VPNMON VPNMON-R3 v1.3.3 -Apr 2, 2024- Monitor WAN/Dual-WAN/VPN Health & Reset Multiple OpenVPN Connections (Now available in AMTM!)

[nadieaqui]

Using Merlin Asuswrt(386.12_4), have openvpn configuration as rt-ac68u(client)<->rt-ac68u(server)
both routers get dynamic wan-ip from isp.
both routers have a dns host, e.g. client.asuscomm.com and server.asuscomm.com

What do I set for "Host IP to PING against" in configuration?
the script is prompting for an IP which may change on reboot.

appreciate any suggestions or work arounds. thank you in advance.

 

[CaptainSTX]

OK cool... glad you got it working again!


Would love to see a screenshot of what you see on your network map page if you would be so kind. I've never seen a setup with LAG before. But yeah, I'm not even looking at any LAN ports, just the WAN statuses... I'd be curious to see what NVRAM values are being populated for these "bond0"/"bond1" connections? Would you be willing to share some of your output by running:

nvram show | grep "bond0"
nvram show | grep "bond1"

Absolutely! Glad things are going well! Right now I've got 5 concurrent VPN connections going, 1 is for production, the other 4 are for testing, to keep putting VPNMON-R3 through its paces. Let me know if you notice anything else!

Here are the screen shots & files you asked for. Let me know if you want to see anything else.

 

[Viktor Jaep]

Using Merlin Asuswrt(386.12_4), have openvpn configuration as rt-ac68u(client)<->rt-ac68u(server)
both routers get dynamic wan-ip from isp.
both routers have a dns host, e.g. client.asuscomm.com and server.asuscomm.com

What do I set for "Host IP to PING against" in configuration?
the script is prompting for an IP which may change on reboot.

appreciate any suggestions or work arounds. thank you in advance.

It's configured by default to use 8.8.8.8 (google)... would that not work for you?

 

[Viktor Jaep]

Here are the screen shots & files you asked for. Let me know if you want to see anything else.

Thanks much!

 

[cohomology]

I swapped the flash drive with an ssd but it didn't help at all. It is still exetremly laggy for me unfortunately.

 

[Viktor Jaep]

I swapped the flash drive with an ssd but it didn't help at all. It is still exetremly laggy for me unfortunately.

Highly unusual... Can you share a screenshot of the results you are seeing in top/htop ordered by CPU%?

 

[cohomology]

