OpenVPN Client / Notification when loosing public IP (2nd try)

[Emanuel Paul]

Hello

I started already a thread with this item. The way a member of this forum tried to help me was friendly in the beginning, but became offensive and insulting at the end...

So I hope to find other helpful users because I think that I'm just a small step away from the solution.

With the help out of the first thread I have the following set up now:

in directory "/jffs/scripts" (called ChkVPNIP.sh):

#!/bin/sh
VER="v1.01b"
#=========================================================================
#
# Check Public WAN IP of the VPN Client
#
#     ChkVPNIP     { 'vpn_client_id' }  [ curl ]
#
#     ChkVPNIP     1
#                  Check status of VPN Client 1 using 'STUN' method
#     ChkVPNIP     1 curl
#                  Check status of VPN Client 1 using 'curl' method

SendMail(){
             FROM="xxxxxxxx"
             AUTH="xxxxxxxx"
             PASS="xxxxxxxx"
             FROMNAME="RT-AC86U"
             TO="xxxxxxxx"
             echo "Subject: Public IP notification" >/tmp/mail.txt
             echo "From: "\"$FROMNAME\"" \"<$FROM>\"" >>/tmp/mail.txt
             echo "Date: `date -R`" >>/tmp/mail.txt
             echo "" >>/tmp/mail.txt
             echo "I just lost my public IP on OpenVPN." >>/tmp/mail.txt
             echo "" >>/tmp/mail.txt
             echo "---- " >>/tmp/mail.txt
             echo "Your friendly router." >>/tmp/mail.txt
             echo "" >>/tmp/mail.txt
             cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
             -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
             -connect smtp.gmail.com:587 -tls1 -starttls smtp" \
             -f"$FROM" \
             -au"$AUTH" -ap"$PASS" $TO
             rm /tmp/mail.txt
    return 0
}

#=====================================Main==============================

VPN_ID=$1
VPN_WANIP=

echo -e
logger -st "($(basename $0))" $$ $VER "VPN Public WAN IP checker....."
echo -e

if [ ! -z "$1" ];then
    if  [ "$(nvram get "vpn_client"$VPN_ID"_state")" == "2" ];then
        if [ "$2" != "curl" ];then
            if [ -f /usr/sbin/gettunnelip.sh ];then
                sh /usr/sbin/gettunnelip.sh ${VPN_ID}
                VPN_WANIP="$(nvram get vpn_client${VPN_ID}_rip)"
            fi
        fi
        if [ -z "$VPN_WANIP" ];then
            VPN_WANIP=$(curl --connect-timeout 5 -s --interface "tun1"${VPN_ID} "http://ipecho.net/plain")
        fi
        if [ -z "$VPN_WANIP" ];then
            logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "lost it's public WAN IP address"
            SendMail
        else
           logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "public WAN IP is"  $VPN_WANIP
            SendMail            # <<===== Temporarily add this line =====
        fi
    else
        echo -e "\a"
        logger -st "($(basename $0))" $$ "***ERROR*** VPN Client" $VPN_ID "isn't connected!"
    fi
else
    echo -e "\a"
    logger -st "($(basename $0))" $$ "***ERROR*** Missing arg1 vpn_id e.g. 1,2,3,4 or 5"
fi

echo -e


exit 0

in directory "/jffs/scripts/init-start" (called cronjobs.sh):

#!/bin/sh

cru a CheckVPNIP "15 * * * * /jffs/scripts/ChkVPNIP.sh"

The ChkVPNIP.sh works. I tested it manually. That's the reason why there is a SendMail even if the public IP is found. When everything works like I want, I will delete this line.

The problem is now, that cronjobs.sh is not executed every 15 minutes.

Would be very nice, if someone could tell me, how to fix that.

 

[gffmac]

Sorry I don't know a great deal about this but should it be.... in directory "/jffs/scripts" (called init-start)

I.e. script renamed.
Sent from my HTC 10 using Tapatalk

 

[ColinTaylor]

in directory "/jffs/scripts/init-start" (called cronjobs.sh):

/jffs/scripts/init-start is the name of a script not a directory. Delete the cronjobs.sh file and the init-start directory.

I suggest that using a services-start script would be better than init-start. So create a file called /jffs/scripts/services-start that contains the following:

#!/bin/sh

cru a CheckVPNIP "*/15 * * * * /jffs/scripts/ChkVPNIP.sh"

Remember to make services-start executable.

Reboot the router for it to take effect.

 

[Emanuel Paul]

Ok. Thank you. Now I think I understand better. Because of no file extension I always understood that init-start is a directory, but actually it should be a file called init-start.sh...

And according to ColinTaylor I have to create "services-start.sh" and insert the code in it.

I try that later.

 

[ColinTaylor]

Ok. Thank you. Now I think I understand better. Because of no file extension I always understood that init-start is a directory, but actually it should be a file called init-start.sh...

And according to ColinTaylor I have to create "services-start.sh" and insert the code in it.

I try that later.

Yes they are files, but no they don't end in ".sh". It is confusing because scripts usually end with ".sh", but these do not.

services-start.sh - wrong
services-start - right

 

[Emanuel Paul]

...you live, you learn...

would not have expected that there are files without extension.

