Hi.
Some days my VPN connection seems to drop every couple of hours, or more precisely, stays as “connected” but appears totally blocked (I also get the yellow warning on the connection icon in Windows).
So, I was wondering if there is a auto script I could employ to restart the VPN when this happens. In effect, a script that will push the “Apply” button in the GL VPN menu (as this fixes the problem) - I searched online and found this:
In some cases openvpn hangs with log message like couldn’t resolve host. In this case tunnel stays up, but connection is lost.
It should be reconnected manually, with the following script
#!/bin/sh
n=10
while sleep 50; do
t=$(ping -c $n 8.8.8.8 | grep -o -E ‘\d+ packets r’ | grep -o -E ‘\d+’)
if [ “$t” -eq 0 ]; then
/etc/init.d/openvpn restart
fi
done
put into directory /etc/openvpn/reconnect.sh (chmod to 755) which is added to /etc/rc.local (ie. start-up) as /etc/openvpn/reconnect.sh &
Now, this seemed to be exactly what I needed but alas, it does not run - I believe it is simply a script error, something to do with the way GL starts the VPN differently from Luci. However, having spent a few hours going through the guts of the firmware in Luci and WinSCP, couldnlt find the correct command (to be honest, I did notreally understand the script other than “ping” and “openvpn restart”.
You’d better use "ping -I tun0 … " to ensure the ping will only use openvpn interface.
Seems you have a complicated ping. You can just try “ping -I tun0 -c5 -w5 8.8.8.8” and then just check “$?”. If ping failed it should be 1. If ping succeed, it should be 0
Use this one: /etc/init.d/startvpn restart
Openvpn has ping restart already in opvn file. There should be a line like: “ping-restart 5”. It will do this work automatically. Have you checked if this works?
Ok, I am still getting occasional problems - I played with various scripts but with little success.
Instead of doing this: /etc/init.d/startvpn restart
I am looking for a command that will do the same as logging into the GL interface and clicking on “apply” in the “OpenVPN” menu (as this fixes things when my VPN shows as connected but bandwidth is blocked).
>>>> There is configuration of the switch button to control vpn.
What script does moving the switch run and where to find it (which directory)?
Also, I want to replicate clicking “apply” in the UI > OpenVPN menu without actually logging in and physically clicking (ie. what script does this call?).
Sorry to revive this but I had another long play and had little luck getting a script to work.
Again here is the problem: after a random period of time the VPN seems to be connected but there is no connectivity (bandwidth) - I have to login to the router and click the “apply” button to re-establish.
I know the VPN ovpn file is supposed to “ping and keep-alive” (ping-restart) the connection, but I have tried three different providers and all have the same problem.
I tried something like this (please don’t laugh as I am a scripting newbie):
#!/bin/sh
sleep 60 #this was to stop the script pinging before the router had booted)
tries=1
while [ $tries -lt 4 ]; do
if ping -I tun0 -c2 -w10 8.8.8.8; then #when the ping fails I get the message “tun0 interface not found” and the script stops
sleep 30
else
tries=$((tries+1))
if [ $tries -eq 3 ]; then
tries=1 #reset try count so script can start from scratch again
killall openvpn
/etc/init.d/startvpn start
fi
fi
done
Alas, this (and other efforts) failed.
So… @ Alzhao - any chance of an option to run a VPN keep-alive (ping) script in the next firmware?
Hi Alzhao.
As I said, I am a novice and use WinSCP and the terminal window to start and monitor the script - it looked as if it was failing…but maybe not.
I only start the script when I get the aforementioned bandwidth block (yellow triangle on connection in Windows, although GL UCI still shows connected in the VPN menu). Note: I do not know how to test the script (make a ping fail) manually.
However, it does not work and goes into a loop - here is the output from the terminal window (which keeps repeating until I kill the script under “processes” in Luci):
Warning: Section @zone[1] (wan) cannot resolve device of network ‘modem’
Running script ‘/var/etc/shadowsocks.include’
! Skipping due to path error: No such file or directory
ping: bad address ‘tun0’
ping: bad address ‘tun0’
…and the output from the Luci system log (ditto, it keeps repeating):
Sun Aug 27 14:12:22 2017 daemon.warn openvpn[14618]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Aug 27 14:12:22 2017 daemon.notice openvpn[14618]: NOTE: --fast-io is disabled since we are not using UDP
Sun Aug 27 14:12:22 2017 daemon.notice openvpn[14618]: Outgoing Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication
Sun Aug 27 14:12:22 2017 daemon.notice openvpn[14618]: Incoming Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication
Sun Aug 27 14:12:22 2017 daemon.notice openvpn[14618]: TCP/UDP: Preserving recently used remote address: [AF_INET] (REDACTED)
Sun Aug 27 14:12:22 2017 daemon.notice openvpn[14618]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Sun Aug 27 14:12:22 2017 daemon.notice openvpn[14618]: Attempting to establish TCP connection with [AF_INET] (REDACTED) [nonblock]
Sun Aug 27 14:12:22 2017 daemon.notice openvpn[14545]: SIGTERM[hard,init_instance] received, process exiting
Sun Aug 27 14:12:22 2017 daemon.notice openvpn[14618]: SIGTERM[hard,init_instance] received, process exiting
Sun Aug 27 14:12:23 2017 daemon.notice openvpn[14690]: OpenVPN 2.4.3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Aug 27 14:12:23 2017 daemon.notice openvpn[14690]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08