vpnmon VPNMON-R2 v2.22 -Sep 21, 2022- Monitor your VPN connection's Health (New: AMTM, supporting WeVPN/Nord/SurfShark/PerfectPrivacy) (#2)

Viktor Jaep

Very Senior Member
v2.22 - Now with even more SuperRandom(tm) goodness!!
Updated September 19, 2022

Executive Summary: VPNMON-R2 is an all-in-one script that works for any VPN service of your choice, but is optimized for NordVPN, SurfShark VPN, WeVPN and Perfect Privacy VPN services. It can also compliment @JackYaz's VPNMGR program to maintain a NordVPN/PIA/WeVPN setup. This script will check the health of (up to) 5 VPN connections on a regular interval to see if one is connected, and sends a ping to a host of your choice through the active connection. If it finds that connection has been lost, it will execute a series of commands that will kill all VPN clients, will optionally whitelist all NordVPN/PerfectPrivacy VPN servers in the Skynet Firewall, and randomly picks one of your (up to) 5 VPN Clients to connect to. One of VPNMON-R2's unique features is called "SuperRandom", where it will randomly assign VPN endpoints for a random county (or your choice) to your VPN slots, and randomly connect to one of these. It will now also test your WAN connection, and put itself into standby until the WAN is restored before reconnecting your VPN connections. Major features: Now included in AMTM, Fastest Connection Switching, WeVPN/Perfect Privacy/SurfShark/NordVPN VPN Compatible, WAN Awareness, YazFi Compatible, Multi-Country Capable.

VPNMON is free to use under the GNU General Public License version 3 (GPL 3.0).

This project is hosted on GitHub

Changelog here / What's new: Screen Utility Optimizations, Now Supporting WeVPN! -- VPNMON-R2 is now available in AMTM!

Screenshot:
vpnmon-r2-212-1.jpg

The Problem I was trying to solve​

  • As a former VPNMGR user, I had 5 different NordVPN VPN Client configurations populated on my Asus router running Merlin FW, each with a different city. There were times that I would lose connection to one of these servers, and the router would just endlessly keep trying to reconnect to no avail. Also, sometimes the SKynet firewall would block these NordVPN endpoints, and it would again, endlessly try to connect to a blocked endpoint. Other times, freakishly, I would have more than 1 VPN Client kick on for some reason. This program was built as a way to check to make sure VPN is connected, that the connection is clean, and that there aren't multiple instances running. If anything was off, it would launch a full-on assault and try to reset everything back to a normal state.
  • I also wanted a way for my VPN connection to reset each night, so that it would randomly select and connect to a different configuration, thus endpoint, so that I wouldn't be connected to the same city 24x7x365.
  • NordVPN literally has thousands of VPN endpoint servers which change frequently, depending on the distance or latency from your location scattered across the globe. On several occations, my Asus-Merlin-based Skynet firewall would block these VPN servers, and wanted to make sure I had a way to find all the latest VPN server IPs, and add them to the Skynet whitelist.
  • Above all, I wanted to make this script flexible enough for those who aren't running VPNMGR, using NordVPN or making use of the Skynet Firewall, so options have been built-in to bypass this functionality to make it usable in any VPN usage scenario.

How is this script supposed to run?​

Personally, I run this script in its own SSH window from a PC that's connected directly to the Asus router, as it loops and checks the connection every 60 seconds. Instructions:
  1. Download and install directly from AMTM, or using your favorite SSH tools, copy & paste this command:
    Code:
    curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.22.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod a+rx "/jffs/scripts/vpnmon-r2.sh"
  2. To initially configure this script, open up a dedicated SSH window, and simply execute the script::
    Code:
    sh /jffs/scripts/vpnmon-r2.sh -setup
  3. Once you've successfully configured the various options, you can run the script using this command:
  4. Code:
    sh /jffs/scripts/vpnmon-r2.sh -monitor
One particular ingenious way to run this is using the "screen" utility continuously from the router itself, instead of an attached session. (FYI, during the 'vpnmon-r2.sh -setup' process, you will be prompted whether or not you want to install the "screen" utility)
  1. First, make sure you install the "screen" utility (and have Entware installed):
    Code:
    opkg install screen
  2. The screen utility allows you to run the script in the background, detached from your current ssh session. Type:
    Code:
    screen -dmS vpnmon-r2 sh /jffs/scripts/vpnmon-r2.sh -monitor
  3. You can then reattach to the running script at any time, from any ssh session, on any client machine! Type:
    Code:
    screen -r vpnmon-r2
  4. Perform the detach by hitting CTRL-A + D
  5. To make life easier, can now also just execute VPNMON-R2 with the -screen switch. Type:
    Code:
    vpnmon-r2 -screen
What an awesome way to keep an SSH script running! Thanks @eibgrad!

