pia-wg, net.pia: Add new option: -f Fast reconnect. Only restores cached connection, does not check if connection is valid or perform any other online operations

README.md

@@ -24,6 +24,10 @@ Hop to a new server or re-submit keys to selected server, even if a cached conne
 Only generate config, do not affect current system - useful for generating configs for routers and similar devices, or WireGuard's Android/iOS apps (if you don't like the PIA app)<br>
 The generated config will be stored at `~/.config/pia-wg/pia.conf` or `/var/cache/pia-wg/pia.conf` - where the filename is based on the `PIA_INTERFACE` value in your config (default "`pia`")<br>
 if `qrencode` is available, will also print a QR code to your terminal that can be scanned by the Wireguard mobile app.
+* **-f** (fast)<br>
+Fast reconnect - _only_ restore cached connection information, do _not_ actually try to contact anything on the internet.<br>
+Has no effect with **-r** or if cached connection information is not available.<br>
+Intended for use with startup scripts.<br>
 
 During the first run, `pia-wg` will grab PIA's encryption key and initial server list, prompt for your PIA login credentials, and fetch an authentication token from PIA before proceeding to set up a wireguard connection.
 

net.pia

@@ -2,8 +2,8 @@
 
 command="/root/bin/pia-wg.sh"
 
-CONFIGDIR="${CONFIGDIR:-/var/cache/pia-wg}"
-CONFIG="${CONFIG:-/etc/pia-wg/pia-wg.conf}"
+: "${CONFIGDIR:=/var/cache/pia-wg}"
+: "${CONFIG:=/etc/pia-wg/pia-wg.conf}"
 
 extra_started_commands="reload"
 
@@ -27,7 +27,7 @@ start_pre() {
 	return 0
 }
 
-start() {
+doconn() {
 	(
 		export CONFIGDIR="$CONFIGDIR"
 		export CONFIG="$CONFIG"
@@ -41,8 +41,12 @@ start() {
 	return 0
 }
 
+start() {
+	doconn -f
+}
+
 reload() {
-	start -r
+	doconn -r
 }
 
 restart() {
@@ -51,6 +55,8 @@ restart() {
 }
 
 stop() {
-	source "$CONFIG"
-	ip link del "${PIA_INTERFACE:-pia}"
+	(
+		source "$CONFIG"
+		ip link del "${PIA_INTERFACE:-pia}"
+	);
 }

pia-wg.sh

@@ -24,6 +24,10 @@ do
 			shift
 			OPT_SHOWHELP=1
 			;;
+		"-f")
+			shift
+			OPT_FAST=1
+			;;
 		*)
 			echo "Unrecognized option: $1"
 			shift
@@ -37,9 +41,13 @@ then
 	echo
 	echo "USAGE: $(basename "$0") [-r] [-c]"
 	echo
-	echo "    -r  Force reconnection even if a cached link is available"
+	echo "    -r  Force reconnection or server hop even if a cached link is available"
 	echo
 	echo "    -c  Config only - generate a WireGuard config but do not apply it to this system"
+	echo "        Use this option for creating Android/iOS/router Wireguard configurations"
+	echo
+	echo "    -f  Fast reconnect if cached link is present - don't test connection or fetch updated serverlist"
+	echo "        Does nothing if cached link information is absent, or if -r is specified"
 	echo
 	exit 1
 fi
@@ -85,7 +93,7 @@ then
 else
 	if ! which qrencode &>/dev/null
 	then
-		echo "The 'qrencode' utility is recommended if you want to generate a config for the WireGuard Android app"
+		echo "The 'qrencode' utility is recommended if you want to generate a config for the WireGuard Android/iOS apps"
 		echo "    It will allow you to load the config easily by scanning a QR code printed to this terminal"
 		echo "    A config will still be generated without it, but you will have to apply it by another method"
 		# this is not an error, do not set EXIT
@@ -334,6 +342,8 @@ then
 
