VPN Service with API support

[lfk]

I have been using the Free ProtonVPN service recently.  One of the features I like is they have an API that can query endpoint load and speeds.  I built a script in my router that retrieve the status of all the endpoints via API and picks the fastest responding and configured the VPN to that endpoint and put that on a schedule to run every do often.

 

API for Proton if anyone is interested (https://api.protonmail.ch/vpn/logicals)

 

I'm now considering paying for the full service but before I commit to Proton I'm trying to find out if any other VPN providers have a similar API so I have some choices rather than being tied to proton.

 

Anyone have any idea if other VPN providers have a similar API?

[LIGISTX]

21 minutes ago, lfk said:

I have been using the Free ProtonVPN service recently.  One of the features I like is they have an API that can query endpoint load and speeds.  I built a script in my router that retrieve the status of all the endpoints via API and picks the fastest responding and configured the VPN to that endpoint and put that on a schedule to run every do often.

 

API for Proton if anyone is interested (https://api.protonmail.ch/vpn/logicals)

 

I'm now considering paying for the full service but before I commit to Proton I'm trying to find out if any other VPN providers have a similar API so I have some choices rather than being tied to proton.

 

Anyone have any idea if other VPN providers have a similar API?

No, but a firewall appliance like pfsense can monitor ping to multiple endpoints and dynamically switch which route to pick based on lowest ping. This would let you use any, or multiple VPN’s and not worry about it an API is changed or removed etc. 

[lfk]

Update to my own post,  NordVPN has one.

[Alex Atkin UK]

On 7/20/2022 at 5:30 AM, LIGISTX said:

No, but a firewall appliance like pfsense can monitor ping to multiple endpoints and dynamically switch which route to pick based on lowest ping. This would let you use any, or multiple VPN’s and not worry about it an API is changed or removed etc. 

In my experience pfSense is a horrible choice for commercial VPNs, as it will bounce the firewall constantly if the servers are dropping packets.  Every time it switches routes it has to restart the firewall disconnecting existing sessions, its quite annoying.  Its the one thing I hate about pfSense.

Although I spent most of the time using AirVPN which has been really rough lately, so your mileage may vary.

[LIGISTX]

10 hours ago, Alex Atkin UK said:

In my experience pfSense is a horrible choice for commercial VPNs, as it will bounce the firewall constantly if the servers are dropping packets.  Every time it switches routes it has to restart the firewall disconnecting existing sessions, its quite annoying.  Its the one thing I hate about pfSense.

Although I spent most of the time using AirVPN which has been really rough lately, so your mileage may vary.

Hmm, I would argue your VPN’s shouldn’t be dropping packets, lol. 
 

You can also set up how much loss is acceptable before it switches, etc. 

 

I have a WireGuard VPN set up from site to site for some of my devices, it’s been extremely solid, but it’s also all self hosted, I don’t have to rely on any one else besides ISP’s. 

[Alex Atkin UK]

2 hours ago, LIGISTX said:

Hmm, I would argue your VPN’s shouldn’t be dropping packets, lol. 
 

You can also set up how much loss is acceptable before it switches, etc. 

 

I have a WireGuard VPN set up from site to site for some of my devices, it’s been extremely solid, but it’s also all self hosted, I don’t have to rely on any one else besides ISP’s. 

You're not wrong, but sadly AirVPN servers regularly have packet loss issues.  Its a hard thing to quantify though as dropping ICMP packets is not considered mission critical, ping is just a terrible way to measure reliability.  I think the only other way would be to use deep packet inspection to see if real-world traffic is dropping, but even that is problematic if the link is idle, and would dramatically increase CPU usage on the box running the VPN client.

I tried fiddling with the limits but it doesn't really help, because often the instability kicks in when the link is in use but disappears when its idle.  So it would mark the gateway down, then packet loss drops to 0, brings it back up, hits the limit again and drops it, rinse and repeat.  I just disable gateway monitoring action completely now and manually force the VPN to restart if it stops working.

This isn't limited to VPNs either though, I have a 5G backup connection that I also have to disable monitoring action as on a bad day pings can shoot up to 2000ms.

 

I will add that my Wireguard link to an IONOS hosted VPS in the US has been quite reliable, at least since I moved to FTTP.

 

Another PITA with Wireguard is to restart one VPN you have to restart the entire Wireguard service, so if you have more than one VPN you can end up fixing one and getting a worse server on another.  OpenVPN you can just restart the problematic instance.