What this script does​

  1. Checks the VPN State from NVRAM and determines if each of the 5 Clients are connected or not
  2. If a VPN Client is connected, it sends a PING through to Google's DNS server to determine if the link is good (configurable)
  3. If it determines that the VPN Client is down, or connection is broken, it will attempt to reset the VPN
  4. If it determines that multiple VPN Clients are running, it will attempt to reset the VPN
  5. If it determines that the NordVPN server load is too high (optional), it will attempt to reset the VPN
  6. Updates Skynet whitelist with all US-based NordVPN endpoint IP addresses (optional) - FYI, you can easily change this for the country of your choice.
  7. Updates vpnmgr cache with recommended NordVPN/PIA/WeVPN endpoint information (optional), and merges/refreshes these changes with your VPN Client configurations
  8. Uses a randomizer to pick one of 5 different VPN Clients to connect to (configurable between 1 and 5)
  9. It will loop through this process every 60 seconds (configurable)
  10. Logs major events (resets/connection errors/etc) to a log file.
  11. It will reset your VPN connection at a regularly scheduled time using the settings at the top of the script (optional)
  12. It now shows the last time a VPN reset happened indicated by "Last Reset:", an indicator when the next reset will happen, and how often the interval happens (in seconds) on the easy-to-read VPNMON-R2 interface in your SSH shell, along with a progressbar to show script activity
  13. Added a new API lookup to display the VPN exit node city/location next to the active VPN connection. This API is free, and guarantees at least 1000 lookups per month. In lieu of doing a lookup each single refresh interval, a location lookup is only done when either the script starts up fresh, or if VPNMON-R2 initiates a reset.
  14. Added the concept of SuperRandom(tm) NordVPN Connections! This is a NordVPN/SurfShark/PerfectPrivacy feature only! When enabled, it will fill your VPN client slots with random VPN servers across the country of your choice. Distance, load, and performance be damned!!
  15. Added an integrated configuration utility (by running "vpnmon-r2.sh -config") that steps you through all the options and saves results to a config file, without the need to manually edit and configure the script itself.
  16. Added a script update checker, which notifies you when a new version becomes available, and allows you to easily download an install the latest script by using the 'vpnmon-r2.sh -update' command.
  17. Optionally shows a row of stats on bottom row, indicating low/high ping times, server load, Avg sent/received bandwidth (in Mbps), and total traffic sent/received on the active tunnel.
  18. Added the ability to specify up to 2 additional countries (for a total of 3) to randomly pick VPN servers located within that country. Yes, we have gone completely international!
  19. Happy to report that VPNMON-R2 now integrates beautifully with YazFi - the premier expanded guest network utility for Merlin firmware! For those running multiple guest networks, VPNMON-R2 can now automatically update your guest network slots with the latest VPN slot that VPNMON-R2 just made a connection to, then performs the necessary steps to make YazFi acknowledge the change to ensure your guest client devices continue to work without interruption!
  20. Added capabilities to check if your modem goes down, or your ISP stops working, then falls back and waits until your WAN comes back up in order to re-establish a VPN connection.
  21. VPNMON-R2 is now compatible with Perfect Privacy and SurfShark VPN services!
  22. Added capabilities to switch to the fastest connections based on ping ms to your VPN endpoints.
  23. Happy to announce that VPNMON-R2 is now being included in AMTM! Many thanks to @thelonelycoder!
  24. VPNMON-R2 is now compatible with WeVPN!
 
