Openvpn reconnect script


#1

Openvpn vpn should auto reconnect if it is broken. But in some situations, it will exit because of the server send an exit command. For example, if you IP is changed and the server doesn’t like it.

Here is a VPN auto re-connection script. If someone has this problem please test.

Name this file /usr/bin/vpn_reconnect, then enable execution

chmod +x /usr/bin/vpn_reconnect

Add it it at the end of /etc/rc.local, before exit

/usr/bin/vpn_reconnect &

Here is the file content

#!/bin/sh

#wait for the openvpn to connect for the first time
sleep 120

while [ true ]; do

#check if openvpn is enabled, if not, go to next loop
vpn_enabled=$(uci get glconfig.openvpn.enable)
if [ "$vpn_enabled" != "1" ]; then
	echo "VPN not enabled, check 20 seconds later"
	sleep 20
	continue
fi

vpn_pid=$(pidof openvpn)
tun0_ifname=$(ifconfig tun0)

if [ -z "$tun0_ifname" ] && [ -z "$vpn_pid" ]; then
	echo "VPN enabled but not running, restarting it"
    /etc/init.d/startvpn restart
else
	echo "VPN is connected and connecting, check 20 seconds later"
fi

sleep 20

done

How to write Script
#2

Hi Alzhao.
Can you kindly explain what the following commands in this script do:

continue # surely the script continues without this line?

vpn_pid=$(pidof openvpn) # what is pidof openvpn?
tun0_ifname=$(ifconfig tun0) #checking for value 0/1 to see if VPN is dis/en abled?

if [ -z “$tun0_ifname” ] && [ -z “$vpn_pid” ] # what does the z do and what does the whole line do in layman’s terms?

Thanks,
G

EDIT:
OK, I worked it out myself.
continue > simply continues the loop
the “-z” check to see if the value is zero. If either value is zero (vpn_pid or tun0_ifname) then it restarts the VPN (/etc/init.d/startvpn restart).


#3

pidof openvpn means the process ID of a running openvpn.

This command want to check openvpn client is connected to server or not.

-z is one option of test command, -z STRING means the length of STRING is zero.


#4

Thanks for your input.


#5

Hi, I use VPN unlimited and it seems to drop my vpn connection if it’s not being used. I used the vpn_reconnect script and it works great at keeping the connection alive. The problem I have is getting that script to run every time the device starts. I added it to rc.local but it does not seem to run on startup. I have made it and rc.local both executable. Any ideas ?


#6

Did not work for me with Private internet access with AR300M on 2.27 firmware.

I had openvpn on and working, but then after what I believe was a reconnect openvpn said it was up and connected but I could not access any websites, it was behaving like it does when openvpn disconnects and “Force VPN” box is checked. I will try again without that Force VPN box checked, although I’d prefer to have it on.

Edit: I tried again with the Force VPN box unchecked. OpenVPN page on 192.168.8.1 GUI shows VPN is connected, but in verifying it really is not (checking IP address online shows this). I can access the internet but it is not really through VPN and my local IP is exposed. So I don’t know what the problem is, but reconnect script is not really working for me for some reason.

Wed Apr 4 12:19:50 2018 daemon.info odhcpd[1439]: Using a RA lifetime of 0 seconds on br-lan
Wed Apr 4 12:19:58 2018 daemon.info gl-health>>: AP Ok=1
Wed Apr 4 12:19:58 2018 daemon.info gl-health>>: network(caIfnames) = wan wan6 wwan
Wed Apr 4 12:19:58 2018 daemon.info gl-health>>: check wpa runing = 2453
Wed Apr 4 12:19:58 2018 daemon.info gl-health>>: STA Ok=1
Wed Apr 4 12:19:58 2018 daemon.info gl-health>>: Everthing is OK!!!
Wed Apr 4 12:19:58 2018 daemon.info gl-health>>: check wpa runing = 2453
Wed Apr 4 12:19:58 2018 daemon.info gl-health>>: Connected Hotspot: SSID = Fort, BSSID = 48:f8:censored

