What's new

VPNMON VPNMON-R2 v2.0 -Jul 10, 2022- Monitor your VPN connection's Health (Thread locked/closed)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Viktor Jaep

Part of the Furniture
v2.0 - Now with even more SuperRandom(tm) goodness!!
Updated July 10 2022

Executive Summary: VPNMON-R2 v2.0 (VPNMON-R2.SH) is an all-in-one script that works for any VPN service of your choice, but is optimized for NordVPN, SurfShark VPN and Perfect Privacy VPN services. It can also compliment @JackYaz's VPNMGR program to maintain a NordVPN/PIA/WeVPN setup. This script will check the health of (up to) 5 VPN connections on a regular interval to see if one is connected, and sends a ping to a host of your choice through the active connection. If it finds that connection has been lost, it will execute a series of commands that will kill all VPN clients, will optionally whitelist all NordVPN/PerfectPrivacy VPN servers in the Skynet Firewall, and randomly picks one of your (up to) 5 VPN Clients to connect to. One of VPNMON-R2's unique features is called "SuperRandom", where it will randomly assign VPN endpoints for a random county (or your choice) to your VPN slots, and randomly connect to one of these. It will now also test your WAN connection, and put itself into standby until the WAN is restored before reconnecting your VPN connections. Major features: Now included in AMTM, Fastest Connection Switching, Perfect Privacy/SurfShark/NordVPN VPN Compatible, WAN Awareness, YazFi Compatible, Multi-Country Capable.

VPNMON is free to use under the GNU General Public License version 3 (GPL 3.0).

This project is hosted on GitHub

Changelog here / What's new: VPNON Sunset/Integration and more -- VPNMON-R2 is now available in AMTM!

Screenshot:

vpnmon-r2-20.jpg

The Problem I was trying to solve​

  • As a former VPNMGR user, I had 5 different NordVPN VPN Client configurations populated on my Asus router running Merlin FW, each with a different city. There were times that I would lose connection to one of these servers, and the router would just endlessly keep trying to reconnect to no avail. Also, sometimes the SKynet firewall would block these NordVPN endpoints, and it would again, endlessly try to connect to a blocked endpoint. Other times, freakishly, I would have more than 1 VPN Client kick on for some reason. This program was built as a way to check to make sure VPN is connected, that the connection is clean, and that there aren't multiple instances running. If anything was off, it would launch a full-on assault and try to reset everything back to a normal state.
  • I also wanted a way for my VPN connection to reset each night, so that it would randomly select and connect to a different configuration, thus endpoint, so that I wouldn't be connected to the same city 24x7x365.
  • NordVPN literally has thousands of VPN endpoint servers which change frequently, depending on the distance or latency from your location scattered across the globe. On several occations, my Asus-Merlin-based Skynet firewall would block these VPN servers, and wanted to make sure I had a way to find all the latest VPN server IPs, and add them to the Skynet whitelist.
  • Above all, I wanted to make this script flexible enough for those who aren't running VPNMGR, using NordVPN or making use of the Skynet Firewall, so options have been built-in to bypass this functionality to make it usable in any VPN usage scenario.

How is this script supposed to run?​

Personally, I run this script in its own SSH window from a PC that's connected directly to the Asus router, as it loops and checks the connection every 60 seconds. Instructions:
  1. Download and install directly from AMTM, or using your favorite SSH tools, copy & paste this command:
    Code:
    curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.0.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod a+rx "/jffs/scripts/vpnmon-r2.sh"
  2. To initially configure this script, open up a dedicated SSH window, and simply execute the script::
    Code:
    sh /jffs/scripts/vpnmon-r2.sh -setup
  3. Once you've successfully configured the various options, you can run the script using this command:
    Code:
    sh /jffs/scripts/vpnmon-r2.sh -monitor
One particular ingenious way to run this is using the "screen" utility continuously from the router itself, instead of an attached session. (FYI, during the 'vpnmon-r2.sh -setup' process, you will be prompted whether or not you want to install the "screen" utility)
  1. First, make sure you install the "screen" utility (and have Entware installed):
    Code:
    opkg install screen
  2. The screen utility allows you to run the script in the background, detached from your current ssh session. Type:
    Code:
    screen -dmS vpnmon-r2 sh /jffs/scripts/vpnmon-r2.sh -monitor
  3. You can then reattach to the running script at any time, from any ssh session, on any client machine! Type:
    Code:
    screen -r vpnmon-r2
  4. Perform the detach by hitting CTRL-A + D
  5. To make it easier, can now also just execute VPNMON-R2 with the -screen switch. Type:
    Code:
    sh vpnmon-r2.sh -screen
What an awesome way to keep an SSH script running! Thanks @eibgrad!

