VPN Reconnection Issues

[Still Hsu]

I've been having issues with my OpenVPN settings ever since I started using it years back, where if the connection drops, it kills the entire connection with no attempts at reconnecting. It's pretty annoying having to go to the settings, turn it off, and then turn it back on every time it happens. Is there anything else I could do or have it reconnect automatically?

The router is AC68U on 384.12.

 

[consorts]

see if your vpn provider may have updated their .ovpn file and/or try a different outlet. you can also explore the L2TP option in your asus router and support the vpn that way. some vpn providers will allow you to connect with encryption disabled, so if anonymity is your only objective, give that a try.

i run a 500km vpn in my router using ac3100 merlin & yazfi 24/7 without issue.

 

[Still Hsu]

I have updated the OVPN file numerous times prior and unfortunately the issue persists. I would also prefer to have maximum security where possible, so L2TP is not something I might consider.

 

[ColinTaylor]

Router model? Firmware version? Client settings?

 

[Still Hsu]

Router model? Firmware version? Client settings?

Sorry! Forgot to add that, edited in OP.

 

[ColinTaylor]

Sorry! Forgot to add that, edited in OP.

Connection settings? Particularly "Connection Retry".

Messages in System Log?

 

[Still Hsu]

Connection settings? Particularly "Connection Retry".

Messages in System Log?

You mean this?

The disconnection hasn't happened today, and I might have accidentally cleared the log when investigating earlier. When I checked earlier though, I couldn't find anything that may be related.

 

[ColinTaylor]

Set the Retry to -1 (inifinte). It might simply be that your VPN providers service is offline for too long and the router has given up trying.

 

[Martineau]

I've been having issues with my OpenVPN settings ever since I started using it years back, where if the connection drops, it kills the entire connection with no attempts at reconnecting. It's pretty annoying having to go to the settings, turn it off, and then turn it back on every time it happens. Is there anything else I could do or have it reconnect automatically?

The router is AC68U on 384.12.

Usually OpenVPN is very good at reporting connection issues, so you should at least see the RESTART attempts logged in Syslog?, usually triggered by the remote server.

Feel free to try this VPN Failover monitoring

e.g. OpenVPN didn't detect a 'failure'.....

