Periodical reboot of router only if there isn't traffic.

[chutiloco]

I have a router ASUS RT-A86U running with Asuswrt-Merlin FW 384.19.

I'm using a VPN provider and I realize that sometime my VPN connection is down because VPN server connected is down. VPN provider ensure me that when there are doing planned maintenance of a server, weeks in advance they remove this server from list of available server but that is applicable for new connection, old connection like routers will not be refreshed.

To solve it, my plan is to reboot the router periodically, but I will like reboot is trigger only if there isn't traffic for one hour in advance, to ensure I don't interrupt connetivity to any user or download on going. Where can I read traffic statistics so I can include it in my reboot script?

Thanks

 

[ColinTaylor]

I guess at the most basic level you could look at the interface statistics. So for example, if you were using VPN Client #1 over a TUN connection it would be tun11:

# ifconfig tun11
tun11     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.5  P-t-P:10.8.0.5  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:370778 errors:0 dropped:0 overruns:0 frame:0
          TX packets:219379 errors:0 dropped:1465 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:465617955 (444.0 MiB)  TX bytes:85797148 (81.8 MiB)

I'd suggest you monitor the "RX packets".

 

[Piotrek]

Asuswrt-Merlin FW 384.19

It is very old. Please update firmware.
Look for addons:

Asuswrt-Merlin Addon Software Catalog

Asus-Merlin Addon Software Catalog This sticky post functions as a software catalog (with links to threads, scripts, and author names), grouped by functionality, to make it easier for Asus-Merlin users to find and install addons for their Asus routers without having to search through massive...

www.snbforums.com

 

[Viktor Jaep]

I have a router ASUS RT-A86U running with Asuswrt-Merlin FW 384.19.

I'm using a VPN provider and I realize that sometime my VPN connection is down because VPN server connected is down. VPN provider ensure me that when there are doing planned maintenance of a server, weeks in advance they remove this server from list of available server but that is applicable for new connection, old connection like routers will not be refreshed.

To solve it, my plan is to reboot the router periodically, but I will like reboot is trigger only if there isn't traffic for one hour in advance, to ensure I don't interrupt connetivity to any user or download on going. Where can I read traffic statistics so I can include it in my reboot script?

Thanks

Why go through all this trouble? This is the reason VPNMON-R2 exists...

 

[ColinTaylor]

Why go through all this trouble? This is the reason VPNMON-R2 exists...

Maybe because he doesn't want to install Entware on a USB drive and a 5600+ line script?

 

[Viktor Jaep]

Maybe because he doesn't want to install Entware on a USB drive and a 5600+ line script?

Are you really calling my script, FAT!?

Maybe he didn't know that this option was even around, and is now totally onboard with installing Entware on a USB drive!

 

[L&LD]

@chutiloco, you are running an ancient firmware on your RT-AC86U. Very insecure today.

Download | Asuswrt-Merlin

asuswrt-merlin.net

After updating the firmware to current levels, be sure you do a full reset to factory defaults, after removing any USB drives and rebooting the router first, and do not re-insert the USB drive if it has been used for any amtm/scripts use. Do not use a saved backup config file to configure the router. Do a minimal and manual configuration after the full reset to secure the router and connect to your ISP.

 

[chutiloco]

I guess at the most basic level you could look at the interface statistics. So for example, if you were using VPN Client #1 over a TUN connection it would be tun11:

# ifconfig tun11
tun11     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.5  P-t-P:10.8.0.5  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:370778 errors:0 dropped:0 overruns:0 frame:0
          TX packets:219379 errors:0 dropped:1465 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:465617955 (444.0 MiB)  TX bytes:85797148 (81.8 MiB)

I'd suggest you monitor the "RX packets".