What this script does​

  1. Checks the VPN State from NVRAM and determines if each of the 5 Clients are connected or not
  2. If a VPN Client is connected, it sends a PING through to Google's DNS server to determine if the link is good (configurable)
  3. If it determines that the VPN Client is down, or connection is broken, it will attempt to reset the VPN
  4. If it determines that multiple VPN Clients are running, it will attempt to reset the VPN
  5. If it determines that the NordVPN server load is too high (optional), it will attempt to reset the VPN
  6. Updates Skynet whitelist with all US-based NordVPN endpoint IP addresses (optional) - FYI, you can easily change this for the country of your choice.
  7. Updates vpnmgr cache with recommended NordVPN/PIA/WeVPN endpoint information (optional), and merges/refreshes these changes with your VPN Client configurations
  8. Uses a randomizer to pick one of 5 different VPN Clients to connect to (configurable between 1 and 5)
  9. It will loop through this process every 60 seconds (configurable)
  10. If it determines that my other (optional) external script VPNON.SH is resetting the connection, it will hang back until it's done.
  11. Logs major events (resets/connection errors/etc) to a log file.
  12. It will reset your VPN connection at a regularly scheduled time using the settings at the top of the script (optional)
  13. It now shows the last time a VPN reset happened indicated by "Last Reset:", an indicator when the next reset will happen, and how often the interval happens (in seconds) on the easy-to-read VPNMON-R2 interface in your SSH shell, along with a progressbar to show script activity
  14. Added a new API lookup to display the VPN exit node city/location next to the active VPN connection. This API is free, and guarantees at least 1000 lookups per month. In lieu of doing a lookup each single refresh interval, a location lookup is only done when either the script starts up fresh, when it detects VPNON doing a reset, or if VPNMON-R2 initiates a reset.
  15. Added the concept of SuperRandom(tm) NordVPN Connections! This is a NordVPN/SurfShark/PerfectPrivacy feature only! When enabled, it will fill your VPN client slots with random VPN servers across the country of your choice. Distance, load, and performance be damned!!
  16. Added an integrated configuration utility (by running "vpnmon-r2.sh -config") that steps you through all the options and saves results to a config file, without the need to manually edit and configure the script itself.
  17. Added a script update checker, which notifies you when a new version becomes available, and allows you to easily download an install the latest script by using the 'vpnmon-r2.sh -update' command.
  18. Optionally shows a row of stats on bottom row, indicating low/high ping times, NordVPN server load, Avg sent/received bandwidth (in Mbps), and total traffic sent/received on the active tunnel.
  19. Added the ability to specify up to 2 additional NordVPN countries (for a total of 3) to randomly pick VPN servers located within that country. Yes, we have gone completely international!
  20. Happy to report that VPNMON-R2 now integrates beautifully with YazFi - the premier expanded guest network utility for Merlin firmware! For those running multiple guest networks, VPNMON-R2 can now automatically update your guest network slots with the latest VPN slot that VPNMON-R2 just made a connection to, then performs the necessary steps to make YazFi acknowledge the change to ensure your guest client devices continue to work without interruption!
  21. Added capabilities to check if your modem goes down, or your ISP stops working, then falls back and waits until your WAN comes back up in order to re-establish a VPN connection.
  22. VPNMON-R2 is now compatible with Perfect Privacy and SurfShark VPN services!
  23. Added capabilities to switch to the fastest connections based on ping ms to your VPN endpoints.
  24. Happy to announce that VPNMON-R2 is now being included in AMTM! Many thanks to @thelonelycoder!
 
