vpnclient1 up / down scripts (openvpn) ac86u help needed

[Martineau]

My VPN connection had problems three times overnight, and the VPN_Failover script /vpnclient1-route-pre-down / vpnclient1--route-up handled it perfectly. I only know by checking the log and not finding everything offline this morning.

May 16 03:57:27 RT-AC86U-4608 (VPN_Failover.sh): 6965 VPN Client Monitor: Checking VPN Client 1 connection status....
May 16 03:57:33 RT-AC86U-4608 (VPN_Failover.sh): 6965 **VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=2;Connected but SLOW!)
May 16 03:57:33 RT-AC86U-4608 (VPN_Failover.sh): 6965 **VPN Client Monitor: Terminating VPN Client 1
May 16 03:57:33 RT-AC86U-4608 (VPN_Failover.sh): 6965 Waiting for VPN Client 1 (VPN Unlimited Stream 1) to disconnect.....
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 VPN Client 1 (VPN Unlimited Stream 1) disconnect'd in 1 secs
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 *Warning VPN Client 2 not configured? - auto IGNORED/SKIPPED
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 VPN Client Monitor: Checking VPN Client 2 connection status....
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 **VPN Client Monitor: Switching VPN Client 2 to VPN Client 3 (Reason: VPN Client 2 STATE=0;Disconnected)
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 *Warning VPN Client 3 not configured? - auto IGNORED/SKIPPED
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 VPN Client Monitor: Checking VPN Client 3 connection status....
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 **VPN Client Monitor: Switching VPN Client 3 to VPN Client 4 (Reason: VPN Client 3 STATE=0;Disconnected)
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 *Warning VPN Client 4 not configured? - auto IGNORED/SKIPPED
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 VPN Client Monitor: Checking VPN Client 4 connection status....
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 **VPN Client Monitor: Switching VPN Client 4 to VPN Client 5 (Reason: VPN Client 4 STATE=0;Disconnected)
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 *Warning VPN Client 5 not configured? - auto IGNORED/SKIPPED
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 VPN Client Monitor: Checking VPN Client 5 connection status....
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 **VPN Client Monitor: Switching VPN Client 5 to VPN Client 1 (Reason: VPN Client 5 STATE=0;Disconnected)
May 16 03:57:35 RT-AC86U-4608 (VPN_Failover.sh): 6965 Waiting for VPN Client 1 (VPN Unlimited Stream 1) to connect.....
May 16 03:57:55 RT-AC86U-4608 (VPN_Failover.sh): 14860 v1.15 1 delay=60
May 16 03:57:55 RT-AC86U-4608 (VPN_Failover.sh): 6965 VPN Client 1 (VPN Unlimited Stream 1) connect'd in 18 secs

Nice to know my shoddy coding skills work on occasion!

I suppose I should rewrite the logic to better handle the 'noise' such as

*Warning VPN Client 2 not configured? - auto IGNORED/SKIPPED

but it may be prudent to include 'ignore=2,3,4,5' to explicitly ensure that VPN Client 1 doesn't inadvertently switch to a VPN Client that you were simply trialling/experimenting with.

Also, whilst VPN_Failover.sh does "what it says on the tin", it should ultimately become redundant if the reason for the restart was formally identified
i.e. is reduced performance/throughput truly the reason?

**VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=2;Connected but SLOW!)

 

[Martineau]

If I had 0.1% of you "shoddy" coding skills, I'd be thrilled.

I don't know how to check if it is indeed "SLOW!" since it happens when I am asleep or gone and happened after I posted this. I thought about trying Jack Yaz spdMerlin, but since my router is explicitly set to WAN in the Policy Rules Strict VPN config, it would not matter. I was gone for some time this morning and when I came home it was blocking clients access and has failed to restart just minutes before I returned

Here is the log.

