1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN Client / Notification when loosing public IP

Discussion in 'Asuswrt-Merlin' started by Emanuel Paul, Feb 8, 2018.

Thread Status:
Not open for further replies.
  1. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    Hello

    I have the problem, that a OpenVPN client on my RT-AC86U (Merlin 382.1_2) looses the public IP from time to time.

    It would be a very good feature, to receive an email if this happens. Is there a possibility to set this up? Script?

    Thanks in advance.
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,560
    Location:
    UK
    Something like this?
    Code:
    #!/bin/sh
    VER="v1.01b"
    #=========================================================================
    #
    # Check Public WAN IP of the VPN Client
    #
    #     ChkVPNIP     { 'vpn_client_id' }  [ curl ]
    #
    #     ChkVPNIP     1
    #                  Check status of VPN Client 1 using 'STUN' method
    #     ChkVPNIP     1 curl
    #                  Check status of VPN Client 1 using 'curl' method
    
    SendMail(){
        # Use e-mail method of your choice......
                 #=====>>>     insert code here   <<<=====#
        return 0
    }
    
    #=====================================Main==============================
    
    VPN_ID=$1
    VPN_WANIP=
    
    echo -e
    logger -st "($(basename $0))" $$ $VER "VPN Public WAN IP checker....."
    echo -e
    
    if [ ! -z "$1" ];then
        if  [ "$(nvram get "vpn_client"$VPN_ID"_state")" == "2" ];then
            if [ "$2" != "curl" ];then
                if [ -f /usr/sbin/gettunnelip.sh ];then
                    sh /usr/sbin/gettunnelip.sh ${VPN_ID}
                    VPN_WANIP="$(nvram get vpn_client${VPN_ID}_rip)"
                fi
            fi
            if [ -z "$VPN_WANIP" ];then
                VPN_WANIP=$(curl --connect-timeout 5 -s --interface "tun1"${VPN_ID} "http://ipecho.net/plain")
            fi
            if [ -z "$VPN_WANIP" ];then
                logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "lost it's public WAN IP address"
                SendMail
            else
               logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "public WAN IP is"  $VPN_WANIP
            fi
        else
            echo -e "\a"
            logger -st "($(basename $0))" $$ "***ERROR*** VPN Client" $VPN_ID "isn't connected!"
        fi
    else
        echo -e "\a"
        logger -st "($(basename $0))" $$ "***ERROR*** Missing arg1 vpn_id e.g. 1,2,3,4 or 5"
    fi
    
    echo -e
    
    
    exit 0


     
  4. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    Thank you. Looks like what I was searching for. To be honest, I don't have a clue about things like this:). Is there anywhere a tutorial for the needed e-mail code? And where do I have to add the whole code?
     
  5. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,560
    Location:
    UK
    There are examples here
    RMerlin Wiki
     
  6. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    Thanks. Found this

    #!/bin/sh
    FROM="your-gmail-address"
    AUTH="your-gmail-username"
    PASS="your-gmail-password"
    FROMNAME="Your Router"
    TO="your-email-address"
    ntpclient -h pool.ntp.org -s &> /dev/null
    sleep 5
    echo "Subject: WAN state notification" >/tmp/mail.txt
    echo "From: "\"$FROMNAME\"" \"<$FROM>\"" >>/tmp/mail.txt
    echo "Date: `date -R`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "I just got connected to the internet." >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "My WAN IP is: `nvram get wan0_ipaddr`" >>/tmp/mail.txt
    echo "Uptime is: `uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "---- " >>/tmp/mail.txt
    echo "Your friendly router." >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
    -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
    -connect smtp.gmail.com:587 -tls1 -starttls smtp" \
    -f"$FROM" \
    -au"$AUTH" -ap"$PASS" $TO
    rm /tmp/mail.txt

    But only found code to send mail after router is booting. Is it the same for my use?
     
  7. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,560
    Location:
    UK
    Yes. ....assuming you have a Google Gmail account.

    You will probably need to alter the Subject line, and also modify the body of the email, then simply copy 'n'paste it into the script where indicated, but don't copy these three lines:
    Code:
    #!/bin/sh
    
    ntpclient -h pool.ntp.org -s &> /dev/null
    sleep 5
    
     
  8. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    Did the changes. Saved the file with Notepad++ as linus script (.sh). Copied it to /jffs/scripts on the router. Then activated it with "chmod a+rx /jffs/scripts/*", activated "Enable JFFS custom scripts and configs" in the router and rebooted the router.

    Is there a way to test if it works?
     
  9. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,560
    Location:
    UK
    Indeed assuming your script is called 'ChkVPNIP.sh' and you are testing VPN Client 3
    Code:
    cd /jffs/scripts
    
    ./ChkVPNIP.sh   3
    
    P.S. You could also temporarily add a line to call the SendMail routine when it retrieves the public IP just to test that the email works!
     