Last edited:

Viktor Jaep

Very Senior Member

What if I'm not running VPNMGR/NordVPN(PIA/WeVPN)/Skynet?​

  1. As long as your VPN slots are configured and tested using the VPN provider of your choice, this script will run perfectly fine, and can monitor, reset and randomly start a new VPN client slot for you each day. Please know, this script was written to compliment NordVPN, Surfshark and Perfect Privacy, and gives a heavy preference to VPNMGR, but none of which is required.
  2. While stepping through the configuration utility ("vpnmon-r2.sh -config"), you can choose to disable the ability to update VPNMGR hosts, enable/disable specific NordVPN/SurfShark/Perfect Privacy functionality, and the ability to whitelist the latest NordVPN/Perfect Privacy servers in Skynet.
  3. Let me know how you're using this script! Feel free to post in this forum. ;)

Usage​

VPNMON-R2 is driven with commandline parameters. These are the available options:
  • vpnmon-r2.sh -h (or vpnmon-r2.sh -help) -- displays a short overview of available commands
  • vpnmon-r2.sh -log -- displays the contents of the VPNMON-R2 activity log in the NANO text editor
  • vpnmon-r2.sh -config -- launches the configuration utility and saves your settings to a local config file
  • vpnmon-r2.sh -update -- launches the script update utility to download the newest version
  • vpnmon-r2.sh -setup -- launches the setup menu to configure and add optional Entware components
  • vpnmon-r2.sh -reset -- initiates a VPN reset for use with setting up external CRON jobs (like the vpnon script did)
  • vpnmon-r2.sh -uninstall -- launches the uninstall utility that removes VPNMON-R2 from your router
  • vpnmon-r2.sh -screen -- launches VPNMON-R2 using the "screen" utility, and places it in -monitor mode
  • vpnmon-r2.sh -monitor -- launches VPNMON-R2 in a normal operations mode, ready to monitor the health of your VPN connections

Screenshots

Persistent screen of VPNMON-R2 v2.0 running from your favorite SSH window:
vpnmon-r2-212-1.jpg



Example of VPNMON-R2 dealing with a dropped VPN connection:
vpnmon-r2-19-reset.jpg



You can optionally refresh VPNMGR, update/whitelist VPN hosts in the Skynet firewall, or randomly populate your VPN client slots using NordVPN/SurfShark/Perfect Privacy SuperRandom(tm), and update your YazFi Guest networks as well with the current active VPN connection!

Example of the log file contents:
vpnmon-r2-15-log.jpg



A new setup menu is available by using the "vpnmon-r2.sh -setup" switch, or entering it directly from either AMTM, or from the main VPNMON-R2 UI itself.
vpnmon-r2-20-setup.jpg



And here is the *BRANDNEW* configuration utility that takes you through the options step-by-step to ensure a compatible experience for your setup and keeps that VPN connection healthy!
vpnmon-r2-21-config.jpg
 
Last edited:

Viktor Jaep

Very Senior Member

OK, you've convinced me -- how do I setup a VPN or run VPNMON-R2?​

In case you're curious about how to configure your own amazing whole-home VPN setup, here are some basic instructions... Please understand that this is how I have my OVPN client slots setup, and your needs may differ, so feel free to jump into this thread if you have any other setup questions!

1.) Insert a Flashdrive - First plug a flashdrive into the back of your router, where a lot of these scripts, cache and swap file will end up being located.

2.) Use the AMTM tool - Log into your router using an SSH terminal tool, like PuTTY (for Windows), execute "AMTM", and use the commands "fd" to format your flashdrive, and "sw" to configure a swap file. Minimum recommended size is at least 2GB.

3.) Configure your router to handle scripts - You must first enable the ability for your router to handle custom scripts. From your router UI, go to Administration -> System -> "Format JFFS partition at next boot" (yes) and "Enable JFFS custom scripts and configs" (yes)... reboot your router to enable these changes.

4.) Subscribe to a VPN provider - Picking NordVPN, SurfShark or Perfect Privacy will give you some more awesome functionality with VPNMON-R2, but you can basically pick anything you want. I'm going to use NordVPN in these examples...

5.) Download your VPN server config - Go to your VPN providers server config download page (ex: https://nordvpn.com/servers/tools/), and pick one (or a selection) of OpenVPN UDP server configs, and download them. It will probably end up with a name like this: "us9488.nordvpn.com.udp.ovpn"

1657465836470.png



6.) Check the .ovpn contents - The contents of the .ovpn file will contain the security certificates, vpn server name, and configuration parameters. Give it a cursory glance to make sure it looks like everything's there.

7.) Configure your VPN Client Slots - From the Asus-Merlin VPN Client page, pick your 1st OpenVPN Client Slot... click on the "Choose File" button, and select the file you just downloaded, and click the "Upload" button to import it. This will populate most of your settings on this page, but will need to go through, name some things, and make some configuration tweaks. For example, these are the settings I use below... yours might differ based on your preferences.