Spoiler: Site-to-Site Private VPN monitored by VPN_Failover

16:20:40 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK
16:20:41 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:21:41
16:21:41 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:21:41 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=0
16:21:41 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK
16:21:41 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:22:41
16:22:41 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:22:43 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=1
16:22:46 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=1
16:22:49 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=1
16:22:50 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 4 to VPN Client 5 (Reason: VPN Client 4 STATE=2;Connected but tunnel DOWN)
16:22:50 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Terminating VPN Client 4
16:22:51 RT-AC68U rc_service: service 5869:notify_rc stop_vpnclient4
16:22:51 RT-AC68U custom_script: Running /jffs/scripts/service-event (args: stop vpnclient4)
16:22:51 RT-AC68U (VPN_Failover.sh): 16701 Waiting for VPN Client 4 (Glenside UK) to disconnect.....
16:22:52 RT-AC68U (service-event): 5870 Script not defined for service event: stop-vpnclient4
16:22:52 RT-AC68U ovpn-client4[16407]: event_wait : Interrupted system call (code=4)
16:22:53 RT-AC68U ovpn-client4[16407]: vpnrouting.sh tun14 1500 1553 10.8.0.2 255.255.255.0 init
16:22:53 RT-AC68U (vpnrouting.sh): 5965 v384.07 Patched by Martineau [tun14 1500 1553 10.8.0.2 255.255.255.0 init]
16:22:53 RT-AC68U openvpn-routing: Configuring policy rules for client 4
16:22:53 RT-AC68U custom_script: Running /jffs/scripts/openvpn-event (args: tun14 1500 1553 10.8.0.2 255.255.255.0 init)
16:22:54 RT-AC68U openvpn-event[6062]: User openvpn-event running
16:22:54 RT-AC68U openvpn-event[6062]:      Script executing.. for VPN event: vpnclient4-route-pre-down
16:22:54 RT-AC68U ovpn-client4[16407]: Closing TUN/TAP interface
16:22:54 RT-AC68U ovpn-client4[16407]: /usr/sbin/ip addr del dev tun14 10.8.0.2/24
16:22:54 RT-AC68U ovpn-client4[16407]: updown.sh tun14 1500 1553 10.8.0.2 255.255.255.0 init
16:22:54 RT-AC68U custom_script: Running /jffs/scripts/openvpn-event (args: tun14 1500 1553 10.8.0.2 255.255.255.0 init)
16:22:54 RT-AC68U openvpn-event[6106]: User openvpn-event running
16:22:54 RT-AC68U openvpn-event[6106]:      Script executing.. for VPN event: vpnclient4-down
16:22:54 RT-AC68U (vpnclient4-down): 6122 User (sigterm) Processing 'down' (tun14) via 10.8.0.2 args = [tun14 1500 1553 10.8.0.2 255.255.255.0 init]
16:22:54 RT-AC68U (vpnclient4-down): 6122 Deleted cru #VPN_Status#
16:22:54 RT-AC68U (vpnclient4-down): 6122 VPN Syslog Event Monitor self-destruct requested..... /tmp/vpnclient4-running RC=1
16:22:54 RT-AC68U (vpnclient4-down): 6122 User Processing Complete.
16:22:54 RT-AC68U ovpn-client4[16407]: SIGTERM[hard,] received, process exiting
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 VPN Client 4 (Glenside UK) disconnect'd in 2 secs
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 5 - Manually set to be IGNORED/SKIPPED
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 5 connection status....
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 5 to VPN Client 1 (Reason: VPN Client 5 STATE=0;Disconnected)
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 1 - Manually set to be IGNORED/SKIPPED
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 1 connection status....
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=0;Disconnected)
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 2 - Manually set to be IGNORED/SKIPPED
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 2 connection status....
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 2 to VPN Client 3 (Reason: VPN Client 2 STATE=0;Disconnected)
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 3 - Manually set to be IGNORED/SKIPPED
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 3 connection status....
16:22:57 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 3 to VPN Client 4 (Reason: VPN Client 3 STATE=0;Disconnected)
16:22:57 RT-AC68U custom_script: Running /jffs/scripts/service-event-end (args: stop vpnclient4)
16:22:58 RT-AC68U (service-event-end): 6445 Script not defined for service event: stop-vpnclient4-end
16:22:58 RT-AC68U rc_service: service 6453:notify_rc start_vpnclient4
16:22:58 RT-AC68U custom_script: Running /jffs/scripts/service-event (args: start vpnclient4)
16:22:59 RT-AC68U (service-event): 6462 Script not defined for service event: start-vpnclient4
16:23:00 RT-AC68U (VPN_Failover.sh): 16701 Waiting for VPN Client 4 (Glenside UK) to connect.....
16:23:02 RT-AC68U custom_script: Running /jffs/scripts/openvpnclient4.postconf (args: /etc/openvpn/client4/config.ovpn)
16:23:02 RT-AC68U (openvpnclient4.postconf): 6569 v1.02 Started..... [/etc/openvpn/client4/config.ovpn]
16:23:02 RT-AC68U (openvpnclient4.postconf): 6569 VPN Client 4 is allowed to BIND to any WAN interface.
16:23:03 RT-AC68U ovpn-client4[6615]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 21 2019
16:23:03 RT-AC68U ovpn-client4[6615]: library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.08
16:23:03 RT-AC68U custom_script: Running /jffs/scripts/service-event-end (args: start vpnclient4)
16:23:03 RT-AC68U ovpn-client4[6619]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
16:23:04 RT-AC68U (service-event-end): 6620 Script not defined for service event: start-vpnclient4-end
16:23:15 RT-AC68U ovpn-client4[6619]: TCP/UDP: Preserving recently used remote address: [AF_INET]87.113.171.49:1194
16:23:15 RT-AC68U ovpn-client4[6619]: Socket Buffers: R=[122880->122880] S=[122880->122880]
16:23:15 RT-AC68U ovpn-client4[6619]: UDP link local: (not bound)
16:23:15 RT-AC68U ovpn-client4[6619]: UDP link remote: [AF_INET]87.113.171.49:1194
16:24:02 RT-AC68U (VPN_Failover.sh): 16701 ***ERROR*** VPN Client 4 (Glenside UK) FAILED to connect after 60 secs

<snip>

16:29:13 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 3 to VPN Client 4 (Reason: VPN Client 3 STATE=0;Disconnected)
16:29:13 RT-AC68U rc_service: service 10720:notify_rc start_vpnclient4
16:29:14 RT-AC68U custom_script: Running /jffs/scripts/service-event (args: start vpnclient4)
16:29:14 RT-AC68U (VPN_Failover.sh): 16701 Waiting for VPN Client 4 (Glenside UK) to connect.....
16:29:14 RT-AC68U (service-event): 10727 Script not defined for service event: start-vpnclient4
16:29:17 RT-AC68U custom_script: Running /jffs/scripts/openvpnclient4.postconf (args: /etc/openvpn/client4/config.ovpn)
16:29:17 RT-AC68U (openvpnclient4.postconf): 10833 v1.02 Started..... [/etc/openvpn/client4/config.ovpn]
16:29:17 RT-AC68U (openvpnclient4.postconf): 10833 VPN Client 4 is allowed to BIND to any WAN interface.
16:29:17 RT-AC68U ovpn-client4[10880]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 21 2019
16:29:17 RT-AC68U ovpn-client4[10880]: library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.08
<snip>
16:29:28 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:30:28
16:30:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:30:28 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=0
16:30:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK
16:30:28 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:31:28
16:31:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:31:28 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=0
16:31:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK

 

[Still Hsu]

Set the Retry to -1 (inifinte). It might simply be that your VPN providers service is offline for too long and the router has given up trying.

Yeaah, it still does not reconnect and the log did not reveal much.