Last edited:

What if I'm not running VPNMGR/NordVPN(PIA/WeVPN)/Skynet?​

  1. As long as your VPN slots are configured and tested using the VPN provider of your choice, this script will run perfectly fine, and can monitor, reset and randomly start a new VPN client slot for you each day. Please know, this script was written to compliment NordVPN, Surfshark and Perfect Privacy, and gives a heavy preference to VPNMGR, but none of which is required.
  2. While stepping through the configuration utility ("vpnmon-r2.sh -config"), you can choose to disable the ability to update VPNMGR hosts, enable/disable specific NordVPN/SurfShark/Perfect Privacy functionality, and the ability to whitelist the latest NordVPN/Perfect Privacy servers in Skynet.
  3. Let me know how you're using this script! Feel free to post in this forum. ;)

Usage​

VPNMON-R2 is driven with commandline parameters. These are the available options:
  • vpnmon-r2.sh -h (or vpnmon-r2.sh -help) -- displays a short overview of available commands
  • vpnmon-r2.sh -log -- displays the contents of the VPNMON-R2 activity log in the NANO text editor
  • vpnmon-r2.sh -config -- launches the configuration utility and saves your settings to a local config file
  • vpnmon-r2.sh -update -- launches the script update utility to download the newest version
  • vpnmon-r2.sh -setup -- launches the setup menu to configure and add optional Entware components
  • vpnmon-r2.sh -reset -- initiates a VPN reset for use with setting up external CRON jobs (like the vpnon script did)
  • vpnmon-r2.sh -uninstall -- launches the uninstall utility that removes VPNMON-R2 from your router
  • vpnmon-r2.sh -screen -- launches VPNMON-R2 using the "screen" utility, and places it in -monitor mode
  • vpnmon-r2.sh -monitor -- launches VPNMON-R2 in a normal operations mode, ready to monitor the health of your VPN connections

Screenshots

Persistent screen of VPNMON-R2 v2.0 running from your favorite SSH window:
vpnmon-r2-20.jpg


Example of VPNMON-R2 dealing with a dropped VPN connection:
vpnmon-r2-19-reset.jpg


You can optionally refresh VPNMGR, update/whitelist VPN hosts in the Skynet firewall, or randomly populate your VPN client slots using NordVPN/SurfShark/Perfect Privacy SuperRandom(tm), and update your YazFi Guest networks as well with the current active VPN connection!

Example of the log file contents:
vpnmon-r2-15-log.jpg


A new setup menu is available by using the "vpnmon-r2.sh -setup" switch, or entering it directly from either AMTM, or from the main VPNMON-R2 UI itself.
vpnmon-r2-20-setup.jpg


And here is the configuration utility that takes you through the options step-by-step to ensure a compatible experience for your setup and keeps that VPN connection healthy!
vpnmon-r2-20-config.jpg
 
Last edited:

OK, you've convinced me -- how do I setup a VPN?​

In case you're curious about how to configure your own amazing whole-home VPN setup, here are some basic instructions... Please understand that this is how I have my OVPN client slots setup, and your needs may differ, so feel free to jump into this thread if you have any other setup questions!

1.) Subscribe to a VPN provider - Picking NordVPN, SurfShark or Perfect Privacy will give you some more awesome functionality with VPNMON-R2, but you can basically pick anything you want. I'm going to use NordVPN in these examples...

2.) Download your VPN server config - Go to your VPN providers server config download page (ex: https://nordvpn.com/servers/tools/), and pick one (or a selection) of OpenVPN UDP server configs, and download them. It will probably end up with a name like this: "us9488.nordvpn.com.udp.ovpn"

1657465836470.png


3.) Check the .ovpn contents - The contents of the .ovpn file will contain the security certificates, vpn server name, and configuration parameters. Give it a cursory glance to make sure it looks like everything's there.

