OpenVPN Client / Notification when loosing public IP

[Emanuel Paul]

Hello

I have the problem, that a OpenVPN client on my RT-AC86U (Merlin 382.1_2) looses the public IP from time to time.

It would be a very good feature, to receive an email if this happens. Is there a possibility to set this up? Script?

Thanks in advance.

 

[Martineau]

I have the problem, that a OpenVPN client on my RT-AC86U (Merlin 382.1_2) looses the public IP from time to time.

It would be a very good feature, to receive an email if this happens.

Is there a possibility to set this up?
Script?

Something like this?​

#!/bin/sh
VER="v1.01b"
#=========================================================================
#
# Check Public WAN IP of the VPN Client
#
#     ChkVPNIP     { 'vpn_client_id' }  [ curl ]
#
#     ChkVPNIP     1
#                  Check status of VPN Client 1 using 'STUN' method
#     ChkVPNIP     1 curl
#                  Check status of VPN Client 1 using 'curl' method

SendMail(){
    # Use e-mail method of your choice......
             #=====>>>     insert code here   <<<=====#
    return 0
}

#=====================================Main==============================

VPN_ID=$1
VPN_WANIP=

echo -e
logger -st "($(basename $0))" $$ $VER "VPN Public WAN IP checker....."
echo -e

if [ ! -z "$1" ];then
    if  [ "$(nvram get "vpn_client"$VPN_ID"_state")" == "2" ];then
        if [ "$2" != "curl" ];then
            if [ -f /usr/sbin/gettunnelip.sh ];then
                sh /usr/sbin/gettunnelip.sh ${VPN_ID}
                VPN_WANIP="$(nvram get vpn_client${VPN_ID}_rip)"
            fi
        fi
        if [ -z "$VPN_WANIP" ];then
            VPN_WANIP=$(curl --connect-timeout 5 -s --interface "tun1"${VPN_ID} "http://ipecho.net/plain")
        fi
        if [ -z "$VPN_WANIP" ];then
            logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "lost it's public WAN IP address"
            SendMail
        else
           logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "public WAN IP is"  $VPN_WANIP
        fi
    else
        echo -e "\a"
        logger -st "($(basename $0))" $$ "***ERROR*** VPN Client" $VPN_ID "isn't connected!"
    fi
else
    echo -e "\a"
    logger -st "($(basename $0))" $$ "***ERROR*** Missing arg1 vpn_id e.g. 1,2,3,4 or 5"
fi

echo -e


exit 0

​

 

[Emanuel Paul]

Thank you. Looks like what I was searching for. To be honest, I don't have a clue about things like this. Is there anywhere a tutorial for the needed e-mail code? And where do I have to add the whole code?

 

[Martineau]

Thank you. Looks like what I was searching for. To be honest, I don't have a clue about things like this. Is there anywhere a tutorial for the needed e-mail code? And where do I have to add the whole code?

There are examples here
RMerlin Wiki

 

[Emanuel Paul]

Thanks. Found this

#!/bin/sh
FROM="your-gmail-address"
AUTH="your-gmail-username"
PASS="your-gmail-password"
FROMNAME="Your Router"
TO="your-email-address"
ntpclient -h pool.ntp.org -s &> /dev/null
sleep 5
echo "Subject: WAN state notification" >/tmp/mail.txt
echo "From: "\"$FROMNAME\"" \"<$FROM>\"" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "I just got connected to the internet." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "My WAN IP is: `nvram get wan0_ipaddr`" >>/tmp/mail.txt
echo "Uptime is: `uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---- " >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp.gmail.com:587 -tls1 -starttls smtp" \
-f"$FROM" \
-au"$AUTH" -ap"$PASS" $TO
rm /tmp/mail.txt
​

But only found code to send mail after router is booting. Is it the same for my use?