Jun 29 10:02:30 ovpn-client1[27866]: FRAG TTL expired i=8
Jun 29 10:02:30 ovpn-client1[27866]: FRAG TTL expired i=24
Jun 29 10:03:35 ovpn-client1[27866]: FRAG TTL expired i=11
Jun 29 10:03:35 ovpn-client1[27866]: FRAG TTL expired i=13
Jun 29 10:07:45 ovpn-client1[27866]: FRAG TTL expired i=4
Jun 29 10:09:50 ovpn-client1[27866]: FRAG TTL expired i=3
Jun 29 10:12:14 ovpn-client1[27866]: TLS: soft reset sec=0 bytes=1346600657/-1 pkts=2056897/0
Jun 29 10:12:16 ovpn-client1[27866]: VERIFY OK: depth=1, C=**[REDACTED]**, ST=**[REDACTED]**, O=**[REDACTED]**, OU=**[REDACTED]**, CN=**[REDACTED]** CA, emailAddress=**[REDACTED]**@**[REDACTED]**.com
Jun 29 10:12:16 ovpn-client1[27866]: VERIFY KU OK
Jun 29 10:12:16 ovpn-client1[27866]: Validating certificate extended key usage
Jun 29 10:12:16 ovpn-client1[27866]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jun 29 10:12:16 ovpn-client1[27866]: VERIFY EKU OK
Jun 29 10:12:16 ovpn-client1[27866]: VERIFY X509NAME OK: C=**[REDACTED]**, ST=**[REDACTED]**, O=**[REDACTED]**, OU=**[REDACTED]**, CN=**[REDACTED]**, emailAddress=**[REDACTED]**@**[REDACTED]**.com
Jun 29 10:12:16 ovpn-client1[27866]: VERIFY OK: depth=0, C=**[REDACTED]**, ST=**[REDACTED]**, O=**[REDACTED]**, OU=**[REDACTED]**, CN=**[REDACTED]**, emailAddress=**[REDACTED]**@**[REDACTED]**.com
Jun 29 10:12:16 ovpn-client1[27866]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 29 10:12:16 ovpn-client1[27866]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 29 10:12:16 ovpn-client1[27866]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jun 29 10:17:34 ovpn-client1[27866]: [**[REDACTED]**] Inactivity timeout (--ping-restart), restarting
Jun 29 10:17:34 ovpn-client1[27866]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 29 10:17:34 ovpn-client1[27866]: Restart pause, 5 second(s)
Jun 29 10:17:39 ovpn-client1[27866]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 29 10:17:39 ovpn-client1[27866]: TCP/UDP: Preserving recently used remote address: [AF_INET]**[REDACTED]**
Jun 29 10:17:39 ovpn-client1[27866]: Socket Buffers: R=[122880->245760] S=[122880->245760]
Jun 29 10:17:39 ovpn-client1[27866]: UDP link local: (not bound)
Jun 29 10:17:39 ovpn-client1[27866]: UDP link remote: [AF_INET]**[REDACTED]**

 

[Still Hsu]

Usually OpenVPN is very good at reporting connection issues, so you should at least see the RESTART attempts logged in Syslog?, usually triggered by the remote server.

Feel free to try this VPN Failover monitoring

e.g. OpenVPN didn't detect a 'failure'.....