Thanks, perfect, it's what I was looking for. I will execute in my script ifconfig with one hour of difference, if delta (RX+TX) is below 10 MiB, reboot will be execute

It is very old. Please update firmware.
Look for addons:

Asuswrt-Merlin Addon Software Catalog

Asus-Merlin Addon Software Catalog This sticky post functions as a software catalog (with links to threads, scripts, and author names), grouped by functionality, to make it easier for Asus-Merlin users to find and install addons for their Asus routers without having to search through massive...

www.snbforums.com

WoW, I didn't know Asus Merlin started with add-on setups. It's quite interesting but I haven't so much time to upgrade SW and test add on. Router works fantastic as it's. If it works don't touch it!

Why go through all this trouble? This is the reason VPNMON-R2 exists...

Awesome, that's pro level. Same issue, I haven't time to investigate it. I prefer to execute my easier solution.

Thanks all!

 

[chutiloco]

@chutiloco, you are running an ancient firmware on your RT-AC86U. Very insecure today.

Download | Asuswrt-Merlin

asuswrt-merlin.net

After updating the firmware to current levels, be sure you do a full reset to factory defaults, after removing any USB drives and rebooting the router first, and do not re-insert the USB drive if it has been used for any amtm/scripts use. Do not use a saved backup config file to configure the router. Do a minimal and manual configuration after the full reset to secure the router and connect to your ISP.

Why is so insecure? Note my router is used behind ISP router, so I assume it isn't exposed to internet.

 

[L&LD]

Doesn't need to be exposed to the internet to be/get infected. And, running in router mode, it is exposed to the internet in any case.

And if you want to have a crack at current scripts, that is another reason to keep it updated too.

 

[Piotrek]

Why is so insecure? Note my router is used behind ISP router, so I assume it isn't exposed to internet.

The firmware is almost 3 years old - during this time a number of bugs were fixed (not only security), drivers were updated, new functions were added, etc. Have you updated any drivers or operating system (eg. Windows or Android or iOS or MacOS) or applications in your computer or phone in the last 3 years?

 

[Nas.CloudBusinessPortal]

Are you really calling my script, FAT!?

Lol

 

[chutiloco]

Here attached 3 scripts I have included in my router.

1)
In /jffs/scripts/init-start I have included two line in order to setup cron for my two scripts. It's needed because crond setup file is delete after each reboot. So in this script I setup cron task for my two scripts

2)
/jffs/scripts/monthly_reboot.sh First saturday of each month, it reset router between 1:30 am and 7:00 am if during 60 min there isn't traffic in main interface "eth0". Note cron execute from day 1 to 7 of the months, and script filter for Saturday.

3)
/jffs/scripts/VPN_reset.sh It reset daily my two VPN clients at 1:25 am if during 60 min there isn't traffic in tunnels. Note order of reset is relevant, VPN client 1 is the last to reset, if not it seems there is some mess with priority on VPN rules.

Remind your scripts should be executable chmod a+rx /jffs/scripts/*

Hope it can help someone in the future. From my side, no issues anymore with my VPN's clients since daily reset, I have increase enormly the reliability and without anyone notice resets.

 

[ColinTaylor]

Thanks for the scripts @chutiloco.

Might I suggest that services-start would be a more appropriate script for your cru commands rather than init-start. You could also then remove the sleep 80 line.

You might also change /bin/bash to /bin/sh in monthly_reboot.sh as not all firmware has the bash symbolic link.

 

[chutiloco]

Thanks for the scripts @chutiloco.

Might I suggest that services-start would be a more appropriate script for your cru commands rather than init-start. You could also then remove the sleep 80 line.

You might also change /bin/bash to /bin/sh in monthly_reboot.sh as not all firmware has the bash symbolic link.

Agree with both comments. If you have checked the codes of both scritps, there are quite "coarse&simple" but effective. I'm not programmer, so efficiency code&resources for so small script weren't take into account.

Any case, it could be a nice and simple feature in next Merlin release to be integrated in GUI, to have schedule reboot option for VPN clients and advanced schedule reboot option (like one per month, time slot restriction )for router, together with conditioned box option "only if not traffic /"