VPN Server Scheduled Restart

[dcsang]

My VPN Server will cease to accept connections occasionally and restarting it using scMerlin resolves the issue. I might require extended remote access soon and don't want to lose connectivity. Is it possible to schedule a periodic restart of the VPN Server as a proactive measure until the root cause can be identified? The last several days have been stable, so nothing to troubleshoot at present.

 

[alecmascot]

I do this with my VPN clients using CRON.
This should work for you with a modification from Client to Server.
Scheduled for 04:00.

In /jffs/scripts

#pasted into services-start script#

cru a vpnrst "0 4 * * * /jffs/scripts/VPN-Restart"

This creates the cron job and restores it after reboots


in the above folder make a new file :

#!/bin/sh

service restart_vpnclient1
service restart_vpnclient2

as VPN-Restart and make it executable
Modify client to server and test the syntax.

EDIT:

service restart_vpnserver1

works fine

 

[ColinTaylor]

When the VPN server is enabled it creates an entry in the crontab that runs every two minutes. If the VPN server isn't running it restarts it. If you need to force a restart you could do something similar but will have to decide how often you want to do it (i.e. how long you're prepared to wait).

*/2 * * * * /etc/openvpn/server1/vpn-watchdog1.sh #CheckVPNServer1#

# cat /etc/openvpn/server1/vpn-watchdog1.sh
#!/bin/sh
if [ -z $(pidof vpnserver1) ]
then
   service restart_vpnserver1
fi

 

[dcsang]

Thank you both for sharing those solutions.

@ColinTaylor - I presume the initial code you provided executes the 'vpn-watchdog1.sh' script, and the second creates the script with the code you included. Does the condition in the IF statement just check if the service is running? The information @alecmascot provides guidance on how to employ this when the router is restarted.

This is exactly the type of solution I was hoping for without the need to restart the router.

 

[ColinTaylor]

@ColinTaylor - I presume the initial code you provided executes the 'vpn-watchdog1.sh' script, and the second creates the script with the code you included. Does the condition in the IF statement just check if the service is running? The information @alecmascot provides guidance on how to employ this when the router is restarted.

The code I posted (a crontab entry and a script) is what the firmware automatically creates when you turn the VPN server on. When you manually turn the server off they are both removed. I just provided them as a reference.

Yes, the IF statement checks whether the VPN process is running. That's not what you want because you say your server is running but not working properly. So you only want the restart line.

As you only want that one line you could execute it directly via cron rather than creating as script for it. So as @alecmascot suggested you would put something like this in services-start:

#!/bin/sh

/usr/sbin/cru a VPN-Restart "00 * * * * service restart_vpnserver1"

This creates a crontab entry that restarts VPN server #1 every hour, on the hour. Of course that means that if you're currently using it you will get disconnected.

 

[dcsang]

I appreciate the clarification. Thank you both again for sharing your solutions and teaching me something today.

 

[squeeky]

Does this procedure work with any VPN i.e. OpenVPN, Wireguard etc. ?

 

[o0larry0o]

Hello @ColinTaylor.

I came upon this thread because, sometimes my VPN server is set to "ON" in the GUI, but showed as "stopped" in the GUI also in "VPN - status".
Reapplying change in "VPN server" tab, restart it.

This happen from time to time.
but I don't know how to debug this, following your explanation I guess it means that the service is still up, so the watchdog script does not restart it.

I even don't know at this point if the watchdog failed, or if the server was unresponsive.

Thx a lot

EDIT : I think I found the cause
Looks like (but not sure) when I applied network changes, it triggered the restart_net
and then at the end the openvpn service was terminated, and never started again.