 

[Martineau]

Thanks. Found this

#!/bin/sh
FROM="your-gmail-address"
AUTH="your-gmail-username"
PASS="your-gmail-password"
FROMNAME="Your Router"
TO="your-email-address"
ntpclient -h pool.ntp.org -s &> /dev/null
sleep 5
echo "Subject: WAN state notification" >/tmp/mail.txt
echo "From: "\"$FROMNAME\"" \"<$FROM>\"" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "I just got connected to the internet." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "My WAN IP is: `nvram get wan0_ipaddr`" >>/tmp/mail.txt
echo "Uptime is: `uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---- " >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp.gmail.com:587 -tls1 -starttls smtp" \
-f"$FROM" \
-au"$AUTH" -ap"$PASS" $TO
rm /tmp/mail.txt
​

But only found code to send mail after router is booting. Is it the same for my use?

Yes. ....assuming you have a Google Gmail account.

You will probably need to alter the Subject line, and also modify the body of the email, then simply copy 'n'paste it into the script where indicated, but don't copy these three lines:

#!/bin/sh

ntpclient -h pool.ntp.org -s &> /dev/null
sleep 5

​

 

[Emanuel Paul]

Did the changes. Saved the file with Notepad++ as linus script (.sh). Copied it to /jffs/scripts on the router. Then activated it with "chmod a+rx /jffs/scripts/*", activated "Enable JFFS custom scripts and configs" in the router and rebooted the router.

Is there a way to test if it works?

 

[Martineau]

Did the changes. Saved the file with Notepad++ as linus script (.sh). Copied it to /jffs/scripts on the router. Then activated it with "chmod a+rx /jffs/scripts/*", activated "Enable JFFS custom scripts and configs" in the router and rebooted the router.

Is there a way to test if it works?

Indeed assuming your script is called 'ChkVPNIP.sh' and you are testing VPN Client 3

cd /jffs/scripts

./ChkVPNIP.sh   3

P.S. You could also temporarily add a line to call the SendMail routine when it retrieves the public IP just to test that the email works!

 

[Emanuel Paul]

Hello

Have you edited your last post? Because in the email I recieved it was the following:

Indeed
cd /jffs/scripts

./ChkVPNConfig.sh
Hopefully the screen shows a report, and you can now also check the logging messages in Syslog
e.g. to see if the script has actually executed
grep -i chkvpnconfig.sh /tmp/syslog.log
So now you need to schedule the script to run at regular intervals
e.g. every hour
cru l

cru a Track_VPN_Config "0 */1 * * * /jffs/scripts/ChkVPNConfig.sh

cru l
So should be able to issue the Syslog scanning debugging commands to quickly make a visual comparison to see if the lines reported change
So for detailed debugging, issue
grep -i summary: /tmp/syslog.log
grep -i vpnroutes: /tmp/syslog.log​

But anyway. My file is called ChkVPNConfig.sh but after "cd /jffs/scripts" "./ChkVPNConfig.sh" gives me a "not found". Also "./ChkVPNConfig.sh 2" gives me a "not found". I use VPN Client 2.

If I do "ls" the file is listed...

 

[Martineau]

Have you edited your last post? Because in the email I recieved it was the following:

Indeed
cd /jffs/scripts

./ChkVPNConfig.sh
Hopefully the screen shows a report, and you can now also check the logging messages in Syslog
e.g. to see if the script has actually executed​

​

Weird the post you have quoted was a reply I created for a different thread

But anyway. My file is called ChkVPNConfig.sh but after "cd /jffs/scripts" "./ChkVPNConfig.sh" gives me a "not found". Also "./ChkVPNConfig.sh 2" gives me a "not found". I use VPN Client 2.

If I do "ls" the file is listed...

​

Your script should be called ChkVPNIP.sh

You have probably used a non Unix file editor to create the script

Try converting the script to Unix format

dos2unix   /jffs/scripts/ChkVPNIP.sh

 

[Emanuel Paul]

That's strange...

Intresting. I created the script with Notepad++ and saved it as "Unix script file", but only after the dos2unix it works...If I execute it, it shows my the public IP of VPN Client 2.

Now hopefully the last question:
How does the line look like I can temporarily add to send mail when the public IP is found? And where do I have to add it in the script?

 

[Martineau]

That's strange...

Intresting. I created the script with Notepad++ and saved it as "Unix script file", but only after the dos2unix it works...If I execute it, it shows my the public IP of VPN Client 2.

