started using linux a long time ago. Only when I began worrying about my privacy and security online i have resolved to switch to qubes os completely from Windows or other Linux distros.

11

Try my username agnostic version, i suspect your username is different from user and this is causing the problem.

If this is not the case, we need to do some further troubleshooting.

12

If ~/.config/autostart is agnostic version then the same thing happens

Permission denied

13

oh wow that is strange!

Is the directory ~/.config/ existent? And if so ~/.config/autostart?
If not create them.

cd ~ && ls -lla | grep config
should output something like

drwxr-xr-x  9 username username   4096 Nov 11 22:33 .config
14

It is there and I can enter it but I can’t seem to create anything in autostart folder as I have no root privileges and I am not the owner as it seems.

This outputs
drwx------ 9 user user 4096 Nov 15 18:30 .config

IMG_20221116_010926
IMG_20221116_0109261920×1171 210 KB

15

alright, lets fix the permissions. (If anybody has any objections to this, i am using the stock whonix-ws permissions of drwxr-xr-x user user.)

This can be achieved with:
Edit: Syntax of chown wrong, see next post.

sudo chown ~/.config $USER:$USER && chmod 755 ~/.config
sudo chown ~/.config/autostart $USER:$USER && chmod 755 ~/.config/autostart
sudo chown ~/.config/autostart/nordvpn-connect.desktop $USER:$USER && chmod +x ~/.config/autostart/nordvpn-connect.desktop

Then it should work. Remember to change the <country> in your file to the appropriate value.

16

This outputs to

chow: invalid user ‘/home/user/.config’

Could it be a mistake in the template
I am doing this on a vpn qube, based on vpn template

Edit
On the template I get the same output

17

Oh yeah, i misspelled the command, chown <user>:<group> <target> sorry. Corrected:

sudo chown $USER:$USER ~/.config && chmod 755 ~/.config
sudo chown $USER:$USER ~/.config/autostart  && chmod 755 ~/.config/autostart
sudo chown $USER:$USER ~/.config/autostart/nordvpn-connect.desktop && chmod +x ~/.config/autostart/nordvpn-connect.desktop
18

Output to this is
chown: changing ownership of ‘/home/user/.config/autostart’; Operation not permitted

Edit: forgot to put sudo Infront
I have acces now. I will try to setup the boot command now from start

19

It is all setup now only the command doesn’t run on boot or it runs to early
When I run it manually it works.
How can I insert a delay of maybe 5 seconds to this?

Edit:
It worked after second reboot. All good now. Thanks a lot for the help.

For people with the same problems
After first reboot i was logged off nordvpn in my VPN qube

I had to give my template internet acces to login again to Nord. It disconnected me for some reason.

And after all that my VPN qube is logged in and the boot command works. :beers:

20

Not a good idea generally. It’s better to create bind-dirs to in your AppVM and then log in there, not in the template.

The error you were having was due to creating the autostart dir as root.

Username in VMs is default for everyone, unless he went out of his way to change that, that could’ve never been the problem, the error would’ve been different (ie file does not exist).

You can create a script that keeps trying to connect until a connection is made. If you paste here the output of nordvpn status I can help you with that (feel free to remove IP addresses and whatnot, just preserve the structure of the output).