Wed Apr 4 12:20:05 2018 kern.info kernel: [ 9708.517503] wlan-sta: failed to use reserved channel context, disconnecting (err=-122)
Wed Apr 4 12:20:05 2018 kern.info kernel: [ 9708.525983] wlan-sta: failed to finalize channel switch, disconnecting
Wed Apr 4 12:20:05 2018 daemon.notice netifd: Network device ‘wlan-sta’ link is down
Wed Apr 4 12:20:05 2018 daemon.notice netifd: Interface ‘wwan’ has link connectivity loss
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.575008] ------------[ cut here ]------------
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.579970] WARNING: CPU: 0 PID: 14025 at compat-wireless-2017-01-31/net/mac80211/tx.c:4073 ieee80211_csa_is_complete+0xe4/0x668 mac80211
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.593091] Modules linked in: ath9k ath9k_common pppoe ppp_async option l2tp_ppp iptable_nat ath9k_hw ath uvcvideo usb_wwan sierra_net sierra rndis_host qmi_wwan pptp pppox ppp_mppe ppp_generic nf_nat_pptp nf_nat_ipv4 nf_nat_amanda nf_conntrack_pptp nf_conntrack_ipv6 nf_conntrack_ipv4 nf_conntrack_amanda mac80211 ipt_REJECT ipt_MASQUERADE huawei_cdc_ncm gspca_zc3xx gspca_sonixj gspca_sonixb gspca_main cp210x cfg80211 cdc_ncm cdc_ether xt_time xt_tcpudp xt_tcpmWed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.823187] CPU: 0 PID: 14025 Comm: ls Not tainted 4.4.92 #0
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.829040] Stack : 80441bdc 00000000 00000001 804a0000 8584c284 80490e63 804196ec 000036c9
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.829040] 804f3714 86ff9460 00000004 00000006 00000000 800a77d8 8041ee08 80490000
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.829040] 00000003 86ff9460 8041d210 87c09d90 00000000 800a5754 9959c7f4 00000000
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.829040] 00000001 80238300 00000000 00000000 00000000 00000000 00000000 00000000
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.829040] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.829040] …
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.866060] Call Trace:
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.868611] [<80071e78>] show_stack+0x54/0x88
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.873124] [<80081c78>] warn_slowpath_common+0xa0/0xd0
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.878537] [<80081d30>] warn_slowpath_null+0x18/0x24
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.883863] [<86eaa0bc>] ieee80211_csa_is_complete+0xe4/0x668 [mac80211]
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.890886] [<86fe07d8>] ath9k_csa_is_finished+0x34/0x64 [ath9k]
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.897148] [<86eb005c>] ieee80211_delayed_tailroom_dec+0x114/0x1b8 [mac80211]
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.904734]
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.906276] —[ end trace 2f2f86152f2f8615 ]—
Wed Apr 4 12:20:06 2018 daemon.notice netifd: wwan (2471): udhcpc: received SIGTERM
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.984967] ------------[ cut here ]------------
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9708.989952] WARNING: CPU: 0 PID: 14033 at compat-wireless-2017-01-31/net/mac80211/tx.c:4073 ieee80211_csa_is_complete+0xe4/0x668 mac80211
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.003077] Modules linked in: ath9k ath9k_common pppoe ppp_async option l2tp_ppp iptable_nat ath9k_hw ath uvcvideo usb_wwan sierra_net sierra rndis_host qmi_wwan pptp pppox ppp_mppe ppp_generic nf_nat_pptp nf_nat_ipv4 nf_nat_amanda nf_conntrack_pptp nf_conntrack_ipv6 nf_conntrack_ipv4 nf_conntrack_amanda mac80211 ipt_REJECT ipt_MASQUERADE huawei_cdc_ncm gspca_zc3xx gspca_sonixj gspca_sonixb gspca_main cp210x cfg80211 cdc_ncm cdc_ether xt_time xt_tcpudp xt_tcpmWed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.233171] CPU: 0 PID: 14033 Comm: uci Tainted: G W 4.4.92 #0
