RTRMON RTRMON v1.6.9 -May 3, 2024- Monitor your Router's Health (New: AMTM, Network Conn/Bandwidth/Diag + Port Scanner, GT-AXE/AX + Speedtest)

[Viktor Jaep]

@bjark and @Stephen Harrington... you guys wouldn't happening to be running wireguard on these particular routers, are you?

The errors I'm seeing is where the router is failing to return a status code for each of the 5 VPN slots from NVRAM. I'm pretty sure they're supposed to be populated with 0's if they're not in use:

+ timeout 10 nvram get vpn_client1_state
+ VPNState=
+ [ -eq 2 ]
[: 2: unknown operand

It would be interesting if you can hop on SSH and send me the results of this command?

nvram get vpn_client1_state

 

[Viktor Jaep]

@bjark and @Stephen Harrington ... please download this version, and let me know if this fixes your issue?

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/RTRMON/master/rtrmon-1.57.sh" -o "/jffs/scripts/rtrmon.sh" && chmod 755 "/jffs/scripts/rtrmon.sh"

 

[Stephen Harrington]

please download this version, and let me know if this fixes your issue?

Yep, sure did!

you guys wouldn't happening to be running wireguard on these particular routers, are you?

Yep, Wireguard Server running and all 5 Wireguard client slots configured, Slot 1 currrently in use.

nvram get vpn_client1_state

returns nothing, nada, zilch!

Thanks for the quick response as always @Viktor Jaep, it was worth all cursing and swearing at an iPad in the airport trying to remotely get you the logs ...

 

[Viktor Jaep]

Yep, Wireguard Server running and all 5 Wireguard client slots configured, Slot 1 currrently in use.

nvram get vpn_client1_state

returns nothing, nada, zilch!

Wonder if that a new side effect of wireguard that I'll need to test for. @ZebMcKayhan, would you happen to know if when running wireguard, all OpenVPN nvram entries get blanked out on purpose?

Thanks for the quick response as always @Viktor Jaep, it was worth all cursing and swearing at an iPad in the airport trying to remotely get you the logs ...

As always! Thanks for providing these! I'm glad it didn't cause you to get unhinged on the flight! Lol. Would have been a great headline. "Rowdy passenger escorted off plane due to stress induced from shoddy connection remoting back into home router from iPad."

 

[visortgw]

As always! Thanks for providing these! I'm glad it didn't cause you to get unhinged on the flight! Lol. Would have been a great headline. "Rowdy passenger escorted off plane due to stress induced from shoddy connection remoting back into home router from iPad."

@Stephen Harrington might have been better of waiting to use inflight WiFi — it is often better than airport WiFi.

 

[zephyr325]

I've scanned through this thread but might have missed it - is it possible to get stats from the command line rather than fully launching into the rtrmon program? The reason I ask is I've struggled to come up with an easy way to get some basic stats that SNMP would provide (like CPU / RAM / disk usage, interface bandwidth usage, etc.) since ASUS/Merlin dropped the ability to run the normal SNMPD daemon. So is it / would it be possible to have rtrmon run periodically (like through cron), and create those kinds of stats that could be piped to a file and scooped up to be ingested into my home monitoring setup (current running Nagios, switching over to a TICK stack)?

 

[ZebMcKayhan]

Wonder if that a new side effect of wireguard that I'll need to test for. @ZebMcKayhan, would you happen to know if when running wireguard, all OpenVPN nvram entries get blanked out on purpose?

I dont see why they would be blanked on purpose, but they may not be used. If the have never been used it may return nothing as nothing have set it to something?. I have never setup any Ovpn server only wg server and clients and my nvram gives:

admin@RT-AX86U_Pro:/tmp/home/root# nvram show | grep vpn_client1_state
vpn_client1_state=
size: 80027 bytes (116581 left)

Wireguard state is alittle tricky since it is kind of state-less by nature. Maybe thats why these files are here:

admin@RT-AX86U_Pro:/tmp/home/root# cd /etc/wg
admin@RT-AX86U_Pro:/tmp/etc/wg# ls
dns1.sh               wgc1_route
fw_wgc1.sh            wgc1_status
fw_wgc1_nat.sh        wgc2_status
fw_wgs1.sh            wgc3_status
fw_wgs1_nat6.sh       wgc4_status
server1_client1.conf  wgc5_status
server1_client1.png   wgs1.log
vpndirector1          wgs1_c1_hndnet
wgc1.log              wgs1_c1_route
admin@RT-AX86U_Pro:/tmp/etc/wg# cat /etc/wg/wgc1_status
  latest handshake: 27 seconds ago. (sec:27)
admin@RT-AX86U_Pro:/tmp/etc/wg#

Tracking latest handshake may be how the firmware does this. Its only reliable if persistant keepalive option is used though.

When I setup my vps and wg server on router to connect out this was never even populated, and I mistakenly thought there were something wrong. But after a first ping it starts to show. So, some user data is needed. After adding persistant keepalive its no issue.