4.) Configure your VPN Client Slots - From the Asus-Merlin VPN Client page, pick your 1st OpenVPN Client Slot... click on the "Choose File" button, and select the file you just downloaded, and click the "Upload" button to import it. This will populate most of your settings on this page, but will need to go through, name some things, and make some configuration tweaks. For example, these are the settings I use below... yours might differ based on your preferences.

Screenshot 2022-02-20 19.11.11.png

Screenshot 2022-02-20 19.11.56.png


5.) Apply these custom configuration entries on the bottom of the page - This is an important step! The custom config entries that come with the .ovpn file may work, but aren't the greatest. Please over-copy them with these configuration entries below. These work great for NordVPN, but for many other VPN providers as well. If they don't, revert back or look for some best practice entries for your particular VPN provider:

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

6). Test your VPN Client! After you hit "APPLY" on the bottom of the Asus-Merlin VPN Client page, slide the on/off switch to ON, and see if you can make a successful VPN connection. If you don't see any errors, and have been able to test that your client(s), network(s), etc. can browse through the VPN, you can crack open that beer in celebration. ;)

7.) Now go configure your other 4 slots! To make the best use of VPNMON-R2, you would want each of your 5 standalone VPN client slots pre-configured in the same way you just did your first. Note: If you're considering using the VPNMON-R2 SuperRandom functionality, you can actually use the same .ovpn file for each of your 4 other slots. Your VPN Slot's "server address" and "description" fields will be automatically filled in by the VPNMON-R2 script when it finds new random servers for you to connect to.

Important: VPN Director is an important element to consider as well, and would recommend creating 5 different entries for each of your 5 VPN Client slots to ensure that your local subnet will ALWAYS route through the VPN no matter which VPN client is currently connected. See below:

1657476560112.png


8.) Profit! Now go ahead and enjoy the experience... :)

Gotchas​

  • If you want to make the integration with VPNMGR, please make sure you have installed VPNMGR, have populated your VPN slots with it, have tested refreshing its cache, and that you are able to successfully connect to your VPN provider before running this script. You may find the program and installation/configuration information here: https://www.snbforums.com/threads/v...ent-configurations-for-nordvpn-and-pia.64930/
  • Make sure you keep your VPN Client slots sequential... don't use 1, 2, and 4... for instance. Keep it to 1, 2, and 3.
  • If you're using the NordVPN SuperRandom(tm) functionality, please be sure that each of your VPN slots are fully configured, as this function will only replace your "server address" IP and the "description" in NordVPN - [CITY] format. It is also important to disable the VPNMGR update so they don't conflict.
 

Attachments

  • Screenshot 2022-02-20 19.08.44.png
    Screenshot 2022-02-20 19.08.44.png
    116.1 KB · Views: 955
Last edited:
Wow, what's new! Better question... what isn't new! Made a huge overhaul over the weekend... Enjoy!

v0.5 - (Jan 23, 2022) Wow, where to start...
* VPNMON.SH was heavily overhauled into VPNMON-R2.SH to incorporate my other script, VPNON.SH, so that it could act
standalone, without needing to call a second script. VPNON has now turned into a function within the script.
* Speaking of which -- I learned lots about functions ;) ... In doing so, I cleaned up some of the inefficient code,
namely, how it checks for each individual VPN connection. Now, it basically loops from 1 through N and calls the
function that checks the VPN connection without having to make so much duplication in the code itself.
* Speaking of functions, I turned the spinner into a function as well. Cleaner and more optimized code is wonderful!
* I wanted to display the last time VPN was reset, so that it saved this point-in-time each time you restarted
VPNMON-R2 instead of resetting to 0d 0h 0m, etc. I built functionality that saves the exact time to a file called
/jffs/scripts/vpnmon-rst.log, from where it reads and populates this time on screen each time a reset occurs.
* VPNMON-R2 is now also able to perform a regularly scheduled VPN reset without the need to run VPNON.SH through a
CRU job. This is completely configurable, and now also displays your configured reset time on screen.
* Also being displayed on screen, is the interval (in seconds) in which it loops to check the validity of your VPN
connections.
* Overall, spruced up the look and feel of the visual in your SSH window to show pertinent information without
cluttering up the screen. Hope you like it!
* Above all, I wanted to make this script flexible enough for those who aren't running VPNMGR, using NordVPN or
making use of the Skynet Firewall, so options have been built-in to bypass this functionality to make it usable
in any VPN usage scenario.