Spoiler: Site-to-Site Private VPN monitored by VPN_Failover

16:20:40 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK
16:20:41 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:21:41
16:21:41 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:21:41 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=0
16:21:41 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK
16:21:41 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:22:41
16:22:41 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:22:43 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=1
16:22:46 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=1
16:22:49 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=1
16:22:50 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 4 to VPN Client 5 (Reason: VPN Client 4 STATE=2;Connected but tunnel DOWN)
16:22:50 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Terminating VPN Client 4
16:22:51 RT-AC68U rc_service: service 5869:notify_rc stop_vpnclient4
16:22:51 RT-AC68U custom_script: Running /jffs/scripts/service-event (args: stop vpnclient4)
16:22:51 RT-AC68U (VPN_Failover.sh): 16701 Waiting for VPN Client 4 (Glenside UK) to disconnect.....
16:22:52 RT-AC68U (service-event): 5870 Script not defined for service event: stop-vpnclient4
16:22:52 RT-AC68U ovpn-client4[16407]: event_wait : Interrupted system call (code=4)
16:22:53 RT-AC68U ovpn-client4[16407]: vpnrouting.sh tun14 1500 1553 10.8.0.2 255.255.255.0 init
16:22:53 RT-AC68U (vpnrouting.sh): 5965 v384.07 Patched by Martineau [tun14 1500 1553 10.8.0.2 255.255.255.0 init]
16:22:53 RT-AC68U openvpn-routing: Configuring policy rules for client 4
16:22:53 RT-AC68U custom_script: Running /jffs/scripts/openvpn-event (args: tun14 1500 1553 10.8.0.2 255.255.255.0 init)
16:22:54 RT-AC68U openvpn-event[6062]: User openvpn-event running
16:22:54 RT-AC68U openvpn-event[6062]:      Script executing.. for VPN event: vpnclient4-route-pre-down
16:22:54 RT-AC68U ovpn-client4[16407]: Closing TUN/TAP interface
16:22:54 RT-AC68U ovpn-client4[16407]: /usr/sbin/ip addr del dev tun14 10.8.0.2/24
16:22:54 RT-AC68U ovpn-client4[16407]: updown.sh tun14 1500 1553 10.8.0.2 255.255.255.0 init
16:22:54 RT-AC68U custom_script: Running /jffs/scripts/openvpn-event (args: tun14 1500 1553 10.8.0.2 255.255.255.0 init)
16:22:54 RT-AC68U openvpn-event[6106]: User openvpn-event running
16:22:54 RT-AC68U openvpn-event[6106]:      Script executing.. for VPN event: vpnclient4-down
16:22:54 RT-AC68U (vpnclient4-down): 6122 User (sigterm) Processing 'down' (tun14) via 10.8.0.2 args = [tun14 1500 1553 10.8.0.2 255.255.255.0 init]
16:22:54 RT-AC68U (vpnclient4-down): 6122 Deleted cru #VPN_Status#
16:22:54 RT-AC68U (vpnclient4-down): 6122 VPN Syslog Event Monitor self-destruct requested..... /tmp/vpnclient4-running RC=1
16:22:54 RT-AC68U (vpnclient4-down): 6122 User Processing Complete.
16:22:54 RT-AC68U ovpn-client4[16407]: SIGTERM[hard,] received, process exiting
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 VPN Client 4 (Glenside UK) disconnect'd in 2 secs
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 5 - Manually set to be IGNORED/SKIPPED
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 5 connection status....
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 5 to VPN Client 1 (Reason: VPN Client 5 STATE=0;Disconnected)
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 1 - Manually set to be IGNORED/SKIPPED
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 1 connection status....
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=0;Disconnected)
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 2 - Manually set to be IGNORED/SKIPPED
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 2 connection status....
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 2 to VPN Client 3 (Reason: VPN Client 2 STATE=0;Disconnected)
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 3 - Manually set to be IGNORED/SKIPPED
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 3 connection status....
16:22:57 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 3 to VPN Client 4 (Reason: VPN Client 3 STATE=0;Disconnected)
16:22:57 RT-AC68U custom_script: Running /jffs/scripts/service-event-end (args: stop vpnclient4)
16:22:58 RT-AC68U (service-event-end): 6445 Script not defined for service event: stop-vpnclient4-end
16:22:58 RT-AC68U rc_service: service 6453:notify_rc start_vpnclient4
16:22:58 RT-AC68U custom_script: Running /jffs/scripts/service-event (args: start vpnclient4)
16:22:59 RT-AC68U (service-event): 6462 Script not defined for service event: start-vpnclient4
16:23:00 RT-AC68U (VPN_Failover.sh): 16701 Waiting for VPN Client 4 (Glenside UK) to connect.....
16:23:02 RT-AC68U custom_script: Running /jffs/scripts/openvpnclient4.postconf (args: /etc/openvpn/client4/config.ovpn)
16:23:02 RT-AC68U (openvpnclient4.postconf): 6569 v1.02 Started..... [/etc/openvpn/client4/config.ovpn]
16:23:02 RT-AC68U (openvpnclient4.postconf): 6569 VPN Client 4 is allowed to BIND to any WAN interface.
16:23:03 RT-AC68U ovpn-client4[6615]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 21 2019
16:23:03 RT-AC68U ovpn-client4[6615]: library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.08
16:23:03 RT-AC68U custom_script: Running /jffs/scripts/service-event-end (args: start vpnclient4)
16:23:03 RT-AC68U ovpn-client4[6619]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
16:23:04 RT-AC68U (service-event-end): 6620 Script not defined for service event: start-vpnclient4-end
16:23:15 RT-AC68U ovpn-client4[6619]: TCP/UDP: Preserving recently used remote address: [AF_INET]87.113.171.49:1194
16:23:15 RT-AC68U ovpn-client4[6619]: Socket Buffers: R=[122880->122880] S=[122880->122880]
16:23:15 RT-AC68U ovpn-client4[6619]: UDP link local: (not bound)
16:23:15 RT-AC68U ovpn-client4[6619]: UDP link remote: [AF_INET]87.113.171.49:1194
16:24:02 RT-AC68U (VPN_Failover.sh): 16701 ***ERROR*** VPN Client 4 (Glenside UK) FAILED to connect after 60 secs

<snip>

16:29:13 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 3 to VPN Client 4 (Reason: VPN Client 3 STATE=0;Disconnected)
16:29:13 RT-AC68U rc_service: service 10720:notify_rc start_vpnclient4
16:29:14 RT-AC68U custom_script: Running /jffs/scripts/service-event (args: start vpnclient4)
16:29:14 RT-AC68U (VPN_Failover.sh): 16701 Waiting for VPN Client 4 (Glenside UK) to connect.....
16:29:14 RT-AC68U (service-event): 10727 Script not defined for service event: start-vpnclient4
16:29:17 RT-AC68U custom_script: Running /jffs/scripts/openvpnclient4.postconf (args: /etc/openvpn/client4/config.ovpn)
16:29:17 RT-AC68U (openvpnclient4.postconf): 10833 v1.02 Started..... [/etc/openvpn/client4/config.ovpn]
16:29:17 RT-AC68U (openvpnclient4.postconf): 10833 VPN Client 4 is allowed to BIND to any WAN interface.
16:29:17 RT-AC68U ovpn-client4[10880]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 21 2019
16:29:17 RT-AC68U ovpn-client4[10880]: library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.08
<snip>
16:29:28 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:30:28
16:30:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:30:28 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=0
16:30:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK
16:30:28 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:31:28
16:31:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:31:28 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=0
16:31:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK

Will do and report back later.