    Last edited: Feb 10, 2018
  10. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    Hello

    Have you edited your last post? Because in the email I recieved it was the following:

    Indeed
    cd /jffs/scripts

    ./ChkVPNConfig.sh
    Hopefully the screen shows a report, and you can now also check the logging messages in Syslog
    e.g. to see if the script has actually executed
    grep -i chkvpnconfig.sh /tmp/syslog.log
    So now you need to schedule the script to run at regular intervals
    e.g. every hour
    cru l

    cru a Track_VPN_Config "0 */1 * * * /jffs/scripts/ChkVPNConfig.sh

    cru l
    So should be able to issue the Syslog scanning debugging commands to quickly make a visual comparison to see if the lines reported change
    So for detailed debugging, issue
    grep -i summary: /tmp/syslog.log
    grep -i vpnroutes: /tmp/syslog.log

    But anyway. My file is called ChkVPNConfig.sh but after "cd /jffs/scripts" "./ChkVPNConfig.sh" gives me a "not found". Also "./ChkVPNConfig.sh 2" gives me a "not found". I use VPN Client 2.

    If I do "ls" the file is listed...
     
  11. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,560
    Location:
    UK

    Weird the post you have quoted was a reply I created for a different thread :eek::eek:o_Oo_O
    Your script should be called ChkVPNIP.sh

    You have probably used a non Unix file editor to create the script

    Try converting the script to Unix format

    Code:
    dos2unix   /jffs/scripts/ChkVPNIP.sh
     
  12. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    That's strange...

    Intresting. I created the script with Notepad++ and saved it as "Unix script file", but only after the dos2unix it works...If I execute it, it shows my the public IP of VPN Client 2.

    Now hopefully the last question:
    How does the line look like I can temporarily add to send mail when the public IP is found? And where do I have to add it in the script?
     
  13. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,560
    Location:
    UK
    Change
    Code:
    if [ -z "$VPN_WANIP" ];then
       logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "lost it's public WAN IP address"
       SendMail
    else
       logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "public WAN IP is"  $VPN_WANIP
    fi
    to
    Code:
    if [ -z "$VPN_WANIP" ];then
       logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "lost it's public WAN IP address"
       SendMail
    else
       logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "public WAN IP is"  $VPN_WANIP
       SendMail                                                                              # <<===== Temporarily add this line =====
    fi
    Once you have proved the script monitoring/email works, you will need to schedule the script using cru/cron
    e.g. every hour
    Code:
    cru a CheckVPNIP "0 * * * * /jffs/scripts/ChkVPNIP.sh"
    or change the frequency to whatever interval that meets your requirements.
     
    Last edited: Feb 11, 2018
  14. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    The email seems to work. Thank you very much.

    Tried to get information about the needed cron job. Found one that says, that the cron job needs to be placed at "/var/spool/cron/crontabs/" , the other says that it has to be added into the user script. Which is true for me?

    About the frequency I found informations that there have to be six fields. Is there a difference to your code, which only contains five fields?

    If I use six fields I think it should be like this to check every half hour:

    Code:
    cru a CheckVPNIP "30 * * * * * /jffs/scripts/ChkVPNIP.sh"
     
  15. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,560
    Location:
    UK

    Hmm, strange....:rolleyes:
    What do the FIVE Cron fields mean?
    Very easy Cron command generator
     
    Last edited: Feb 11, 2018
  16. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    Ok. In this case it will be:

    Code:
    #!/bin/sh
    
    cru a CheckVPNIP "30 * *  * * /jffs/scripts/ChkVPNIP.sh"
    
    
    And it should be placed under "/var/spool/cron/crontabs/", right? Is there any restriction to the filename, except saving it as unix script file? I would name it cronjobs.sh
     
  17. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,560
    Location:
    UK
    The router firmware uses the 'cru' command to make it easier for novices to manage crontab.

    Having manually issued the above command issue the list command
    Code:
    cru   l
    
    30 * * * * /jffs/scripts/ChkVPNIP.sh #CheckVPNIP#
    The schedule identifier tag is shown between the '#' characters and is used to delete the scheduled task
    e.g.
    Code:
    cru   d    CheckVPNIP

    'cronjobs.sh' is fine but you will need to call it from init-start if you want it to run after every boot.

    see Wiki/documentation for Asuswrt-merlin
     
    Last edited: Feb 12, 2018
  18. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    Ok. So the file is the following?

    Code:
    #!/bin/sh
    cru   l
    
    30 * * * * /jffs/scripts/ChkVPNIP.sh #CheckVPNIP#
    
    What do you mean with "delete the scheduled task"? The scheduled task is the code, not?

    And what for it this then?

    Code:
    cru   d    CheckVPNIP
    
    Sorry, but it seems that I'm even not a novice:)
     
  19. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,560
    Location:
    UK
    :rolleyes: Suppose you decide to change your mind and decide that every 30mins isn't appropriate, you would need to delete the current schedule and resubmit a modified 'cru a' command with your new schedule.
     