May 16 10:07:53 RT-AC86U-4608 (VPN_Failover.sh): 2946 VPN Client Monitor: Checking VPN Client 1 connection status....
May 16 10:07:58 RT-AC86U-4608 (VPN_Failover.sh): 7610 **VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=2;Connected but SLOW!)
May 16 10:07:58 RT-AC86U-4608 (VPN_Failover.sh): 7610 **VPN Client Monitor: Terminating VPN Client 1
May 16 10:07:58 RT-AC86U-4608 (VPN_Failover.sh): 6965 VPN Client Monitor: Checking VPN Client 1 connection status....
May 16 10:07:58 RT-AC86U-4608 (VPN_Failover.sh): 7610 Waiting for VPN Client 1 (VPN Unlimited Stream 1) to disconnect.....
May 16 10:07:59 RT-AC86U-4608 (VPN_Failover.sh): 7610 VPN Client 1 (VPN Unlimited Stream 1) disconnect'd in 0 secs
May 16 10:07:59 RT-AC86U-4608 (VPN_Failover.sh): 7610 *Warning VPN Client 2 not configured? - auto IGNORED/SKIPPED
May 16 10:07:59 RT-AC86U-4608 (VPN_Failover.sh): 7610 VPN Client Monitor: Monitoring VPN Client 2 terminated ('/tmp/vpnclient1-monitor' not found)
May 16 10:08:19 RT-AC86U-4608 (VPN_Failover.sh): 14860 **VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=0;Disconnected)
May 16 10:08:19 RT-AC86U-4608 (VPN_Failover.sh): 14860 *Warning VPN Client 2 not configured? - auto IGNORED/SKIPPED
May 16 10:08:19 RT-AC86U-4608 (VPN_Failover.sh): 14860 VPN Client Monitor: Monitoring VPN Client 2 terminated ('/tmp/vpnclient1-monitor' not found)
May 16 10:08:22 RT-AC86U-4608 (VPN_Failover.sh): 2946 **VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=0;Disconnected)
May 16 10:08:22 RT-AC86U-4608 (VPN_Failover.sh): 2946 *Warning VPN Client 2 not configured? - auto IGNORED/SKIPPED
May 16 10:08:22 RT-AC86U-4608 (VPN_Failover.sh): 2946 VPN Client Monitor: Monitoring VPN Client 2 terminated ('/tmp/vpnclient1-monitor' not found)

I made the suggested settings and included a curlrate one as well.

#!/bin/sh
# vpnclient1-route-up
# Only create the VPN Failover monitor if it doesn't already exist
if [ -z "$(ps | grep -v grep | grep -E "VPN_Failover.sh\s $VPN_ID")" ];then
   logger -t "($(basename $0))" $$ "Requesting VPN Failover monitor with 60 sec delay....."
   VPN_ID=${dev:4:1}
   /jffs/scripts/VPN_Failover.sh "$VPN_ID" "ignore=2,3,4,5" "forcesmall" "curlrate=1000" "delay=60" &
fi

Here is the log from doing a restart. I will be near for a few hours and keep an eye on it.

May 16 11:39:38 RT-AC86U-4608 (VPN_Failover.sh): 8161 v1.15 1 ignore=2,3,4,5 forcesmall curlrate=1000 delay=60
May 16 11:39:38 RT-AC86U-4608 (VPN_Failover.sh): 8161 2345
May 16 11:39:39 RT-AC86U-4608 (VPN_Failover.sh): 7045 VPN Client 1 (VPN Unlimited Stream 1) connect'd in 21 secs
May 16 11:40:09 RT-AC86U-4608 (VPN_Failover.sh): 7045 VPN Client Monitor: Checking VPN Client 1 connection status.... using MINIMIUM acceptable cURL transfer rate (1000 Bytes/sec)
May 16 11:40:09 RT-AC86U-4608 (VPN_Failover.sh): 7045 Starting VPN Client 1 cURL 'small' data transfer.....(Expect 500Byte download = <1 second)
May 16 11:40:10 RT-AC86U-4608 (VPN_Failover.sh): 7045 cURL 433Byte transfer took: 00:00.36 secs @ 1212 B/sec
May 16 11:40:10 RT-AC86U-4608 (VPN_Failover.sh): 7045 VPN Client Monitor: VPN Client 1 status OK