 

[TonyK132]

Martineau - I'm trying your VPN Failover script, thanks for providing, but I have a few questions.

1. I need to put an "sh " before running the status checking line, and to add a ".sh" to the script name. Here is the line that works:
sh ./VPN_Failover.sh status
Is this expected?

2. I changed the checking period to be 600 secs (5 min) rather than 3600 secs. Do you see a problem with that?

3. How can I check that the cron job and script is working?

4. I see that you have an email parameter in the command line. Can I use that to notify me of a disconnect and subsequent reconnect? Could you give an example line that I could modify and run? Also, rather than email, is it possible to send a txt message?

5. When I manually shut-down the VPN, the logs contain this info:

Aug 1 11:16:43 rc_service: httpds 826:notify_rc stop_vpnclient1
Aug 1 11:16:43 custom_script: Running /jffs/scripts/service-event (args: stop vpnclient1) - max timeout = 120s
Aug 1 11:16:43 ovpn-client1[13013]: event_wait : Interrupted system call (code=4)
Aug 1 11:16:43 ovpn-client1[13013]: vpnrouting.sh tun11 1500 1550 10.47.11.6 10.47.11.5 init
Aug 1 11:16:43 openvpn-routing: Configuring policy rules for client 1
Aug 1 11:16:43 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1550 10.47.11.6 10.47.11.5 init)
Aug 1 11:16:43 openvpn-event[30702]: route-pre-down
Aug 1 11:16:43 ovpn-client1[13013]: ERROR: Linux route delete command failed: external program exited with error status: 2
Aug 1 11:16:43 ovpn-client1[13013]: ERROR: Linux route delete command failed: external program exited with error status: 2
Aug 1 11:16:43 ovpn-client1[13013]: ERROR: Linux route delete command failed: external program exited with error status: 2
Aug 1 11:16:43 ovpn-client1[13013]: Closing TUN/TAP interface

How can I fix those error messages?

Also, when I restart the VPN, this is what I see in the logs:

Aug 1 11:19:54 rc_service: httpds 826:notify_rc start_vpnclient1
Aug 1 11:19:54 custom_script: Running /jffs/scripts/service-event (args: start vpnclient1) - max timeout = 120s
Aug 1 11:19:54 ovpn-client1[30989]: OpenVPN 2.4.6 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 8 2018
Aug 1 11:19:54 ovpn-client1[30989]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.08
Aug 1 11:19:54 ovpn-client1[30990]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 1 11:19:55 ovpn-client1[30990]: TCP/UDP: Preserving recently used remote address: [AF_INET]174.128.246.10:1198
Aug 1 11:19:55 ovpn-client1[30990]: UDP link local: (not bound)
Aug 1 11:19:55 ovpn-client1[30990]: UDP link remote: [AF_INET]174.128.246.10:1198
Aug 1 11:19:55 ovpn-client1[30990]: VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, [email protected]
Aug 1 11:19:55 ovpn-client1[30990]: VERIFY KU OK
Aug 1 11:19:55 ovpn-client1[30990]: Validating certificate extended key usage
Aug 1 11:19:55 ovpn-client1[30990]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Aug 1 11:19:55 ovpn-client1[30990]: VERIFY EKU OK
Aug 1 11:19:55 ovpn-client1[30990]: VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=52fbf5a1ccf06c163862c61ccc2ea0, name=52fbf5a1ccf06c163862c61ccc2ea0
Aug 1 11:19:55 ovpn-client1[30990]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Aug 1 11:19:55 ovpn-client1[30990]: [52fbf5a1ccf06c163862c61ccc2ea0] Peer Connection Initiated with [AF_INET]174.128.246.10:1198
Aug 1 11:20:01 ovpn-client1[30990]: auth-token received, disabling auth-nocache for the authentication token
Aug 1 11:20:01 ovpn-client1[30990]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Aug 1 11:20:01 ovpn-client1[30990]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Aug 1 11:20:01 ovpn-client1[30990]: TUN/TAP device tun11 opened
Aug 1 11:20:01 ovpn-client1[30990]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Aug 1 11:20:01 ovpn-client1[30990]: /bin/ip link set dev tun11 up mtu 1500
Aug 1 11:20:01 ovpn-client1[30990]: /bin/ip addr add dev tun11 local 10.4.10.6 peer 10.4.10.5
Aug 1 11:20:03 openvpn-routing: Configuring policy rules for client 1
Aug 1 11:20:03 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1550 10.4.10.6 10.4.10.5)
Aug 1 11:20:03 openvpn-event[1555]: route-up
Aug 1 11:20:03 ovpn-client1[30990]: Initialization Sequence Completed

Does all that look OK to you?

