Automatic Wi-Fi Hotspot Login and VPN Activation Script

Most of the time I use a 3G stick when out and about to connect to the Internet. It's just very convenient, you plug it in, hit the connect button and that's it. But there are also occasions when a Wi-Fi hotspot has its advantages if it wasn't for the manual login process and the manual activation of a VPN for privacy and security afterwards. In the past I've found some good advice on the net on how to automate the hotspot login for T-Mobile hotspots in Germany via a bookmark in the browser. That works great but there are still two manual tasks to be done before the connection is in place. So I recently decided to automate the procedure on my netbook running Ubuntu. Here's how it works:

Once Ubuntu has detected the T-Mobile hotspot and has automatically attached, I execute a bash script that does the following:

First it performs a login into the hotspot system so I get internet access. The link above shows how that is done with a bookmark in the browser. In effect, the login is performed with a HTTPS request that contains the username and password (original tip from here). In a script the HTTPS request can be sent with the following command:

wget –output-document=/dev/null "https://hotspot.t-mobile.net/wlan/index.do?username=USERNAME@t-mobile.de&password=PASSWORD&strHinweis=Zahlungsbedingungen&strAGB=AGB"

The wget command sends the request and receives the result page from the login server which is discarded to the NULL device because I don't really care about it. Next I start OpenVPN to connect to a Witopia VPN gateway:

cd /path/openvpn
sudo /usr/sbin/openvpn –config myvpnscript.ovpn &

Note that the Witopia ovpn files contain a line at the end that the openvpn executable above can't interpret and hence stops execution with an error. Just comment it out and you are good. And now comes the tricky part: Unfortunately, openvpn does not change the DNS server entry. So once the tunnel is established the OS can't resolve names to IP addresses anymore. To counter this I start openvpn in the background (&) and the script continues. I let openvpn do its initialization by waiting 5 seconds and then change the DNS server configuration with the following commands:

sleep 5
sudo cp /path/scripts/resolv.conf /etc/resolv.conf

The resolv.conf in the script's directory contains an original resove.conf from /etc in which I have put the DNS server used by Witopia which is reachable through the VPN tunnel. A bit of a kludge but it works. If you know how to do this in a more elegant way, let me know.

After that, the tunnel is established and I halt the script with the read command to wait for user input. This way, I can tear down the VPN tunnel once it is no longer needed. After the user presses a key, the openvpn tunnel is torn down. One could now also restore the original DNS entry but its not really necessary as Witopia's DNS server is reachable over the public Internet as well. 

read nothing
sudo killall -9 openvpn

There we go, not quite straight forward to come up with but once the script is in place it works like a charm. As with everything there are of course also disadvantages:

  • The network icon in the taskbar doesn't show that the VPN tunnel is established like it would if you active the VPN tunnel via the Gnome menu.
  • The script requires you to type in the root password as activating the tunnel device for the VPN link requires elevated rights.