Jan 27 17:39:24 rc_service: httpd 20417:notify_rc restart_net
Jan 27 17:39:24 custom_script: Running /jffs/scripts/service-event (args: restart net)
Jan 27 17:39:28 miniupnpd[20700]: shutting down MiniUPnPd
Jan 27 17:39:29 ovpn-server1[20725]: event_wait : Interrupted system call (fd=-1,code=4)
Jan 27 17:39:29 ovpn-server1[20725]: Closing TUN/TAP interface
Jan 27 17:39:29 ovpn-server1[20725]: /usr/sbin/ip addr del dev tun21 192.168.10.1/24
Jan 27 17:39:29 ovpn-server1[20725]: ovpn-down 1 server tun21 1500 0 192.168.10.1 255.255.255.0 init
Jan 27 17:39:29 custom_script: Running openvpn-event
Jan 27 17:39:29 ovpn-server1[20725]: PLUGIN_CLOSE: /usr/lib/openvpn-plugin-auth-pam.so
Jan 27 17:39:29 ovpn-server1[20725]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Jan 27 17:39:29 ovpn-server1[20725]: SIGTERM[hard,] received, process exiting
Jan 27 17:39:29 wsdd2[20946]: error: wsdd-mcast-v4: wsd_send_soap_msg: send
Jan 27 17:39:32 wsdd2[20946]: error: wsdd-mcast-v4: wsd_send_soap_msg: send
Jan 27 17:39:35 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Jan 27 17:39:35 custom_script: Running /jffs/scripts/avahi-daemon.postconf (args: /tmp/avahi/avahi-daemon.conf)
Jan 27 17:39:35 avahi-daemon[5357]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Jan 27 17:39:35 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Jan 27 17:39:35 wan: finish adding multi routes
Jan 27 17:39:36 avahi-daemon[5357]: Alias name "RT-AC86U" successfully established.
Jan 27 17:39:37 ddns: eth0 not find External WAN IP, go retry.(10)
Jan 27 17:39:37 miniupnpd[5543]: HTTP listening on port 42087
Jan 27 17:39:37 miniupnpd[5543]: Listening for NAT-PMP/PCP traffic on port 5351
Jan 27 17:39:37 ovpn-server1[5562]: OpenVPN 2.6.6 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Jan 27 17:39:37 ovpn-server1[5562]: library versions: OpenSSL 1.1.1u  30 May 2023, LZO 2.08
Jan 27 17:39:37 ovpn-server1[5563]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Jan 27 17:39:37 ovpn-server1[5563]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 27 17:39:37 ovpn-server1[5563]: PLUGIN AUTH-PAM: initialization succeeded (fg)
Jan 27 17:39:37 ovpn-server1[5563]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Jan 27 17:39:37 ovpn-server1[5563]: Diffie-Hellman initialized with 2048 bit key
Jan 27 17:39:37 ovpn-server1[5563]: TUN/TAP device tun21 opened
Jan 27 17:39:37 ovpn-server1[5563]: TUN/TAP TX queue length set to 1000
Jan 27 17:39:37 ovpn-server1[5563]: /usr/sbin/ip link set dev tun21 up mtu 1500
Jan 27 17:39:37 vpnserver1[5564]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Jan 27 17:39:37 ovpn-server1[5563]: /usr/sbin/ip link set dev tun21 up
Jan 27 17:39:37 ovpn-server1[5563]: /usr/sbin/ip addr add dev tun21 192.168.10.1/24
Jan 27 17:39:37 ovpn-server1[5563]: ovpn-up 1 server tun21 1500 0 192.168.10.1 255.255.255.0 init
Jan 27 17:39:37 custom_script: Running openvpn-event
Jan 27 17:39:37 ovpn-server1[5563]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Jan 27 17:39:37 ovpn-server1[5563]: UDPv4 link local (bound): [AF_INET][undef]:1194
Jan 27 17:39:37 ovpn-server1[5563]: UDPv4 link remote: [AF_UNSPEC]
Jan 27 17:39:37 ovpn-server1[5563]: MULTI: multi_init called, r=256 v=256
Jan 27 17:39:37 ovpn-server1[5563]: IFCONFIG POOL IPv4: base=192.168.10.2 size=253
Jan 27 17:39:37 ovpn-server1[5563]: Initialization Sequence Completed
Jan 27 17:39:42 kernel: The For ALL DEVICES flag of Prof 1 has been set to ENABLE
Jan 27 17:39:42 kernel: Successfully alloc ctrie: state num=14, mem=280
Jan 27 17:39:42 BWDPI: fun bitmap = 43f
Jan 27 17:39:43 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Jan 27 17:39:43 wsdd2[20946]: Terminated received.
Jan 27 17:39:43 Samba_Server: smb daemon is stopped
Jan 27 17:39:43 Samba_Server: daemon is started
Jan 27 17:39:44 ovpn-server1[5563]: event_wait : Interrupted system call (fd=-1,code=4)
Jan 27 17:39:44 ovpn-server1[5563]: Closing TUN/TAP interface
Jan 27 17:39:44 ovpn-server1[5563]: /usr/sbin/ip addr del dev tun21 192.168.10.1/24
Jan 27 17:39:44 ovpn-server1[5563]: ovpn-down 1 server tun21 1500 0 192.168.10.1 255.255.255.0 init
Jan 27 17:39:44 custom_script: Running openvpn-event
Jan 27 17:39:44 ovpn-server1[5563]: PLUGIN_CLOSE: /usr/lib/openvpn-plugin-auth-pam.so
Jan 27 17:39:44 ovpn-server1[5563]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Jan 27 17:39:44 ovpn-server1[5563]: SIGTERM[hard,] received, process exiting