Now hopefully the last question:
How does the line look like I can temporarily add to send mail when the public IP is found? And where do I have to add it in the script?

Change

if [ -z "$VPN_WANIP" ];then
   logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "lost it's public WAN IP address"
   SendMail
else
   logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "public WAN IP is"  $VPN_WANIP
fi

to

if [ -z "$VPN_WANIP" ];then
   logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "lost it's public WAN IP address"
   SendMail
else
   logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "public WAN IP is"  $VPN_WANIP
   SendMail                                                                              # <<===== Temporarily add this line =====
fi

Once you have proved the script monitoring/email works, you will need to schedule the script using cru/cron
e.g. every hour

cru a CheckVPNIP "0 * * * * /jffs/scripts/ChkVPNIP.sh"

or change the frequency to whatever interval that meets your requirements.

 

[Emanuel Paul]

The email seems to work. Thank you very much.

Tried to get information about the needed cron job. Found one that says, that the cron job needs to be placed at "/var/spool/cron/crontabs/" , the other says that it has to be added into the user script. Which is true for me?

About the frequency I found informations that there have to be six fields. Is there a difference to your code, which only contains five fields?

If I use six fields I think it should be like this to check every half hour:

cru a CheckVPNIP "30 * * * * * /jffs/scripts/ChkVPNIP.sh"

 

[Martineau]

The email seems to work. Thank you very much.

Tried to get information about the needed cron job.

About the frequency I found informations that there have to be six fields.

Hmm, strange....
​

What do the FIVE Cron fields mean?

Is there a difference to your code, which only contains five fields?

If I use six fields I think it should be like this to check every half hour:

cru a CheckVPNIP "30 * * * * * /jffs/scripts/ChkVPNIP.sh"

Very easy Cron command generator

 

[Emanuel Paul]

Ok. In this case it will be:

#!/bin/sh

cru a CheckVPNIP "30 * *  * * /jffs/scripts/ChkVPNIP.sh"

And it should be placed under "/var/spool/cron/crontabs/", right? Is there any restriction to the filename, except saving it as unix script file? I would name it cronjobs.sh

 

[Martineau]

Ok. In this case it will be:

#!/bin/sh

cru a CheckVPNIP "30 * *  * * /jffs/scripts/ChkVPNIP.sh"

And it should be placed under "/var/spool/cron/crontabs/", right? Is there any restriction to the filename, except saving it as unix script file? I would name it cronjobs.sh

The router firmware uses the 'cru' command to make it easier for novices to manage crontab.

Having manually issued the above command issue the list command

cru   l

30 * * * * /jffs/scripts/ChkVPNIP.sh #CheckVPNIP#

The schedule identifier tag is shown between the '#' characters and is used to delete the scheduled task
e.g.

cru   d    CheckVPNIP

Is there any restriction to the filename, except saving it as unix script file?

I would name it cronjobs.sh

'cronjobs.sh' is fine but you will need to call it from init-start if you want it to run after every boot.

see Wiki/documentation for Asuswrt-merlin
​

 

[Emanuel Paul]

Ok. So the file is the following?

#!/bin/sh
cru   l

30 * * * * /jffs/scripts/ChkVPNIP.sh #CheckVPNIP#

What do you mean with "delete the scheduled task"? The scheduled task is the code, not?

And what for it this then?

cru   d    CheckVPNIP

Sorry, but it seems that I'm even not a novice

 

[Martineau]

Ok. So the file is the following?

#!/bin/sh
cru   l

30 * * * * /jffs/scripts/ChkVPNIP.sh #CheckVPNIP#

What do you mean with "delete the scheduled task"? The scheduled task is the code, not?

And what for it this then?

cru   d    CheckVPNIP

Sorry, but it seems that I'm even not a novice

Suppose you decide to change your mind and decide that every 30mins isn't appropriate, you would need to delete the current schedule and resubmit a modified 'cru a' command with your new schedule.

 

[Emanuel Paul]

Thanks for the link again. I checked the Wiki but for a novice it's hard to find the needed information. If you don't know, what you are looking for...And under cronjobs is not much information useful for me, as I found out.