 	mv  "$REMOTEINFO.temp" \
 		"$REMOTEINFO"
+
+	unset OPT_FAST
 fi
 
 PEER_IP="$(jq -r .peer_ip "$REMOTEINFO")"
@@ -379,14 +389,14 @@ then
 	)
 	if [ "$EUID" -eq 0 ]
 	then
+		sh <<< "$ROUTES_ADD"
+	else
 		echo "Build a routing table with only hardware links to stop wireguard packets going back through the VPN:"
 		echo sudo sh '<<<' "$ROUTES_ADD"
 		sudo sh <<< "$ROUTES_ADD"
-	else
-		sh <<< "$ROUTES_ADD"
 	fi
 	echo "Table $HARDWARE_ROUTE_TABLE (hardware network links) now contains:"
-	ip route show table $HARDWARE_ROUTE_TABLE | sed -e "s/^/${TAB}/"
+	ip route show table "$HARDWARE_ROUTE_TABLE" | sed -e "s/^/${TAB}/"
 	echo
 	echo "${BOLD}*** PLEASE NOTE: if this table isn't updated by your network post-connect hooks, your connection cannot remain up if your network links change${NORMAL}"
 	echo "Managing such hooks is beyond the scope of this script"
@@ -407,7 +417,7 @@ then
 
 		# Note: unnecessary if Table != off above, but doesn't hurt.
 		# ensure we don't get a packet storm loop
-		ip rule add fwmark 51820 lookup $HARDWARE_ROUTE_TABLE pref 10
+		ip rule add fwmark 51820 lookup "$HARDWARE_ROUTE_TABLE" pref 10
 
 		if [ "$OLD_KEY" != "$SERVER_PUBLIC_KEY" ]
 		then
@@ -425,19 +435,19 @@ then
 			ip addr del "$OLD_PEER_IP/32" dev "$PIA_INTERFACE"
 
 			# remove old route
-			ip rule del to "$OLD_PEER_IP" lookup $HARDWARE_ROUTE_TABLE 2>/dev/null
+			ip rule del to "$OLD_PEER_IP" lookup "$HARDWARE_ROUTE_TABLE" 2>/dev/null
 		fi
 
 		# Note: only if Table = off in wireguard config file above
 		ip route add default dev "$PIA_INTERFACE"
 
 		# Specific to my setup
-		ip route add default table $VPNONLY_ROUTE_TABLE dev "$PIA_INTERFACE"
+		ip route add default table "$VPNONLY_ROUTE_TABLE" dev "$PIA_INTERFACE"
 	else
 		echo "Bringing up interface '$PIA_INTERFACE'"
 
 		# Note: unnecessary if Table != off above, but doesn't hurt.
-		ip rule add fwmark 51820 lookup $HARDWARE_ROUTE_TABLE pref 10
+		ip rule add fwmark 51820 lookup "$HARDWARE_ROUTE_TABLE" pref 10
 
 		# bring up wireguard interface
 		ip link add "$PIA_INTERFACE" type wireguard || exit 1
@@ -449,7 +459,7 @@ then
 		ip route add default dev "$PIA_INTERFACE"
 
 		# Specific to my setup
-		ip route add default table $VPNONLY_ROUTE_TABLE dev "$PIA_INTERFACE"
+		ip route add default table "$VPNONLY_ROUTE_TABLE" dev "$PIA_INTERFACE"
 
 	fi
 else
@@ -488,6 +498,12 @@ fi
 
 echo "PIA Wireguard '$PIA_INTERFACE' configured successfully"
 
+if [ -n "$OPT_FAST" ]
+then
+	echo "-f FAST supplied, skipping connection test and serverlist update"
+	exit 0
+fi
+
 TRIES=0
 echo -n "Waiting for connection to stabilise..."
 while ! ping -n -c1 -w 1 -s 1280 -I "$PIA_INTERFACE" "$SERVER_VIP" &>/dev/null