Mem: 394580K used, 508940K free, 4336K shrd, 1284K buff, 52004K cached
CPU:  2.6% usr  3.9% sys  0.0% nic 93.2% idle  0.0% io  0.0% irq  0.1% sirq
Load average: 2.64 2.61 2.49 2/199 4731
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
 1188     1 admin    S    10368  1.1   1  2.4 /usr/sbin/awsiot
 1309     1 admin    S    18992  2.1   0  0.4 conn_diag
 1132     1 admin    S    11840  1.3   1  0.2 asd
  414     2 admin    SWN      0  0.0   2  0.2 [jffs2_gcd_mtd9]
 3478     1 admin    S    14148  1.5   1  0.2 networkmap
12399 12398 admin    S     4460  0.4   3  0.1 {wan-failover.sh} /bin/sh /jffs/scripts/wan-failover.sh run
 1225     1 admin    S    20032  2.2   2  0.1 httpds -s -i br0 -p 8443
 1330     1 admin    S    19876  2.2   0  0.1 cfg_server
    1     0 admin    S    14048  1.5   0  0.1 /sbin/init
26127     1 admin    S    19912  2.2   2  0.0 aaews --sdk_log_dir=/tmp
 1329  1309 admin    S    17820  1.9   3  0.0 amas_portstatus
 1236     1 admin    S    13052  1.4   3  0.0 watchdog
 1242     1 admin    S    12700  1.4   3  0.0 sw_devled
 1106     1 admin    S    12700  1.4   1  0.0 /sbin/wanduck
 1283     1 admin    S    12064  1.3   1  0.0 mastiff
 1185     1 admin    S     4928  0.5   0  0.0 /usr/sbin/wlc_nt
 3279  3263 admin    R     3424  0.3   1  0.0 top
    7     2 admin    SW       0  0.0   0  0.0 [rcu_preempt]
   35     2 admin    SW       0  0.0   0  0.0 [skb_free_task]
17261     2 admin    SW       0  0.0   0  0.0 [kworker/0:0]
 1353     1 admin    S    23924  2.6   2  0.0 amas_lib
 1305     1 admin    S    18872  2.0   0  0.0 roamast
  321     1 admin    S    18524  2.0   1  0.0 /bin/swmdk
 1179     1 admin    S    17428  1.9   3  0.0 wps_pbcd
 1139     1 admin    S    14748  1.6   1  0.0 /sbin/netool
 1150     1 admin    S    13936  1.5   0  0.0 nt_center
 1137     1 admin    S    13908  1.5   0  0.0 nt_monitor
 1239     1 admin    S    12700  1.4   3  0.0 alt_watchdog
 2537     1 admin    S    12700  1.4   2  0.0 usbled
 1246     1 admin    S    12700  1.4   0  0.0 amas_lanctrl
 1291     1 admin    S    12700  1.4   1  0.0 pctime
 1354     1 admin    S    12700  1.4   1  0.0 sched_daemon
 2726     1 admin    S    12700  1.4   1  0.0 pc_block
 1238     1 admin    S    12700  1.4   0  0.0 check_watchdog
 1140 21406 admin    S    12700  1.4   1  0.0 dhcpc_lease old 50:1e:2d:08:cf:de 192.168.50.159
24767     1 admin    S    12700  1.4   0  0.0 disk_monitor
 1184     1 admin    S    12700  1.4   0  0.0 wpsaide
 1284     1 admin    S    12700  1.4   2  0.0 bwdpi_check
 1310     1 admin    S    12700  1.4   3  0.0 amas_ssd_cd
 1226     1 admin    S    10696  1.1   0  0.0 httpd -i br0
23260     1 admin    S    10148  1.1   3  0.0 /usr/sbin/smbd -D -s /etc/smb.conf
23258     1 admin    S     9852  1.0   0  0.0 /usr/sbin/nmbd -D -s /etc/

 

[L&LD]

@cohomology, your router doesn't seem to be in a good/known state. Or, your usage method isn't what the router/best practices expect.

It may be time for a full reset and a clean setup (no saved backup config files, do not insert the USB drive that was previously used for amtm/scripts before formatting to NTFS on a PC).

 

[cohomology]

@cohomology, your router doesn't seem to be in a good/known state. Or, your usage method isn't what the router/best practices expect.

It may be time for a full reset and a clean setup (no saved backup config files, do not insert the USB drive that was previously used for amtm/scripts before formatting to NTFS on a PC).

This seems very intimidating

I have to put it off until I have a few days extra time to do it.

 

[L&LD]

Not intimidating at all.

A stable network is worth 15 minutes of your time.

 

[kuki68ster]

Highly unusual... Can you share a screenshot of the results you are seeing in top/htop ordered by CPU%?

Hi, I have been facing the same issue for a while now...Amtm gets laggy and VPNMON-R3 is super laggy...I am using a ssd (PNY 500GB Pro Elite V2 USB Type-C Portable SSD)...

 

[Viktor Jaep]

I swapped the flash drive with an ssd but it didn't help at all. It is still exetremly laggy for me unfortunately.

Could you try stopping wan-failover.sh to test out and see if that resolves the laggyness?

Also... that /usr/sbin/awsiot service seems to be consuming way more than I think it would normally... on my end, it's basically 0% usage. Unless you just happened to catch it in action or something?