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.240365] Stack : 80441bdc 00000000 00000001 804a0000 8584c284 80490e63 804196ec 000036d1
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.240365] 804f3714 86ff9460 00000004 00000006 00000000 800a77d8 8041ee08 80490000
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.240365] 00000003 86ff9460 8041d210 87c09d90 00000000 800a5754 5a70b456 00000000
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.240365] 8048ff70 80238300 00000000 00000000 00000000 00000000 00000000 00000000
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.240365] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.240365] …
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.277388] Call Trace:
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.279937] [<80071e78>] show_stack+0x54/0x88
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.284451] [<80081c78>] warn_slowpath_common+0xa0/0xd0
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.289864] [<80081d30>] warn_slowpath_null+0x18/0x24
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.295195] [<86eaa0bc>] ieee80211_csa_is_complete+0xe4/0x668 [mac80211]
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.302212] [<86fe07d8>] ath9k_csa_is_finished+0x34/0x64 [ath9k]
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.308516] [<86eb005c>] ieee80211_delayed_tailroom_dec+0x114/0x1b8 [mac80211]
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.316070]
Wed Apr 4 12:20:06 2018 kern.warn kernel: [ 9709.317611] —[ end trace 2f2f86152f2f8615 ]—
Wed Apr 4 12:20:06 2018 user.notice mwan3: ifdown interface wwan (unknown)
Wed Apr 4 12:20:06 2018 daemon.notice netifd: Network device ‘wlan0’ link is down
Wed Apr 4 12:20:06 2018 kern.info kernel: [ 9709.528007] br-lan: port 2(wlan0) entered disabled state
Wed Apr 4 12:20:06 2018 daemon.info odhcpd[1439]: Using a RA lifetime of 0 seconds on br-lan
Wed Apr 4 12:20:07 2018 kern.info kernel: [ 9710.105734] wlan-sta: authenticate with 48:f8:censored
Wed Apr 4 12:20:07 2018 kern.info kernel: [ 9710.124554] wlan-sta: send auth to 48:f8:censored (try 1/3)
Wed Apr 4 12:20:07 2018 kern.info kernel: [ 9710.147996] wlan-sta: authenticated
Wed Apr 4 12:20:07 2018 kern.info kernel: [ 9710.197877] wlan-sta: associate with 48:f8:censored (try 1/3)
Wed Apr 4 12:20:07 2018 daemon.notice netifd: Network device ‘wlan-sta’ link is up
Wed Apr 4 12:20:07 2018 daemon.notice netifd: Interface ‘wwan’ has link connectivity
Wed Apr 4 12:20:07 2018 daemon.notice netifd: Interface ‘wwan’ is setting up now
Wed Apr 4 12:20:07 2018 kern.info kernel: [ 9710.210195] wlan-sta: RX AssocResp from 48:f8:censored (capab=0x411 status=0 aid=8)
Wed Apr 4 12:20:07 2018 kern.info kernel: [ 9710.218668] wlan-sta: associated
Wed Apr 4 12:20:07 2018 daemon.notice hostapd: wlan0: AP-STA-DISCONNECTED d0:4f:censored
Wed Apr 4 12:20:07 2018 kern.info kernel: [ 9710.237295] br-lan: port 2(wlan0) entered forwarding state
Wed Apr 4 12:20:07 2018 kern.info kernel: [ 9710.243078] br-lan: port 2(wlan0) entered forwarding state
Wed Apr 4 12:20:07 2018 daemon.notice netifd: Network device ‘wlan0’ link is up
Wed Apr 4 12:20:07 2018 daemon.notice netifd: wwan (14147): udhcpc: started, v1.25.1
Wed Apr 4 12:20:07 2018 daemon.err openvpn[2336]: event_wait : Interrupted system call (code=4)
Wed Apr 4 12:20:07 2018 daemon.warn openvpn[2336]: ERROR: Linux route delete command failed: external program exited with error status: 2