 

[Martineau]

1. I need to put an "sh " before running the status checking line, and to add a ".sh" to the script name. Here is the line that works:
sh ./VPN_Failover.sh status
Is this expected?

The './' prefix is used to execute a script located in the current directory. see Tutorial

If you wish to execute a script and you are not with the directory where the script is located then you can explicitly specify the full path to the script i.e. issue /jffs/scripts/VPN_Failover.sh

Explicitly invoking the 'sh' command to execute a file can sometimes ensure the text file is treated as a valid script; even if it technically isn't a true 'script'.

2. I changed the checking period to be 600 secs (5 min) rather than 3600 secs. Do you see a problem with that?

It depends on how critical a working VPN connection is to you personally. Checking every few seconds may normally be overkill, but if say any performance drop is not acceptable then it may be required to check every few seconds.

3. How can I check that the cron job and script is working?

No idea

4. I see that you have an email parameter in the command line. Can I use that to notify me of a disconnect and subsequent reconnect?
Could you give an example line that I could modify and run?
Also, rather than email, is it possible to send a txt message?

There are many variations of email routines in the forum
e.g.
GMail routine
and depending on the SMS service you subscribe to, a similar technique using 'cURL' can be used if it is Web-based.

5. When I manually shut-down the VPN, the logs contain this info:
Aug 1 11:16:43 ovpn-client1[13013]: ERROR: Linux route delete command failed: external program exited with error status: 2
How can I fix those error messages?

Use search Answer

Also, when I restart the VPN, this is what I see in the logs:

Aug 1 11:19:54 rc_service: httpds 826:notify_rc start_vpnclient1
Aug 1 11:19:54 custom_script: Running /jffs/scripts/service-event (args: start vpnclient1) - max timeout = 120s
Aug 1 11:19:54 ovpn-client1[30989]: OpenVPN 2.4.6 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 8 2018
Aug 1 11:19:54 ovpn-client1[30989]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.08
Aug 1 11:19:54 ovpn-client1[30990]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 1 11:19:55 ovpn-client1[30990]: TCP/UDP: Preserving recently used remote address: [AF_INET]174.128.246.10:1198
Aug 1 11:19:55 ovpn-client1[30990]: UDP link local: (not bound)
Aug 1 11:19:55 ovpn-client1[30990]: UDP link remote: [AF_INET]174.128.246.10:1198
Aug 1 11:19:55 ovpn-client1[30990]: VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, [email protected]
Aug 1 11:19:55 ovpn-client1[30990]: VERIFY KU OK
Aug 1 11:19:55 ovpn-client1[30990]: Validating certificate extended key usage
Aug 1 11:19:55 ovpn-client1[30990]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Aug 1 11:19:55 ovpn-client1[30990]: VERIFY EKU OK
Aug 1 11:19:55 ovpn-client1[30990]: VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=52fbf5a1ccf06c163862c61ccc2ea0, name=52fbf5a1ccf06c163862c61ccc2ea0
Aug 1 11:19:55 ovpn-client1[30990]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Aug 1 11:19:55 ovpn-client1[30990]: [52fbf5a1ccf06c163862c61ccc2ea0] Peer Connection Initiated with [AF_INET]174.128.246.10:1198
Aug 1 11:20:01 ovpn-client1[30990]: auth-token received, disabling auth-nocache for the authentication token
Aug 1 11:20:01 ovpn-client1[30990]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Aug 1 11:20:01 ovpn-client1[30990]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Aug 1 11:20:01 ovpn-client1[30990]: TUN/TAP device tun11 opened
Aug 1 11:20:01 ovpn-client1[30990]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Aug 1 11:20:01 ovpn-client1[30990]: /bin/ip link set dev tun11 up mtu 1500
Aug 1 11:20:01 ovpn-client1[30990]: /bin/ip addr add dev tun11 local 10.4.10.6 peer 10.4.10.5
Aug 1 11:20:03 openvpn-routing: Configuring policy rules for client 1
Aug 1 11:20:03 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1550 10.4.10.6 10.4.10.5)
Aug 1 11:20:03 openvpn-event[1555]: route-up
Aug 1 11:20:03 ovpn-client1[30990]: Initialization Sequence Completed

Does all that look OK to you?

Probably

 

[TonyK132]

Thanks for the comprehensive response. Here's a few comments.
1. Thanks for the lesson about sh. Us noobs can use all the help we can get.
2. For the email, I was asking about how to make work the command line option that you list for your script. But if I ever want to send a general email message, your link will help me to figure it out.
3. For the cron job checking, I want to verify that there is nothing in my config the would cause your script to not work as designed.
4. Thanks for the link about the error messages.

 

[Martineau]

2. For the email, I was asking about how to make work the command line option that you list for your script. But if I ever want to send a general email message, your link will help me to figure it out.