Screenshot 2022-02-20 19.11.11.png

Screenshot 2022-02-20 19.11.56.png



8.) Apply these custom configuration entries on the bottom of the page - This is an important step! The custom config entries that come with the .ovpn file may work, but aren't the greatest. Please over-copy them with these configuration entries below. These work great for NordVPN, but for many other VPN providers as well. If they don't, revert back or look for some best practice entries for your particular VPN provider:

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

9). Test your VPN Client! After you hit "APPLY" on the bottom of the Asus-Merlin VPN Client page, slide the on/off switch to ON, and see if you can make a successful VPN connection. If you don't see any errors, and have been able to test that your client(s), network(s), etc. can browse through the VPN, you can crack open that beer in celebration. ;)

10.) Now go configure your other 4 slots! To make the best use of VPNMON-R2, you would want each of your 5 standalone VPN client slots pre-configured in the same way you just did your first. Note: If you're considering using the VPNMON-R2 SuperRandom functionality, you can actually use the same .ovpn file for each of your 4 other slots. Your VPN Slot's "server address" and "description" fields will be automatically filled in by the VPNMON-R2 script when it finds new random servers for you to connect to.

Important: VPN Director is an important element to consider as well, and would recommend creating 5 different entries for each of your 5 VPN Client slots to ensure that your local subnet will ALWAYS route through the VPN no matter which VPN client is currently connected. See below:

1657476560112.png


11.) Download VPNMON-R2 -- Using the AMTM tool, download and install VPNMON-R2. From it's main menu, type "sc" to setup and configure the script. You can use the defaults in place to run it with minimal functionality, or go through and make selections based on your particular environment.

12.) Profit! Now go ahead and enjoy the experience... :)

Gotchas​

  • If you want to make the integration with VPNMGR, please make sure you have installed VPNMGR, have populated your VPN slots with it, have tested refreshing its cache, and that you are able to successfully connect to your VPN provider before running this script. You may find the program and installation/configuration information here: https://www.snbforums.com/threads/v...ent-configurations-for-nordvpn-and-pia.64930/
  • Make sure you keep your VPN Client slots sequential... don't use 1, 2, and 4... for instance. Keep it to 1, 2, and 3.
  • If you're using the NordVPN SuperRandom(tm) functionality, please be sure that each of your VPN slots are fully configured, as this function will only replace your "server address" IP and the "description" in NordVPN - [CITY] format. It is also important to disable the VPNMGR update so they don't conflict.
 
Last edited:

Viktor Jaep

Very Senior Member
Sorry everyone... our original thread hit its limit, and had to start a new one...
welcome-back-we-missed-you.jpg
:)

I have v2.01rc (Release Candidate) available for you to try @Stephen Harrington ... @JAX1337 seems to be having decent luck with it I believe:
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.01rc.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod a+rx "/jffs/scripts/vpnmon-r2.sh"

Also, @Kal1975, I've included your idea about screen, and checking if one is running, and asking if you want to connect to it, instead of starting another. Let me know if are able to give this a try. ;)
 
Last edited:

Stephen Harrington

Senior Member
I have v2.01rc (Release Candidate) available for you to try @Stephen Harrington ... @JAX1337 seems to be having decent luck with it I believe:
@Viktor Jaep deep apologies but testing this means quite a bit of “outage” time I can’t quite organise right now with WFH and normal family activity. But @JAX1337 appears to be doing a sterling job, thanks to you both.

My 4G USB dongle has previously just been sitting there unplugged as a (very cold) standby “in case” and the couple of times I’ve had to use it I’ve just plugged it in and manually switched over the WAN setting, as consensus was the Asus dual-WAN is pretty broken. The @Ranger802004 dual-WAN script got me interested in making this a bit more “automatic”, but not sure I can live without daily VPNMON-R2 functionality now so that’s what I’ve “run away” back to, pending more time to play with the dual-WAN which possibly won’t happen until next week sometime.
 
Last edited:

Viktor Jaep

Very Senior Member
@Viktor Jaep deep apologies but testing this means quite a bit of “outage” time I can’t quite organise right now with WFH and normal family activity. But @JAX1337 appears to be doing a sterling job, thanks to you both.

My 4G USB dongle has previously just been sitting there unplugged as a (very cold) standby “in case” and the couple of times I’ve had to use it I’ve just plugged it in and manually switched over the WAN setting, as consensus was the Asus dual-WAN is pretty broken. The @Ranger802004 dual-WAN script got me interested in making this a bit more “automatic”, but not sure I can live without daily VPNMON-R2 functionality now so that’s what I’ve “run away” back to, pending more time to play with the dual-WAN which possibly won’t happen until next week sometime.
No worries, @Stephen Harrington! I can completely understand. ;) Just reach out if you see anything wonky! Lol!
 