  20. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    Thanks for the link again. I checked the Wiki but for a novice it's hard to find the needed information. If you don't know, what you are looking for...And under cronjobs is not much information useful for me, as I found out.

    Ok. Please let's first do the code for the file, which I place at "/jffs/scripts/init-start". Is it this or not?

    Code:
    #!/bin/sh
    
    cru a CheckVPNIP "30 * *  * * /jffs/scripts/ChkVPNIP.sh"
    
    Just for my understanding because I don't think that I need the manual codes when I have set up a cron script...

    This code does the same, entered in command line, but only until the next reboot. Right?

    Code:
    cru   l
    
    30 * * * * /jffs/scripts/ChkVPNIP.sh #CheckVPNIP#
    And this code entered in command line does stop the manually code from working before a reboot, Right?

    Code:
    cru   d    CheckVPNIP
    But if there is a script and I decide to change the time, I have to change the script and after the next reboot the changes are active, right?
     
  21. Emanuel Paul

    Emanuel Paul Occasional Visitor

    Joined:
    Dec 15, 2017
    Messages:
    35
    Hello again.

    I tested the scripts the last days. Something does not work.

    in /jffs/scripts/ I have the following script (with correct and tested email credentials):

    Code:
    #!/bin/sh
    VER="v1.01b"
    #=========================================================================
    #
    # Check Public WAN IP of the VPN Client
    #
    #     ChkVPNIP     { 'vpn_client_id' }  [ curl ]
    #
    #     ChkVPNIP     1
    #                  Check status of VPN Client 1 using 'STUN' method
    #     ChkVPNIP     1 curl
    #                  Check status of VPN Client 1 using 'curl' method
    
    SendMail(){
                 FROM="xxxxxxxx"
                 AUTH="xxxxxxxx"
                 PASS="xxxxxxxx"
                 FROMNAME="RT-AC86U"
                 TO="xxxxxxxx"
                 echo "Subject: Public IP notification" >/tmp/mail.txt
                 echo "From: "\"$FROMNAME\"" \"<$FROM>\"" >>/tmp/mail.txt
                 echo "Date: `date -R`" >>/tmp/mail.txt
                 echo "" >>/tmp/mail.txt
                 echo "I just lost my public IP on OpenVPN." >>/tmp/mail.txt
                 echo "" >>/tmp/mail.txt
                 echo "---- " >>/tmp/mail.txt
                 echo "Your friendly router." >>/tmp/mail.txt
                 echo "" >>/tmp/mail.txt
                 cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
                 -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
                 -connect smtp.gmail.com:587 -tls1 -starttls smtp" \
                 -f"$FROM" \
                 -au"$AUTH" -ap"$PASS" $TO
                 rm /tmp/mail.txt
        return 0
    }
    
    #=====================================Main==============================
    
    VPN_ID=$1
    VPN_WANIP=
    
    echo -e
    logger -st "($(basename $0))" $$ $VER "VPN Public WAN IP checker....."
    echo -e
    
    if [ ! -z "$1" ];then
        if  [ "$(nvram get "vpn_client"$VPN_ID"_state")" == "2" ];then
            if [ "$2" != "curl" ];then
                if [ -f /usr/sbin/gettunnelip.sh ];then
                    sh /usr/sbin/gettunnelip.sh ${VPN_ID}
                    VPN_WANIP="$(nvram get vpn_client${VPN_ID}_rip)"
                fi
            fi
            if [ -z "$VPN_WANIP" ];then
                VPN_WANIP=$(curl --connect-timeout 5 -s --interface "tun1"${VPN_ID} "http://ipecho.net/plain")
            fi
            if [ -z "$VPN_WANIP" ];then
                logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "lost it's public WAN IP address"
                SendMail
            else
               logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "public WAN IP is"  $VPN_WANIP
           SendMail            # <<===== Temporarily add this line =====
            fi
        else
            echo -e "\a"
            logger -st "($(basename $0))" $$ "***ERROR*** VPN Client" $VPN_ID "isn't connected!"
        fi
    else
        echo -e "\a"
        logger -st "($(basename $0))" $$ "***ERROR*** Missing arg1 vpn_id e.g. 1,2,3,4 or 5"
    fi
    
    echo -e
    
    
    exit 0
    SendMail when publicIP is found is active, just to test, if its working. The script itself works and sends email when I manually start it with ./ChkVPNIP.sh 2.

    under /jffs/scripts/init-start/ I have the following:

    Code:
    #!/bin/sh
    
    cru a CheckVPNIP "15 * * * * /jffs/scripts/ChkVPNIP.sh"
    But it seems that this does not start the ChkVPNIP.sh script...

    What did I wrong?
     
Thread Status:
Not open for further replies.
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!