-------------------------------------
VPNMON.SH was deprecated on Jan 22, 2022)
 
Last edited:
Always looking to improve and add new features and capabilities! :)

v0.6 - (Feb 1, 2022)
* Added a new API lookup to display the VPN exit node city/location next to the active VPN connection. This API is free, and guarantees at least 1000 lookups per month. In lieu of doing a lookup each single refresh interval, a location lookup is only done when either the script starts up fresh, when it detects VPNON doing a reset, or if VPNMON-R2 initiates a reset. So, hopefuly not more than 1x or 2x/day, or 30x/60x/month, well below the cut-off. So here is a disclaimer... lookups are based on your VPN's IP address, and we all know how wrong an IP location lookup can be at times when ISP's move IP ranges around, so please understand if it's not displaying the correct city at times. So far, it's been pretty darn near 100% correct for me.
* Enhanced the alert entries in the logs a bit more to make them stand out when we're dealing with a connection failure, or multiple connections. VPN failures are now surrounded with asterisks during DEFCON5 level events.
* Moved the refresh interval indicator to the top row next to the scheduled reset time.
* Some cosmetics color change enhancements to the output screen and cleaned up the code to make it look more uniform. Need to work on variable naming uniformity next, as that's *ALL* over the place still. Give me time!
* Replaced the spinner with a decent looking progress bar... spinner was looking long-in-the-tooth. Enjoy! ;)
 
Last edited:
Here's the latest and greatest...

v0.7 - (Feb 18, 2022)
* Spent a lot of time dealing with a persistent hang issue, and looks to be resolved. I believe the script was running into a race/deadlock type of situation where it would hang during successive NVRAM lookups that were happening too close together calling for the same values. I reduced the number of lookups being done, and works flawlessly now.
* Added some debug commands for future debugging needs, thanks to @eibgrad for his expert help and advice on how to accomplish all this.
* Added a VPNMON-R2.LOG entry that shows when a city lookup is being done through the API.
 
Last edited:
Here's the latest and greatest...

v0.7 - (Feb 18, 2022)
* Spent a lot of time dealing with a persistent hang issue, and looks to be resolved. I believe the script was running into a race/deadlock type of situation where it would hang during successive NVRAM lookups that were happening too close together calling for the same values. I reduced the number of lookups being done, and works flawlessly now.
* Added some debug commands for future debugging needs, thanks to @eibgrad for his expert help and advice on how to accomplish all this.
* Added a VPNMON-R2.LOG entry that shows when a city lookup is being done through the API.
@Viktor Jaep

I have to say, I like this and thank you for your hardwork!

@eibgrad

You as well.
 
New NordVPN-only Feature Introduction: SuperRandom(tm)

v0.8 - (Feb 20, 2022)

