Monday, 14 November 2016

Private Internet Access - detect VPN disconnect and automatically reconnect

So after finally settling on choosing a new VPN provider, (being Private Internet Access from the previous which was BTGuard), I noticed that every now and again the PIA VPN drops.

The VPN client comes with a KillSwitch which automatically kills all network connections as soon as this happens - but it's not really what I'm after. I'm not THAT paranoid about online connectivity, I just want a UK breakout - so basically just reconnect and carry on would be nice. You would think they would have an 'automatic reconnect' option or something but unfortunately not - so I created one.

I have to admit, I spent quite a bit of time messing about with PowerShell and WMIObject to try and catch the NetEnabled trigger. I'm running the VPN client on a Windows 7 laptop so I don't have access to the NetAdapter module (boohoo). If you want THAT solution there are plenty of google articles out there. 

The laptop is a dedicated VPN machine I intend to use as a VPN Gateway, so I'm happy to leave it on Windows 7 for now.

The VPN client isn't kind enough to trigger an event log when it disconnects, so I started with the idea of monitoring the TAP NIC created by the PIA Client on install - but let me save you the time and tell you, don't waste your time with the WMIObjects - yes it does work, but it's a lot of work and you have to keep polling the status to see if it's up or down. This is about as pretty as a looping ping command continuously in the background parsing the output for timeouts....ugh!

Something I found more elegant is a task schedule that triggers when the VPN disconnects. Then you just set the scheduled action to run the damn thing again which, if it's set to connect on startup, reconnects the VPN. Much prettier I think.

But wait - didn't I just say the VPN client isn't kind enough to trigger an event log when it disconnects?  True - but what the disconnect does trigger almost immediately is a Browser election when the interface drops.
We use this as our disconnect trigger.

STEP 1: Configure the client
  • Right-click the private internet access client from your system tray and select Settings (you will notice you can't change settings while it's connected, so stop your "Loony Tunes Bumper Pack" torrent download, disconnect the VPN client, then try again)
  • Tick the box labelled "Auto-connect on launch"
  • Check your region if it's relevant to you. I also have it to "Start application at login" but that's just because the laptop is dedicated to the VPN.


STEP 2: Run the task scheduler
  • Start button, type "Task" and you should see "Task Scheduler" appear at the top.
  • Create a Task and under the General Tab;
  • Give it a name - mine is "VPN disconnect trigger" Tick "Run with highest privileges" and leave the rest of the settings on this tab.

  • Under the Triggers Tab;
  • Click New... Set "Begin the task:" to "On an Event"
  • Leave the Settings as Basic and select the System log (dropdown riiiiight to the bottom to find "System")
  • Set the Source to Browser
  • Set the EventID to 8033
  • Ensure "Enabled" is ticked Click "OK"

Now head to the "Actions" tab;
  • Click New...
  • Make sure the Action is "Start a program"
  • At this point it helps to grab the PIA shortcut - leave the "Edit Action" windows open, click your Start button, type in "Private Internet Access", and you should see the "Private Internet Access" program pop up at the top of the list.
  • Right click "Private Internet Access" program, select Properties
  • The shortcut windows opens up with the shortcut already selected - so all you have to do is hit CTRL + C, OR right-click the selected text and select "Copy" Close the shortcut window and get back to your Task Scheduler "Edit Action" window and in the Program/Script text box hit CTRL + V, OR right click and select "Paste"




  • In the "Add Arguments (optional)" text box type: --startup
  • Make sure it's all in lower case
  • Click OK


The SettingsTab;
When you set the VPN client to start when windows starts, it sets up a task to trigger the VPN client on log on.  This task stays running for as long as the pi_manager.exe is running, whether it's connected or not.

To try and avoid any conflicts or multiple threads (I didn't bother testing whether it's an issue or not) I just set the reconnect trigger Settings to kill the task if it's still running.  I'm not sure if this applies to the action or just the task, but at the end of the day only one vpn client ends up running, so either the .exe sorts itself out, or this setting helps.  If you're really pedantic you can test it and decide if you need it.


The rest;
I didn't have anything to add to the defaults, so I left the rest of the tabs. You can fiddle, but I'd suggest make sure it's working with the above settings first, then fiddle.

That's pretty much it.  When you click OK and Click OK again it should save the Task and ask you for a username and password.  If you're an admin user, use yours - if not, specify an admin user (otherwise you get the UAC popping up asking if it's allowed to let the program run).

Now might be a good time to bounce your machine.  Once you've logged in again your PIA-VPN should auto-connect (if you're doing the start with Windows option)
Once it's happily connected, disconnect it and wait about 10-15 seconds - you should see your PIA VPN start up again.

If it doesn't you may want to add a display message action that says something like "Triggered!" to help troubleshoot.  If it pops up but the VPN client doesn't reconnect, make sure you typed --startup all in lowercase.  

If you're super-nervous about being 'public' for even one second (which makes me think you probably should be arrested anyway) then use the VPN killswitch.  If you really want me to blog and automatic restart for that too, leave a comment or something.