Wed Apr 4 12:20:07 2018 daemon.notice netifd: wwan (14147): udhcpc: sending discover
Wed Apr 4 12:20:08 2018 daemon.notice openvpn[2336]: /sbin/ip addr del dev tun1 local 10.6.11.6 peer 10.6.11.5
Wed Apr 4 12:20:08 2018 daemon.notice openvpn[2336]: SIGHUP[hard,] received, process restarting
Wed Apr 4 12:20:08 2018 daemon.notice openvpn[2336]: OpenVPN 2.4.3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Apr 4 12:20:08 2018 daemon.notice openvpn[2336]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Wed Apr 4 12:20:09 2018 kern.info kernel: [ 9712.237841] br-lan: port 2(wlan0) entered forwarding state
Wed Apr 4 12:20:10 2018 daemon.notice netifd: wwan (14147): udhcpc: sending discover
Wed Apr 4 12:20:10 2018 daemon.notice netifd: wwan (14147): udhcpc: sending select for 192.168.1.160
Wed Apr 4 12:20:10 2018 daemon.notice netifd: wwan (14147): udhcpc: lease of 192.168.1.160 obtained, lease time 86400
Wed Apr 4 12:20:10 2018 daemon.notice netifd: Interface ‘wwan’ is now up
Wed Apr 4 12:20:10 2018 user.notice mwan3: ifup interface wwan (wlan-sta)
Wed Apr 4 12:20:11 2018 daemon.info odhcpd[1439]: Using a RA lifetime of 0 seconds on br-lan
Wed Apr 4 12:20:11 2018 user.notice firewall: Reloading firewall due to ifup of wwan (wlan-sta)
Wed Apr 4 12:20:13 2018 daemon.notice openvpn[2336]: TCP/UDP: Preserving recently used remote address: [AF_INET]198.8.80.10:1198
Wed Apr 4 12:20:13 2018 daemon.notice openvpn[2336]: UDP link local: (not bound)
Wed Apr 4 12:20:13 2018 daemon.notice openvpn[2336]: UDP link remote: [AF_INET]198.8.80.10:1198
Wed Apr 4 12:20:14 2018 daemon.warn openvpn[2336]: WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 1558’, remote='link-mtu 1542’
Wed Apr 4 12:20:14 2018 daemon.warn openvpn[2336]: WARNING: ‘cipher’ is used inconsistently, local=‘cipher AES-128-CBC’, remote='cipher BF-CBC’
Wed Apr 4 12:20:14 2018 daemon.notice openvpn[2336]: [8b16d519fd64fcab605e70a5789eedc2] Peer Connection Initiated with [AF_INET]198.8.80.10:1198
Wed Apr 4 12:20:15 2018 daemon.notice openvpn[2336]: AUTH: Received control message: AUTH_FAILED
Wed Apr 4 12:20:15 2018 daemon.notice openvpn[2336]: SIGTERM[soft,auth-failure] received, process exiting
Wed Apr 4 12:20:20 2018 daemon.info hostapd: wlan0: STA d0:4f:censored IEEE 802.11: authenticated
Wed Apr 4 12:20:20 2018 daemon.info hostapd: wlan0: STA d0:4f:censored IEEE 802.11: associated (aid 1)
Wed Apr 4 12:20:20 2018 daemon.notice hostapd: wlan0: AP-STA-CONNECTED d0:4f:censored
Wed Apr 4 12:20:20 2018 daemon.info hostapd: wlan0: STA d0:4f:censored RADIUS: starting accounting session 7F312B1E3FE23DE4
Wed Apr 4 12:20:20 2018 daemon.info hostapd: wlan0: STA d0:4f:censored WPA: pairwise key handshake completed (RSN)
Wed Apr 4 12:20:20 2018 daemon.info dnsmasq-dhcp[2120]: DHCPREQUEST(br-lan) 192.168.8.195 d0:4f:censored
Wed Apr 4 12:20:20 2018 daemon.info dnsmasq-dhcp[2120]: DHCPACK(br-lan) 192.168.8.195 d0:4f:censored Daniels-iPad
Wed Apr 4 12:20:20 2018 daemon.info odhcpd[1439]: Using a RA lifetime of 0 seconds on br-lan
Wed Apr 4 12:20:24 2018 daemon.info odhcpd[1439]: Using a RA lifetime of 0 seconds on br-lan
Wed Apr 4 12:20:28 2018 daemon.info gl-health>>: AP Ok=1
Wed Apr 4 12:20:28 2018 daemon.info gl-health>>: network(caIfnames) = wan wan6 wwan
Wed Apr 4 12:20:28 2018 daemon.info gl-health>>: check wpa runing = 2453
Wed Apr 4 12:20:28 2018 daemon.info gl-health>>: STA Ok=1
Wed Apr 4 12:20:28 2018 daemon.info gl-health>>: Everthing is OK!!!
Wed Apr 4 12:20:28 2018 daemon.info gl-health>>: check wpa runing = 2453
Wed Apr 4 12:20:28 2018 daemon.info gl-health>>: Connected Hotspot: SSID = Fort, BSSID = 48:f8:censored