* Added the concept of SuperRandom(tm) NordVPN Connections! This mode, when enabled (NordVPNSuperRandom=1) -- if you choose to be so incredibly daring and adventurous -- will fill your VPN client slots with random VPN servers across the country of your choice! Distance, load, and performance be damned!! In the US, the number of available VPN servers is up to around 1920, which fluctuates. This option will bypass VPNMGR functionality to update your VPN slots with its recommendations (based on chosen city, performance and load). Thus -- it is assumed that each of your (up to 5) VPN client slots are fully configured and operational! The SuperRandom(tm) function will only replace the "server address" IP and "description" (in a "NordVPN - [City]" format), and reinitiate the connection as usual after losing your connection, having multiple connections going, or after a scheduled reset. Enjoy!
* The NordVPNCountry variable is now available for you to populate with the country of your choice without having to mess around with the code. These are all available country names to choose from: Albania, Argentina, Australia, Austria, Belgium, Bosnia and Herzegovina, Brazil, Bulgaria, Canada, Chile, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hong Kong, Hungary, Iceland, India, Indonesia, Ireland, Israel, Italy, Japan, Latvia, Lithuania, Luxembourg, Malaysia, Mexico, Moldova, Netherlands, New Zealand, North Macedonia, Norway, Poland, Portugal, Romania, Serbia, Singapore, Slovakia, Slovenia, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States, Vietnam.
* Other code optimizations, error catching, and formatting fixes just to make it more pleasing to the eye. ;)
 
Last edited:
Adding some new features... ;)

v0.9 - (Feb 23, 2022)
* Added a row of stats to the bottom of VPNMON-R2's interface, specifically showing the Low and High ping history for the current connection, whether or not Skynet gets updated with NordVPN IPs, and how VPNMON-R2 is currently configured, showing either: (a) "VPNMGR" - VPNMON-R2 is integrated with VPNMGR and using its functionality periodically to update latest NordVPN/PIA/WeVPN server information into your VPN slots, (b) "NordVPN SuperRandom" - VPNMON-R2 is randomly selecting one of hundreds/thousands of NordVPN servers from within the specified country and populating your VPN slots, and (c) "Standard" - VPNMON-R2 is neither using VPNMGR or SuperRandom functionality, and optionally restarting your VPN connections on a random basis based on your set schedule. This is a clean and easy way to see how VPNMON-R2 is configured, and giving you some performance stats along with it. Enjoy!

vpnmonr209.PNG
 
Adding some new features... ;)

v0.9 - (Feb 23, 2022)
* Added a row of stats to the bottom of VPNMON-R2's interface, specifically showing the Low and High ping history for the current connection, whether or not Skynet gets updated with NordVPN IPs, and how VPNMON-R2 is currently configured, showing either: (a) "VPNMGR" - VPNMON-R2 is integrated with VPNMGR and using its functionality periodically to update latest NordVPN/PIA/WeVPN server information into your VPN slots, (b) "NordVPN SuperRandom" - VPNMON-R2 is randomly selecting one of hundreds/thousands of NordVPN servers from within the specified country and populating your VPN slots, and (c) "Standard" - VPNMON-R2 is neither using VPNMGR or SuperRandom functionality, and optionally restarting your VPN connections on a random basis based on your set schedule. This is a clean and easy way to see how VPNMON-R2 is configured, and giving you some performance stats along with it. Enjoy!

View attachment 39750
feel free to borrow the code from vpnmgr to query the load of the connected NordVPN server ;-)
 
Adding some new features... ;)

v0.9 - (Feb 23, 2022)
* Added a row of stats to the bottom of VPNMON-R2's interface, specifically showing the Low and High ping history for the current connection, whether or not Skynet gets updated with NordVPN IPs, and how VPNMON-R2 is currently configured, showing either: (a) "VPNMGR" - VPNMON-R2 is integrated with VPNMGR and using its functionality periodically to update latest NordVPN/PIA/WeVPN server information into your VPN slots, (b) "NordVPN SuperRandom" - VPNMON-R2 is randomly selecting one of hundreds/thousands of NordVPN servers from within the specified country and populating your VPN slots, and (c) "Standard" - VPNMON-R2 is neither using VPNMGR or SuperRandom functionality, and optionally restarting your VPN connections on a random basis based on your set schedule. This is a clean and easy way to see how VPNMON-R2 is configured, and giving you some performance stats along with it. Enjoy!

View attachment 39750
This is awesome!
 
Thanks to @Jack Yaz, you will be seeing the official v1.0 of VPNMON-R2 tomorrow! Here's a teaser... ;)

Screenshot 2022-02-25 22.11.17~2.png
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top