JAX1337

Regular Contributor
Hi @Viktor Jaep, last night I had to sleep early

Sorry to see that we had to abandon the previous thread.

About the script, all seems well except the fact that in the initial 4-5 Wan Checks, the script takes considerable time going through WAN 1 eth0. Later on, it goes through it as it's supposed to.
 

JAX1337

Regular Contributor

JAX1337

Regular Contributor
Last edited:

JAX1337

Regular Contributor
After reboot, stuck here even after 2 mins

1657706677083.png

FTR i didn't initiate the reset

Wan 1 working fine, while wan0 is down due to a fiber cut

1657706753210.png
 

JAX1337

Regular Contributor
Primary Wan just got fixed, and Dual Monitor script did its Job, but Vpnmon still hasn't recovered

1657711235331.png


Even after reboot the script was stuck at the above screen, tried a manual command line reset, and it started working
Don't know how it works, if reboot also doesn't have any effect.
 
Last edited:

Viktor Jaep

Very Senior Member

Viktor Jaep

Very Senior Member

JAX1337

Regular Contributor

Viktor Jaep

Very Senior Member
Nope, nothing like that there
Sorry... Not in front of my PC at the moment... Delete this:

LOCKFILE="/jffs/scripts/VPNMON-R2-Lock.txt
 

JAX1337

Regular Contributor

Attachments

  • SmartSelect_20220713-175100_JuiceSSH.jpg
    SmartSelect_20220713-175100_JuiceSSH.jpg
    65.4 KB · Views: 37

iTyPsIDg

Regular Contributor
My attempt at replying in the other thread:

You guys have some great ping times. Here's mine in Costa Rica:
1657720104024.png

I leave Costa Rica Saturday and probably won't be very active on the site until I get somewhere I can use my router again. That's probably not until mid-October. I'm looking forward to seeing what else develops here during that time.
 

Viktor Jaep

Very Senior Member
Even after reboot the script was stuck at the above screen, tried a manual command line reset, and it started working
Don't know how it works, if reboot also doesn't have any effect.
So I'm guessing you may have tried a manual reset while you were experiencing issues, and then possibly killed the script during the period of time when it was struggling or locked up on that NC command. I think during that time, a lockfile was generated, but it didn't get cleared. The only time a lockfile is generated is if the -reset switch is used. So then when the script was restarted, it got stuck in that loop where it thought a reset was happening because it saw that lockfile, but in actuality, nothing was happening. Then, when you ran that -reset again, it completed, and deleted the lockfile, so vpnmon-r2 would continue.

I've built a few more checks to clear the lockfile on startup, and added another layer of timeout capabilities on the NC command that should let it bypass any error after 60 seconds so it can keep trying again to make a connection. The NC command only uses whatever the primary connection is... so if the router switches from WAN0 to WAN1, NC should follow along.

In the interim, RC was renamed to beta 4, so here's the latest beta v2.01b5 with some of the latest fixes:
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.01b5.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod a+rx "/jffs/scripts/vpnmon-r2.sh"

Also... as luck has it, I've been able to (temporarily) acquire a wired USB wifi hotspot, and will hopefully be able to test dual wan/failover/loadbalancing/etc and ensure that vpnmon-r2 can handle these different scenarios. Probably won't be able to start on this until Saturday though.
 

Viktor Jaep

Very Senior Member
My attempt at replying in the other thread:

You guys have some great ping times. Here's mine in Costa Rica:

I leave Costa Rica Saturday and probably won't be very active on the site until I get somewhere I can use my router again. That's probably not until mid-October. I'm looking forward to seeing what else develops here during that time.
Not bad, @iTyPsIDg! Good luck, and see you in October! :)
 

JAX1337

Regular Contributor
Also... as luck has it, I've been able to (temporarily) acquire a wired USB wifi hotspot, and will hopefully be able to test dual wan/failover/loadbalancing/etc and ensure that vpnmon-r2 can handle these different scenarios. Probably won't be able to start on this until Saturday though.
That would be great. Nothing like experiencing it first hand.
So I'm guessing you may have tried a manual reset while you were experiencing issues,

I didn't do a manual reset, the script itself does this and shows the following message

1657724595151.png



Will try v2.01b5
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top