Ok. Please let's first do the code for the file, which I place at "/jffs/scripts/init-start". Is it this or not?

#!/bin/sh

cru a CheckVPNIP "30 * *  * * /jffs/scripts/ChkVPNIP.sh"

Just for my understanding because I don't think that I need the manual codes when I have set up a cron script...

This code does the same, entered in command line, but only until the next reboot. Right?

cru   l

30 * * * * /jffs/scripts/ChkVPNIP.sh #CheckVPNIP#

And this code entered in command line does stop the manually code from working before a reboot, Right?

cru   d    CheckVPNIP

But if there is a script and I decide to change the time, I have to change the script and after the next reboot the changes are active, right?

 

[Emanuel Paul]

Hello again.

I tested the scripts the last days. Something does not work.

in /jffs/scripts/ I have the following script (with correct and tested email credentials):

#!/bin/sh
VER="v1.01b"
#=========================================================================
#
# Check Public WAN IP of the VPN Client
#
#     ChkVPNIP     { 'vpn_client_id' }  [ curl ]
#
#     ChkVPNIP     1
#                  Check status of VPN Client 1 using 'STUN' method
#     ChkVPNIP     1 curl
#                  Check status of VPN Client 1 using 'curl' method

SendMail(){
             FROM="xxxxxxxx"
             AUTH="xxxxxxxx"
             PASS="xxxxxxxx"
             FROMNAME="RT-AC86U"
             TO="xxxxxxxx"
             echo "Subject: Public IP notification" >/tmp/mail.txt
             echo "From: "\"$FROMNAME\"" \"<$FROM>\"" >>/tmp/mail.txt
             echo "Date: `date -R`" >>/tmp/mail.txt
             echo "" >>/tmp/mail.txt
             echo "I just lost my public IP on OpenVPN." >>/tmp/mail.txt
             echo "" >>/tmp/mail.txt
             echo "---- " >>/tmp/mail.txt
             echo "Your friendly router." >>/tmp/mail.txt
             echo "" >>/tmp/mail.txt
             cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
             -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
             -connect smtp.gmail.com:587 -tls1 -starttls smtp" \
             -f"$FROM" \
             -au"$AUTH" -ap"$PASS" $TO
             rm /tmp/mail.txt
    return 0
}

#=====================================Main==============================

VPN_ID=$1
VPN_WANIP=

echo -e
logger -st "($(basename $0))" $$ $VER "VPN Public WAN IP checker....."
echo -e

if [ ! -z "$1" ];then
    if  [ "$(nvram get "vpn_client"$VPN_ID"_state")" == "2" ];then
        if [ "$2" != "curl" ];then
            if [ -f /usr/sbin/gettunnelip.sh ];then
                sh /usr/sbin/gettunnelip.sh ${VPN_ID}
                VPN_WANIP="$(nvram get vpn_client${VPN_ID}_rip)"
            fi
        fi
        if [ -z "$VPN_WANIP" ];then
            VPN_WANIP=$(curl --connect-timeout 5 -s --interface "tun1"${VPN_ID} "http://ipecho.net/plain")
        fi
        if [ -z "$VPN_WANIP" ];then
            logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "lost it's public WAN IP address"
            SendMail
        else
           logger -st "($(basename $0))" $$ "VPN Client" $VPN_ID "public WAN IP is"  $VPN_WANIP
       SendMail            # <<===== Temporarily add this line =====
        fi
    else
        echo -e "\a"
        logger -st "($(basename $0))" $$ "***ERROR*** VPN Client" $VPN_ID "isn't connected!"
    fi
else
    echo -e "\a"
    logger -st "($(basename $0))" $$ "***ERROR*** Missing arg1 vpn_id e.g. 1,2,3,4 or 5"
fi

echo -e


exit 0

SendMail when publicIP is found is active, just to test, if its working. The script itself works and sends email when I manually start it with ./ChkVPNIP.sh 2.

under /jffs/scripts/init-start/ I have the following:

#!/bin/sh

cru a CheckVPNIP "15 * * * * /jffs/scripts/ChkVPNIP.sh"

But it seems that this does not start the ChkVPNIP.sh script...

What did I wrong?