Edit: there are nothing in "wireguard.c" that touches this variable what I could se. But it could always be done elsewere I guess. But wouldnt it be wierd for Wireguard to touch this? I mean different type of connections could co-exist.

 

[Viktor Jaep]

I dont see why they would be blanked on purpose, but they may not be used. If the have never been used it may return nothing as nothing have set it to something?. I have never setup any Ovpn server only wg server and clients and my nvram gives:

admin@RT-AX86U_Pro:/tmp/home/root# nvram show | grep vpn_client1_state
vpn_client1_state=
size: 80027 bytes (116581 left)

Wireguard state is alittle tricky since it is kind of state-less by nature. Maybe thats why these files are here:

admin@RT-AX86U_Pro:/tmp/home/root# cd /etc/wg
admin@RT-AX86U_Pro:/tmp/etc/wg# ls
dns1.sh               wgc1_route
fw_wgc1.sh            wgc1_status
fw_wgc1_nat.sh        wgc2_status
fw_wgs1.sh            wgc3_status
fw_wgs1_nat6.sh       wgc4_status
server1_client1.conf  wgc5_status
server1_client1.png   wgs1.log
vpndirector1          wgs1_c1_hndnet
wgc1.log              wgs1_c1_route
admin@RT-AX86U_Pro:/tmp/etc/wg# cat /etc/wg/wgc1_status
  latest handshake: 27 seconds ago. (sec:27)
admin@RT-AX86U_Pro:/tmp/etc/wg#

Tracking latest handshake may be how the firmware does this. Its only reliable if persistant keepalive option is used though.

When I setup my vps and wg server on router to connect out this was never even populated, and I mistakenly thought there were something wrong. But after a first ping it starts to show. So, some user data is needed. After adding persistant keepalive its no issue.

Edit: there are nothing in "wireguard.c" that touches this variable what I could se. But it could always be done elsewere I guess. But wouldnt it be wierd for Wireguard to touch this? I mean different type of connections could co-exist.

I really appreciate you looking into this... yeah, since this is from 2 different people, one AX86U, one AC86U... unless openvpn was just never ever run or setup on these machines, I suppose that could be the case too. I just always thought these values were pre-loaded with something, like "0". Learn something new every day! LOL

I'm looking forward diving more into WG to see if VPNMON would provide some basic monitoring... sounds like it will be a challenge!

 

[Viktor Jaep]

I've scanned through this thread but might have missed it - is it possible to get stats from the command line rather than fully launching into the rtrmon program? The reason I ask is I've struggled to come up with an easy way to get some basic stats that SNMP would provide (like CPU / RAM / disk usage, interface bandwidth usage, etc.) since ASUS/Merlin dropped the ability to run the normal SNMPD daemon. So is it / would it be possible to have rtrmon run periodically (like through cron), and create those kinds of stats that could be piped to a file and scooped up to be ingested into my home monitoring setup (current running Nagios, switching over to a TICK stack)?

Out of the box, RTRMON doesn't do anything like this... it would need to be built. You can certainly pull some of those functions out of RTRMON since I did a lot of the work finding out where they live, and build a script that would generate this data? If you succeed, please let me know! Would love to learn more about your home monitoring automation as well!

 

[Viktor Jaep]

Fixed that issue with NVRAM vpn slot variables returning nulls... enjoy!

What's new?
v1.57 - (September 12, 2023)
- FIXED: Issue where on certain routers, whether it was a new install, or perhaps openvpn was never configured, or perhaps only wireguard was being used, needless to say, the NVRAM variables for all 5 openvpn slots were returning null values, instead of an expected 0. This was causing all kinds of math errors! Stay in skool kids, learn that maths! Now assumes a zero if it returns null.

Download link (or update directly within AMTM/Update menu within RTRMON)

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/RTRMON/master/rtrmon-1.57.sh" -o "/jffs/scripts/rtrmon.sh" && chmod 755 "/jffs/scripts/rtrmon.sh"

 

[ZebMcKayhan]

I'm looking forward diving more into WG to see if VPNMON would provide some basic monitoring... sounds like it will be a challenge!

Naah, its only challanging when you try to visualize something that does not exist.
The firmware uses persistent keepalive so it should be reliable to show as connected as long as the handshake is below 3min. The firmware wg userspace tool already provides all you need:

admin@RT-AX86U_Pro:/tmp/home/root# wg show
interface: wgc1
  public key: (hidden by me)
  private key: (hidden)
  listening port: <port>

peer: (hidden by me)
  endpoint: <ipv4>:<port>
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 41 seconds ago. (sec:41)
  transfer: 40.95 GiB received, 4.30 GiB sent
  persistent keepalive: every 25 seconds

interface: wgs1
  public key: (hidden by me)
  private key: (hidden)
  listening port: <port>

peer: (hidden by me)
  preshared key: (hidden)
  endpoint: <vps ipv4>:<port>
  allowed ips: 192.168.100.128/25
  latest handshake: 37 seconds ago. (sec:37)
  transfer: 641.96 MiB received, 162.45 MiB sent
  persistent keepalive: every 25 seconds
admin@RT-AX86U_Pro:/tmp/home/root#

Combined with the router nvram variables you could extract this data.

