LinuxCommandLibrary

protonvpn-cli

Connect to ProtonVPN servers

TLDR

Log in to the ProtonVPN account

$ protonvpn-cli login [username]
copy


Start a kill switch upon connecting to ProtonVPN
$ protonvpn-cli killswitch --on
copy


Connect to ProtonVPN interactively
$ protonvpn-cli connect
copy


Display connection status
$ protonvpn-cli status
copy


Block malware using ProtonVPN NetShield
$ protonvpn-cli netshield --malware
copy


Disconnect from ProtonVPN
$ protonvpn-cli disconnect
copy


Display the current ProtonVPN configuration
$ protonvpn-cli config --list
copy


Display help for a subcommand
$ protonvpn-cli [subcommand] --help
copy

SYNOPSIS

protonvpn-cli [OPTIONS] COMMAND [ARGUMENTS]

PARAMETERS

connect [SERVER]
    Establishes a VPN connection. Can specify a server name (e.g., US#1), or use options like --fastest, --random, --country, etc.

disconnect
    Disconnects from the currently active VPN server.

status
    Displays the current connection status, including the connected server, protocol, and elapsed time.

login
    Authenticates your Proton VPN account using a browser-based login process.

logout
    Logs out your Proton VPN account from the CLI.

refresh
    Refreshes the internal server list and other configuration data.

servers
    Lists available Proton VPN servers with their details such as country, city, load, and supported features (P2P, Tor, Secure Core).

settings
    Manages various client settings including default protocol, Kill Switch, DNS leak protection, NetShield, and split tunneling.

--help
    Displays a help message for the command or subcommand and exits.

--version
    Shows the program's version number and exits.

--fastest
    (Used with connect) Connects to the fastest available server based on latency.

--random
    (Used with connect) Connects to a random available server.

--country <COUNTRY_CODE>
    (Used with connect) Connects to a server in a specific country, e.g., --country US.

--city <CITY_NAME>
    (Used with connect) Connects to a server in a specific city, e.g., --city New York.

--p2p
    (Used with connect) Connects to a P2P-optimized server.

--tor
    (Used with connect) Connects to a Tor-optimized server.

--free
    (Used with connect) Connects to a free server.

--secure-core
    (Used with connect) Connects to a Secure Core server for enhanced security.

--protocol <PROTOCOL>
    (Used with connect or settings) Specifies or sets the VPN protocol (e.g., wireguard, openvpn_udp, openvpn_tcp).

--killswitch <on|off>
    (Used with settings) Enables or disables the Kill Switch feature, which blocks internet traffic if the VPN connection drops.

--dnsleak-protection <on|off>
    (Used with settings) Enables or disables DNS leak protection to prevent DNS requests from being exposed.

--netshield <on|off|strict>
    (Used with settings) Configures NetShield, which blocks ads, malware, and trackers.

--split-tunneling <on|off>
    (Used with settings) Enables or disables split tunneling, allowing specific applications or IPs to bypass the VPN.

--debug
    Enables debug logging for troubleshooting.

--persistent
    (Used with connect) Attempts to reconnect automatically if the VPN connection drops.

DESCRIPTION

The protonvpn-cli command-line interface provides a robust way to manage your Proton VPN connection directly from the terminal. It enables users to establish secure, encrypted VPN tunnels, protecting their online privacy and bypassing geo-restrictions. This tool supports various VPN protocols, server selection based on country, city, or features like P2P and Tor, and advanced security features such as Kill Switch, DNS Leak Protection, and NetShield. It's designed for users who prefer a non-GUI environment or need to automate VPN connections via scripts.

CAVEATS

  • Requires systemd-resolved or a compatible DNS resolver for optimal DNS leak protection on some systems.
  • The Kill Switch functionality relies on iptables rules and requires proper setup; users should verify its behavior carefully to ensure no accidental internet access outside the VPN tunnel.
  • Updates to the CLI client should be performed regularly to ensure compatibility with Proton VPN's evolving infrastructure and security features.
  • Initial login using the login command requires a web browser for authentication, as it uses an OAuth flow.

INSTALLATION

The protonvpn-cli is typically installed via official Proton VPN repositories for various Linux distributions or by downloading and installing the Python package. Users should follow the official installation guide for their specific OS to ensure all dependencies are met.

KILL SWITCH BEHAVIOR

When enabled, the Kill Switch blocks all internet traffic outside the VPN tunnel. This is a critical privacy feature but can also prevent internet access if the VPN connection drops or if the protonvpn-cli service is not running or properly configured. Users must ensure the Kill Switch is correctly configured for their specific use case.

SYSTEM REQUIREMENTS

The CLI tool requires Python 3 and several Python packages for its operation. It also relies on systemd for service management and typically requires OpenVPN or WireGuard client applications to be installed on the system, depending on the chosen VPN protocol.

HISTORY

Proton VPN was launched by Proton Technologies AG, the company behind ProtonMail, with a strong focus on privacy and security. The protonvpn-cli tool was developed to provide a native, robust command-line interface for Linux users, integrating deeply with system network components. Its development reflects Proton VPN's commitment to open-source software and providing flexible tools for advanced users and automation.

SEE ALSO

openvpn(8), nmcli(1), ip(8), wg(8)

Copied to clipboard