Needless to say, as @L&LD said, there's something more going on here... These scripts aren't laggy, don't cause laggyness, and you can literally run dozens of these without any noticeable hit on your device. Either something wrong with your environment, which would necessitate a full reset, or there's an actual hardware issue.

Have you noticed any weird messages in your syslog?

 

[Viktor Jaep]

Hi, I have been facing the same issue for a while now...Amtm gets laggy and VPNMON-R3 is super laggy...I am using a ssd (PNY 500GB Pro Elite V2 USB Type-C Portable SSD)...

Do you have any usual messages in your syslog?

 

[kuki68ster]

Do you have any usual messages in your syslog?

Unusual? Nope...Everything is normal...

 

[Viktor Jaep]

Unusual? Nope...Everything is normal...

Anything usual in top/htop?

I am running Diversion, Skynet, Unbound, VPNMON-R3 with 5 simultaneous VPN connections, RTRMON, WXMON, PWRMON, KILLMON and BACKUPMON at all times... and have no issues with lag. I'm running this setup on both my GT-AX6000 and my RT-AC86U.

 

[salvo]

Few comments to -reset behaviour on VPNMON-R3 - v1.04b2

1. when using -reset switch there are sometimes situation that VPNx stays disconnected after switch routine finished. Mostly VPNs are all connected after -reset finishes.

2. Also, when -reset is started, the countdown continues until the end of the cycle (even the WAN check continues), shouldn't this countdown stop right after -reset is started?

 

[Viktor Jaep]

Few comments to -reset behaviour on VPNMON-R3 - v1.04b2

1. when using -reset switch there are sometimes situation that VPNx stays disconnected after switch routine finished. Mostly VPNs are all connected after -reset finishes.

View attachment 55683

2. Also, when -reset is started, the countdown continues until the end of the cycle (even the WAN check continues), shouldn't this countdown stop right after -reset is started?
View attachment 55684
View attachment 55686

I've noticed that sometimes VPN slots need a few attempts before they finally connect. Sometimes they say "authentication failure", other times their public IP is "unknown", all requiring a subsequent reset. Still working through some of this to see if anything can be done about this.

Right now it just checks to see if a reset is happening at the end of the cycle. Good suggestion... I'll check for it during the cycle, and have it exit out to the waiting screen.

 

[salvo]

Right now it just checks to see if a reset is happening at the end of the cycle. Good suggestion... I'll check for it during the cycle, and have it exit out to the waiting screen.

I seem to recall it was the same in R2, checking during cycle, wasn't it?

 

[nadieaqui]

It's configured by default to use 8.8.8.8 (google)... would that not work for you?

I tried the default (8.8.8.8). But the script disabled the openvpn client connection.

I thought maybe I am configuring the script wrong. So I thought "Host IP to PING against" refers to the vpn sever IP (which is a dynamic ip from isp).

Basically, I always have a good internet connection. But openvpn client does not always reconnect to openvpn server (running merlin on both routers).
I'm trying to use the script to monitor/reconnect openvpn client connection (merlin) to openvpn server(merlin)

Any suggestions? Thank you in advance.

 

[Viktor Jaep]

I tried the default (8.8.8.8). But the script disabled the openvpn client connection.

The script can't disable anything... if it can't reach 8.8.8.8, then it assumes the tunnel is down, and would try to reconnect. If you can ping 8.8.8.8 from a console on your router, then you should be fine.

I thought maybe I am configuring the script wrong. So I thought "Host IP to PING against" refers to the vpn sever IP (which is a dynamic ip from isp).

Nope... I would pick something out on the wide open internet that is fast, available and easy to get to.

Basically, I always have a good internet connection. But openvpn client does not always reconnect to openvpn server (running merlin on both routers).
I'm trying to use the script to monitor/reconnect openvpn client connection (merlin) to openvpn server(merlin)

That's exactly what this script can help with... each time your client gets knocked off, VPNMON-R3 will help get it reconnected.