The wg userspace tool also allows you to get only the data you want, like:

admin@RT-AX86U_Pro:/tmp/home/root# wg show wgc1 latest-handshakes
(Hidden by me)   1694543139

 

[Stephen Harrington]

“Rowdy passenger escorted off plane due to stress induced from shoddy connection remoting back into home router from iPad."

Yes, I’m not that great doing complex tasks on a touch-screen at the best of times, and I was running out of time, but got there in the end. Interesting exercise anyway!

unless openvpn was just never ever run or setup on these machines, I suppose that could be the case too. I just always thought these values were pre-loaded with something, like "0".

That’s certainly not the case for my device. All OpenVPN client slots are configured and have been set to Service State ON at least once each to check connectivity, plus I was using slot 1 extensively (with vpnmon of course) up until about 4 months ago as my “daily driver”. Since then I’ve migrated across to Wireguard to get more speed and turned off OpenVPN slot 1 (and vpnmon/killmon) and then recently updated this RT-AX86U to 388.4. They would be the major changes I can think of anyway …

 

[Viktor Jaep]

Yes, I’m not that great doing complex tasks on a touch-screen at the best of times, and I was running out of time, but got there in the end. Interesting exercise anyway!

Many kudos to you!

That’s certainly not the case for my device. All OpenVPN client slots are configured and have been set to Service State ON at least once each to check connectivity, plus I was using slot 1 extensively (with vpnmon of course) up until about 4 months ago as my “daily driver”. Since then I’ve migrated across to Wireguard to get more speed and turned off OpenVPN slot 1 (and vpnmon/killmon) and then recently updated this RT-AX86U to 388.4. They would be the major changes I can think of anyway …

In that case, it must be the wireguard functionality that is clearing these values? Not a clue. I guess it shall remain a mystery!

 

[bibikalka]

Great tool!

I have a question - I did not find if it can monitor the health of the web interface. Can it?

Sometimes my router becomes flaky, and web interface in unavailable. I'd like to have a cron job check that somehow, and reboot the router when it happens. Thoughts?

 

[visortgw]

Great tool!

I have a question - I did not find if it can monitor the health of the web interface. Can it?

Sometimes my router becomes flaky, and web interface in unavailable. I'd like to have a cron job check that somehow, and reboot the router when it happens. Thoughts?

Try scMerlin option 3 to restart httpd. Another option is to execute service restart_httpd directly or via cron job.

 

[bibikalka]

Try scMerlin option 3 to restart httpd. Another option is to execute service restart_httpd directly or via cron job.

Right ... But I often can no longer ssh to the router when things go south. So I need something on the router to monitor the health of httpd, and if it's bad - the script should restart the router fully.

 

[visortgw]

Right ... But I often can no longer ssh to the router when things go south. So I need something on the router to monitor the health of httpd, and if it's bad - the script should restart the router fully.

If you cannot ssh to router, it is something beyond httpd. I'm not sure how you'd monitor for it. Might you possibly need cron job to perform periodic reboot (i.e., service reboot)?

 

[Viktor Jaep]

Great tool!

I have a question - I did not find if it can monitor the health of the web interface. Can it?

Sometimes my router becomes flaky, and web interface in unavailable. I'd like to have a cron job check that somehow, and reboot the router when it happens. Thoughts?

Really sounds to me like you need to do a complete wipe and set it back up from scratch to solve that issue...

 

[bibikalka]

If you cannot ssh to router, it is something beyond httpd. I'm not sure how you'd monitor for it. Might you possibly need cron job to perform periodic reboot (i.e., service reboot)?

Really sounds to me like you need to do a complete wipe and set it back up from scratch to solve that issue...

I think I've seen posts on this forum talking about unresponsive UI and having to push the button to reboot. I do have a nightly reboot already - but this happened even sooner, one time.

I am thinking now that a cron job can do something like this:

wget localhost/Main_Login.asp

And then I'd check the file and see if the server returned the page. If it did not - I'd call a reboot.

Regarding a fresh re-config, I am running Asus parental controls and time scheduling. So I feel the instability can be partially related to that. But I unless I re-do that setup, I am going to have to be putting band aids on top of a somewhat unstable 3rd party code that is AiProtection.

 

[Viktor Jaep]

I think I've seen posts on this forum talking about unresponsive UI and having to push the button to reboot. I do have a nightly reboot already - but this happened even sooner, one time.

I am thinking now that a cron job can do something like this:

wget localhost/Main_Login.asp

And then I'd check the file and see if the server returned the page. If it did not - I'd call a reboot.

Regarding a fresh re-config, I am running Asus parental controls and time scheduling. So I feel the instability can be partially related to that. But I unless I re-do that setup, I am going to have to be putting band aids on top of a somewhat unstable 3rd party code that is AiProtection.

Yeah, it may very well be AIprotection. I turn that stuff right away. I've had issues in the past with my old AC86U having an unresponsive UI, and I think what fixed it was disabling all the AIprotection crap, and really reducing the number of unnecessary scripts.