 

[ColinTaylor]

would not have expected that there are files without extension.

Welcome to the world of Unix.

 

[Emanuel Paul]

Hallo again.

In the logs on the router I found this every 15 minutes:

Feb 21 05:45:00 crond[770]: USER emanuel pid 22430 cmd /jffs/scripts/ChkVPNIP.sh
Feb 21 05:45:00 (ChkVPNIP.sh): 22431 v1.01b VPN Public WAN IP checker.....
Feb 21 05:45:00 (ChkVPNIP.sh): 22431 ***ERROR*** Missing arg1 vpn_id e.g. 1,2,3,4 or 5

So it seems that the cronjob starts the script every 15 minutes.

Once again the script:

#!/bin/sh
VER="v1.01b"
#=========================================================================
#
# Check Public WAN IP of the VPN Client
#
#     ChkVPNIP     { 'vpn_client_id' }  [ curl ]
#
#     ChkVPNIP     1
#                  Check status of VPN Client 1 using 'STUN' method
#     ChkVPNIP     1 curl
#                  Check status of VPN Client 1 using 'curl' method

SendMail(){
             FROM=xxxxx
             AUTH=xxxxx
             PASS=xxxxx
             FROMNAME="RT-AC86U"
             TO=xxxxx
             echo "Subject: Public IP notification" >/tmp/mail.txt
             echo "From: "\"$FROMNAME\"" \"<$FROM>\"" >>/tmp/mail.txt
             echo "Date: `date -R`" >>/tmp/mail.txt
             echo "" >>/tmp/mail.txt
             echo "I just lost my public IP on OpenVPN." >>/tmp/mail.txt
             echo "" >>/tmp/mail.txt
             echo "---- " >>/tmp/mail.txt
             echo "Your friendly router." >>/tmp/mail.txt
             echo "" >>/tmp/mail.txt
             cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
             -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
             -connect smtp.gmail.com:587 -tls1 -starttls smtp" \
             -f"$FROM" \
             -au"$AUTH" -ap"$PASS" $TO
             rm /tmp/mail.txt
    return 0
}

#=====================================Main==============================

VPN_ID=$1
VPN_WANIP=

echo -e
logger -st "($(basename $0))" $$ $VER "VPN Public WAN IP checker....."
echo -e

if [ ! -z "$1" ];then
    if  [ "$(nvram get "vpn_client"$VPN_ID"_state")" == "2" ];then
        if [ "$2" != "curl" ];then
            if [ -f /usr/sbin/gettunnelip.sh ];then
                sh /usr/sbin/gettunnelip.sh ${VPN_ID}
                VPN_WANIP="$(nvram get vpn_client${VPN_ID}_rip)"
            fi
        fi
        if [ -z "$VPN_WANIP" ];then
            VPN_WANIP=$(curl --connect-timeout 5 -s --interface "tun1"${VPN_ID} "http://ipecho.net/plain")
        fi
        if [ -z "$VPN_WANIP" ];then
            logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "lost it's public WAN IP address"
            SendMail
        else
           logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "public WAN IP is"  $VPN_WANIP
       SendMail            # <<===== Temporarily add this line =====
        fi
    else
        echo -e "\a"
        logger -st "($(basename $0))" $$ "***ERROR*** VPN Client" $VPN_ID "isn't connected!"
    fi
else
    echo -e "\a"
    logger -st "($(basename $0))" $$ "***ERROR*** Missing arg1 vpn_id e.g. 1,2,3,4 or 5"
fi

echo -e


exit 0

Do I have to define the client I want have to be checked? In the script or in the cronjob?

 

[ColinTaylor]

Do I have to define the client I want have to be checked?

Yes, that's what the message is telling you. So you should change your services-start script as follows (assuming you are using VPN client #1):

#!/bin/sh

cru a CheckVPNIP "*/15 * * * * /jffs/scripts/ChkVPNIP.sh 1"

And then reboot the router.

 

[Emanuel Paul]

Very good. Thank you. It seems to work.

I've got a new idea. One thing is, to get the mail, when the public IP is lost. But that will lead me to login and restart the VPN client. Is it possible to add some code that will restart it when the IP is lost?

Or is that the wrong question and it would be better to find out, why the IP gets lost?

 

[ColinTaylor]

Best to find and fix the problem rather than restart it automatically IMHO.

 

[Jack Yaz]

service restart_vpnclient1

Replace 1 with the client number to restart

 

[Emanuel Paul]

Best to find and fix the problem rather than restart it automatically IMHO.

OK. So I wait until the IP gets lost and take a look into the logs. Perhaps I can find some information there...

I use two different VPN provider. The one where I loose the public IP shows normally the same pulbic IP and local IP. The other provider shows always different public and local IP's. Could this already be a hint to the problem?

 

[ColinTaylor]

I use two different VPN provider. The one where I loose the public IP shows normally the same pulbic IP and local IP. The other provider shows always different public and local IP's. Could this already be a hint to the problem?

Sorry, I have no idea. I don't use the VPN clients.