#7

I don’t think you need to make rc.local executable because openwrt will deal with it.

Can you make sure the path is correct in rc.local?
/usr/bin/vpn_reconnect &


#8

From your log, openvpn process is still alive so the script will not restart it. Openvpn will start itself.

The script only works if the openvpn server send an exit command the openvpn client exits.


#9

Maybe I don’t understand - I am not sure PIA aka Private Internet Access ever sends an EXIT command, the VPN connection just fails and needs to be reconnected, which I’d hope this script would do because it fails quite frequently, multiple times a day for the AR300M on PIA (vs once every few weeks on Linux Mint using OpenVPN as I do not like the Linux PIA app).

As I noted it did seem to reconnect or at least claimed OpenVPN was connected, but it really wasn’t as my local IP addr was in use…which makes using the reconnect script worse than not using it because it fools me into believing I am still connected and exposes my private information. If the reconnect script needs a clean “EXIT” from the openvpn server to work, I guess it will not solve the vast majority of VPN drops that I see on AR300M.


#10

The problem is the connection gets “stuck” even though the VPN still appears connected.

I use a ping script from this thread:

You can use the script and/or first try making the changes in the ovpn file.


#11

Hi alzhao, many thanks for replying.
I did have the wrong path and it now does run on startup.

The issue I now face is that if the openvpn client get stuck in “connecting” mode it does not appear that the vpn_reconnect kills it and tries again.

I have to still login to the openvpn client page and click the apply button till I get it connected.

The message I was getting was

OpenVpn is connecting …
Last log WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Initialization Sequence Completed
[openvpn2.vpnunlimitedapp.com] Inactivity timeout (–ping-exit), exiting
/usr/bin/ip addr del dev tun0 local 10.200.0.234 peer 10.200.0.233
SIGTERM[soft,ping-exit] received, process exiting

vpn_reconnect doesn’t seem to detect that’s not connected, kill it and try again which I think is what I need.

Any ideas ?


#12

Would this work:

It’s what I’m currently thinking of trying. A combination of scripts from this thread…

#!/bin/sh

#wait for the openvpn to connect for the first time
sleep 120

while [ true ]; do

#check if openvpn is enabled, if not, go to next loop
vpn_enabled=$(uci get glconfig.openvpn.enable)
if [ “$vpn_enabled” != “1” ];then
echo "VPN not enabled, check 20 seconds later"
sleep 20
continue
fi

if ! ping -I tun0 -c5 -w6 lede-project.org; then
echo “VPN enabled but not running, restarting it”
/etc/init.d/startvpn restart
else
echo "VPN is connected and connecting, check 20 seconds later"
fi

sleep 20

done

Will the ping command work the way i want it to?


#13

So the steps are
1.

And save /etc/rc.local

  1. Make new file

/usr/bin/vpn_reconnect

With contents

#!/bin/sh

#wait for the openvpn to connect for the first time
sleep 120

while [ true ]; do

#check if openvpn is enabled, if not, go to next loop
vpn_enabled=$(uci get glconfig.openvpn.enable)
if [ “$vpn_enabled” != “1” ]; then
echo "VPN not enabled, check 20 seconds later"
sleep 20
continue
fi

vpn_pid=$(pidof openvpn)
tun0_ifname=$(ifconfig tun0)

if [ -z “$tun0_ifname” ] && [ -z “$vpn_pid” ]; then
echo “VPN enabled but not running, restarting it”
/etc/init.d/startvpn restart
else
echo "VPN is connected and connecting, check 20 seconds later"
fi

sleep 20

done

Step 3 and the last step try to execute

Using Putty because it is the only program that can execute command

And kindly please show me if my step is right or wrong. I’m trying to sum it up right now :smiley: