VPN manager for Omarchy ( Arch based) linux.

Company: Freelance IT Support
Project URL: https://github.com/robertkokenyesi/vpn-manager

The Problem

I recently switched to Omarchy Linux (a minimal Arch-based distro by DHH), and ran into an annoying issue - ProtonVPN's official app just didn't work. The GUI kept crashing and the CLI tool was clunky. I needed a simple way to toggle my VPN without opening terminals or running commands every time.

The Solution

I built a lightweight VPN manager that integrates directly into Waybar (my status bar). Now I can:

  • Click once to connect/disconnect
  • Right-click to switch between VPN servers
  • VPN automatically reconnects after my laptop wakes from sleep

How It Works

The system is built around four main bash scripts:

vpn-toggle.sh

    • handles the connection logic. It uses a lock file to prevent double-clicks (it was an issue for me with Waybar, i did not find the reason yet), checks if the VPN is currently active using ip link show, and then starts or stops the appropriate systemd service. The script also runs resolvconf -u before connecting to fix DNS issues I kept running into.

    vpn-status.sh

    • runs every 3 seconds and outputs JSON that Waybar can read. It checks if the VPN interface exists and returns the appropriate icon state (connected/disconnected/none). This is what makes the visual indicator update in real-time.

    vpn-select.sh

    • lists all WireGuard configs from /etc/wireguard/ and presents them in a terminal menu (using Omarchy's floating terminal launcher). When you select a different server, it stops the current VPN, updates the config file, and starts the new one - all seamlessly.

    The Suspend/Wake Problem

    The trickiest part was getting the VPN to reconnect after suspend. When you close your laptop lid, Linux suspends to RAM and kills active network connections. The VPN interface stays "up" technically, but the connection is dead and routes are broken.
    I solved this with vpn-restore.sh - a script the installer generates that checks if the VPN was enabled before suspend, and if so, restarts the WireGuard service after wake. A systemd service (vpn-restore.service) triggers this script automatically when the system wakes up. It includes a wrapper to find the logged-in user (since the service runs as root) and executes the restore script in their context.

    The Boot Problem

    Another issue I hit: VPN wouldn't connect reliably on boot. The WireGuard service would start before the network was ready, fail, and give up. The solution was adding systemd service overrides to every VPN config:

    After=network-online.target
Wants=network-online.target

    This tells systemd "don't start the VPN until the network is actually online". The installer creates these overrides automatically for all your WireGuard configs.

    What I Learned

    • This was great practice for:
    • Writing bash scripts
    • Working with systemd services and understanding service dependencies
    • Managing Linux permissions and sudoers configuration
    • Debugging suspend/wake cycles and systemd targets
    • The importance of testing on real hardware (VMs don't handle suspend well)

    My  project is based on this github project >>> JacobusXIII - omarchy-wireguard-vpn-toggle,  also got some AI help (Claude and Grok) for code structure and edge cases - it is a great way to learn best practices while building something useful.

    The project is open source on GitHub. Feel free to use it if you're running into the same issue!

    Robert Kokenyesi