If you try to invoke the email feature you will be presented with the message,

You need to edit this script and add the Sendmail function first!

so simply copy and paste your preferred 'general' email code in the script where shown:

i.e. assuming you have a valid Gmail email account, you would simply replace all of the lines 'Insert favorite routine here' by a simple copy'n'paste (omitting the '#!/bin/sh' line) of the RMerlin example I posted, and editing the UserID/Password etc.

SendMail(){



#=================================> Insert favorite routine here

#=================================> Insert favorite routine here

#=================================> Insert favorite routine here



    Say "\a\n\n\tYou need to edit this script and add the Sendmail function first!"   <== delete this line



    return 0

}

 

[Wadadli]

Usually OpenVPN is very good at reporting connection issues, so you should at least see the RESTART attempts logged in Syslog?, usually triggered by the remote server.

Feel free to try this VPN Failover monitoring

e.g. OpenVPN didn't detect a 'failure'.....

Spoiler: Site-to-Site Private VPN monitored by VPN_Failover

16:20:40 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK
16:20:41 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:21:41
16:21:41 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:21:41 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=0
16:21:41 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK
16:21:41 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:22:41
16:22:41 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:22:43 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=1
16:22:46 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=1
16:22:49 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=1
16:22:50 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 4 to VPN Client 5 (Reason: VPN Client 4 STATE=2;Connected but tunnel DOWN)
16:22:50 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Terminating VPN Client 4
16:22:51 RT-AC68U rc_service: service 5869:notify_rc stop_vpnclient4
16:22:51 RT-AC68U custom_script: Running /jffs/scripts/service-event (args: stop vpnclient4)
16:22:51 RT-AC68U (VPN_Failover.sh): 16701 Waiting for VPN Client 4 (Glenside UK) to disconnect.....
16:22:52 RT-AC68U (service-event): 5870 Script not defined for service event: stop-vpnclient4
16:22:52 RT-AC68U ovpn-client4[16407]: event_wait : Interrupted system call (code=4)
16:22:53 RT-AC68U ovpn-client4[16407]: vpnrouting.sh tun14 1500 1553 10.8.0.2 255.255.255.0 init
16:22:53 RT-AC68U (vpnrouting.sh): 5965 v384.07 Patched by Martineau [tun14 1500 1553 10.8.0.2 255.255.255.0 init]
16:22:53 RT-AC68U openvpn-routing: Configuring policy rules for client 4
16:22:53 RT-AC68U custom_script: Running /jffs/scripts/openvpn-event (args: tun14 1500 1553 10.8.0.2 255.255.255.0 init)
16:22:54 RT-AC68U openvpn-event[6062]: User openvpn-event running
16:22:54 RT-AC68U openvpn-event[6062]:      Script executing.. for VPN event: vpnclient4-route-pre-down
16:22:54 RT-AC68U ovpn-client4[16407]: Closing TUN/TAP interface
16:22:54 RT-AC68U ovpn-client4[16407]: /usr/sbin/ip addr del dev tun14 10.8.0.2/24
16:22:54 RT-AC68U ovpn-client4[16407]: updown.sh tun14 1500 1553 10.8.0.2 255.255.255.0 init
16:22:54 RT-AC68U custom_script: Running /jffs/scripts/openvpn-event (args: tun14 1500 1553 10.8.0.2 255.255.255.0 init)
16:22:54 RT-AC68U openvpn-event[6106]: User openvpn-event running
16:22:54 RT-AC68U openvpn-event[6106]:      Script executing.. for VPN event: vpnclient4-down
16:22:54 RT-AC68U (vpnclient4-down): 6122 User (sigterm) Processing 'down' (tun14) via 10.8.0.2 args = [tun14 1500 1553 10.8.0.2 255.255.255.0 init]
16:22:54 RT-AC68U (vpnclient4-down): 6122 Deleted cru #VPN_Status#
16:22:54 RT-AC68U (vpnclient4-down): 6122 VPN Syslog Event Monitor self-destruct requested..... /tmp/vpnclient4-running RC=1
16:22:54 RT-AC68U (vpnclient4-down): 6122 User Processing Complete.
16:22:54 RT-AC68U ovpn-client4[16407]: SIGTERM[hard,] received, process exiting
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 VPN Client 4 (Glenside UK) disconnect'd in 2 secs
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 5 - Manually set to be IGNORED/SKIPPED
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 5 connection status....
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 5 to VPN Client 1 (Reason: VPN Client 5 STATE=0;Disconnected)
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 1 - Manually set to be IGNORED/SKIPPED
16:22:55 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 1 connection status....
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=0;Disconnected)
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 2 - Manually set to be IGNORED/SKIPPED
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 2 connection status....
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 2 to VPN Client 3 (Reason: VPN Client 2 STATE=0;Disconnected)
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 *Warning Configured VPN Client 3 - Manually set to be IGNORED/SKIPPED
16:22:56 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 3 connection status....
16:22:57 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 3 to VPN Client 4 (Reason: VPN Client 3 STATE=0;Disconnected)
16:22:57 RT-AC68U custom_script: Running /jffs/scripts/service-event-end (args: stop vpnclient4)
16:22:58 RT-AC68U (service-event-end): 6445 Script not defined for service event: stop-vpnclient4-end
16:22:58 RT-AC68U rc_service: service 6453:notify_rc start_vpnclient4
16:22:58 RT-AC68U custom_script: Running /jffs/scripts/service-event (args: start vpnclient4)
16:22:59 RT-AC68U (service-event): 6462 Script not defined for service event: start-vpnclient4
16:23:00 RT-AC68U (VPN_Failover.sh): 16701 Waiting for VPN Client 4 (Glenside UK) to connect.....
16:23:02 RT-AC68U custom_script: Running /jffs/scripts/openvpnclient4.postconf (args: /etc/openvpn/client4/config.ovpn)
16:23:02 RT-AC68U (openvpnclient4.postconf): 6569 v1.02 Started..... [/etc/openvpn/client4/config.ovpn]
16:23:02 RT-AC68U (openvpnclient4.postconf): 6569 VPN Client 4 is allowed to BIND to any WAN interface.
16:23:03 RT-AC68U ovpn-client4[6615]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 21 2019
16:23:03 RT-AC68U ovpn-client4[6615]: library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.08
16:23:03 RT-AC68U custom_script: Running /jffs/scripts/service-event-end (args: start vpnclient4)
16:23:03 RT-AC68U ovpn-client4[6619]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
16:23:04 RT-AC68U (service-event-end): 6620 Script not defined for service event: start-vpnclient4-end
16:23:15 RT-AC68U ovpn-client4[6619]: TCP/UDP: Preserving recently used remote address: [AF_INET]87.113.171.49:1194
16:23:15 RT-AC68U ovpn-client4[6619]: Socket Buffers: R=[122880->122880] S=[122880->122880]
16:23:15 RT-AC68U ovpn-client4[6619]: UDP link local: (not bound)
16:23:15 RT-AC68U ovpn-client4[6619]: UDP link remote: [AF_INET]87.113.171.49:1194
16:24:02 RT-AC68U (VPN_Failover.sh): 16701 ***ERROR*** VPN Client 4 (Glenside UK) FAILED to connect after 60 secs