May 16 10:07:53 RT-AC86U-4608 (VPN_Failover.sh): 2946 VPN Client Monitor: Checking VPN Client 1 connection status....
May 16 10:07:58 RT-AC86U-4608 (VPN_Failover.sh): 7610 **VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=2;Connected but SLOW!)
May 16 10:07:58 RT-AC86U-4608 (VPN_Failover.sh): 7610 **VPN Client Monitor: Terminating VPN Client 1
May 16 10:07:58 RT-AC86U-4608 (VPN_Failover.sh): 6965 VPN Client Monitor: Checking VPN Client 1 connection status....
May 16 10:07:58 RT-AC86U-4608 (VPN_Failover.sh): 7610 Waiting for VPN Client 1 (VPN Unlimited Stream 1) to disconnect.....
May 16 10:07:59 RT-AC86U-4608 (VPN_Failover.sh): 7610 VPN Client 1 (VPN Unlimited Stream 1) disconnect'd in 0 secs
May 16 10:07:59 RT-AC86U-4608 (VPN_Failover.sh): 7610 *Warning VPN Client 2 not configured? - auto IGNORED/SKIPPED
May 16 10:07:59 RT-AC86U-4608 (VPN_Failover.sh): 7610 VPN Client Monitor: Monitoring VPN Client 2 terminated ('/tmp/vpnclient1-monitor' not found)
May 16 10:08:19 RT-AC86U-4608 (VPN_Failover.sh): 14860 **VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=0;Disconnected)
May 16 10:08:19 RT-AC86U-4608 (VPN_Failover.sh): 14860 *Warning VPN Client 2 not configured? - auto IGNORED/SKIPPED
May 16 10:08:19 RT-AC86U-4608 (VPN_Failover.sh): 14860 VPN Client Monitor: Monitoring VPN Client 2 terminated ('/tmp/vpnclient1-monitor' not found)
May 16 10:08:22 RT-AC86U-4608 (VPN_Failover.sh): 2946 **VPN Client Monitor: Switching VPN Client 1 to VPN Client 2 (Reason: VPN Client 1 STATE=0;Disconnected)
May 16 10:08:22 RT-AC86U-4608 (VPN_Failover.sh): 2946 *Warning VPN Client 2 not configured? - auto IGNORED/SKIPPED
May 16 10:08:22 RT-AC86U-4608 (VPN_Failover.sh): 2946 VPN Client Monitor: Monitoring VPN Client 2 terminated ('/tmp/vpnclient1-monitor' not found)

Looking at the log above, it would seem there were multiple VPN_Failover.sh processes (2946,7610 and 14860) and this should not be possible as 'vpnclient1-route-up' was altered to not create a second instance of VPN_Failover.sh if one exists.

Ahh... the unauthorised hack you made in post #70 doesn't help

i.e. The original in post #61 now has a subtle non-specific logic test.

Anyway please remove your hack.....

/jffs/scripts/vpnclient1-route-up

#!/bin/sh
# vpnclient1-route-up
VPN_ID=${dev:4:1}
# Only create the VPN Failover monitor if it doesn't already exist
if [ -z "$(ps | grep -v grep | grep -E "VPN_Failover.sh\s$VPN_ID")" ];then
   logger -t "($(basename $0))" $$ "Requesting VPN Failover monitor with 60 sec delay....."
   /jffs/scripts/VPN_Failover.sh "$VPN_ID" "ignore=2,3,4,5" "forcesmall" "curlrate=1000" "delay=60" &
fi

FYI, the following is an expected info/confirmation message

(VPN_Failover.sh): 2946 VPN Client Monitor: Monitoring VPN Client 2 terminated ('/tmp/vpnclient1-monitor' not found)

that the background VPN_Failover.sh process should self destruct if the VPN Client was terminated by any method except a termination request initiated by the VPN_Failover.sh process.

I suggest once the 'vpnclient1-route-up' script has been fixed; it might be prudent to remove the 'ignore=' and 'curlrate' args, then issue the following

kill $(ps | grep -v grep | grep "VPN_Failover" | awk '{print $1}')

service stop_vpnclient1

service start_vpnclient1

Now wait to see what happens.

P.S. Having moved the goal posts by specifying the 'curlrate', if the threshold is too low, then this could cause unnecessary restarts.

 

[Martineau]

This is now my vpnclient1-route-up

#!/bin/sh
# Only create the VPN Failover monitor if it doesn't already exist
if [ -z "$(ps | grep -v grep | grep "VPN_Failover.sh $VPN_ID")" ];then
   logger -t "($(basename $0))" $$ "Requesting VPN Failover monitor with 60 sec delay....."
   /jffs/scripts/VPN_Failover.sh "$VPN_ID" "delay=60" &
fi

<sigh> FFS! does the above script match the version of 'vpnclient1-route-up' I posted in post #84?

Cut'n'paste!

I give up.