<snip>

16:29:13 RT-AC68U (VPN_Failover.sh): 16701 **VPN Client Monitor: Switching VPN Client 3 to VPN Client 4 (Reason: VPN Client 3 STATE=0;Disconnected)
16:29:13 RT-AC68U rc_service: service 10720:notify_rc start_vpnclient4
16:29:14 RT-AC68U custom_script: Running /jffs/scripts/service-event (args: start vpnclient4)
16:29:14 RT-AC68U (VPN_Failover.sh): 16701 Waiting for VPN Client 4 (Glenside UK) to connect.....
16:29:14 RT-AC68U (service-event): 10727 Script not defined for service event: start-vpnclient4
16:29:17 RT-AC68U custom_script: Running /jffs/scripts/openvpnclient4.postconf (args: /etc/openvpn/client4/config.ovpn)
16:29:17 RT-AC68U (openvpnclient4.postconf): 10833 v1.02 Started..... [/etc/openvpn/client4/config.ovpn]
16:29:17 RT-AC68U (openvpnclient4.postconf): 10833 VPN Client 4 is allowed to BIND to any WAN interface.
16:29:17 RT-AC68U ovpn-client4[10880]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 21 2019
16:29:17 RT-AC68U ovpn-client4[10880]: library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.08
<snip>
16:29:28 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:30:28
16:30:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:30:28 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=0
16:30:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK
16:30:28 RT-AC68U (VPN_Failover.sh): 16701 Will check VPN Client 4 connection status again in 00:01:00 .....@16:31:28
16:31:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: Checking VPN Client 4 connection status....
16:31:28 RT-AC68U (VPN_Failover.sh): 16701    using PING 10.99.8.1 rc=0
16:31:28 RT-AC68U (VPN_Failover.sh): 16701 VPN Client Monitor: VPN Client 4 status OK

I use an app called Public IP Watcher on my Android phone to tell me if OpenVPN has disconnected. It checks every 5 min. for an external IP change. It works very well and the price was right.

 

[TonyK132]

If you try to invoke the email feature you will be presented with the message,

You need to edit this script and add the Sendmail function first!

so simply copy and paste your preferred 'general' email code in the script where shown:

i.e. assuming you have a valid Gmail email account, you would simply replace all of the lines 'Insert favorite routine here' by a simple copy'n'paste (omitting the '#!/bin/sh' line) of the RMerlin example I posted, and editing the UserID/Password etc.

SendMail(){



#=================================> Insert favorite routine here

#=================================> Insert favorite routine here

#=================================> Insert favorite routine here



    Say "\a\n\n\tYou need to edit this script and add the Sendmail function first!"   <== delete this line



    return 0

}

Here is one website that describes sending a txt using an email address.

https://20somethingfinance.com/how-to-send-text-messages-sms-via-email-for-free/

 

[RMerlin]

Here is one website that describes sending a txt using an email address.

https://20somethingfinance.com/how-to-send-text-messages-sms-via-email-for-free/

Some mobile providers will also allow you to receive SMS through an email address. It might require prior activation on their end tho.