VPNMON VPNMON-R2 v2.52 -Mar 27, 2023- Monitor your VPN connection's Health (Thread locked/closed)

[kuki68ster]

View attachment 48936

Yes, Second Language on the Router...But the main language is English....

 

[Viktor Jaep]

No success...Getting Error - check configuration!

Also getting wan down, even when i can access the internet no problem...

That's a connectivity issue unrelated to what we were discussing above... this means your router wasn't able to make a connection with 8.8.8.8 to perform an SSL handshake test, and/or your router was indicating that one of its WAN states was not "2" (connected). I would probably just reboot your router/modem and try again. But this is definitely not something related to the NordVPN load issue we were working on...

And the "check configuration" error is something that the Merlin firmware is warning you about. You might want to download some fresh .configs from NordVPN, and load them, save them into your VPN slots. Sounds like something in your VPN slot got borked. Or perhaps you modified the "custom configuration" section? You need to make sure these VPN connections work by sliding it to ON, and that everything works well before letting VPNMON monitor your connection, K?

 

[kuki68ster]

H

That's a connectivity issue unrelated to what we were discussing above... this means your router wasn't able to make a connection with 8.8.8.8 to perform an SSL handshake test, and/or your router was indicating that one of its WAN states was not "2" (connected). I would probably just reboot your router/modem and try again. But this is definitely not something related to the NordVPN load issue we were working on...

And the "check configuration" error is something that the Merlin firmware is warning you about. You might want to download some fresh .configs from NordVPN, and load them, save them into your VPN slots. Sounds like something in your VPN slot got borked. Or perhaps you modified the "custom configuration" section? You need to make sure these VPN connections work by sliding it to ON, and that everything works well before letting VPNMON monitor your connection, K?

Hi Viktor, steps that i took:

Defaulted the vpn connection, and created a new connection with fresh configs, and without chaging the custom configuration, after that i install the vpnmon config, fresh, set it up, and the result is "VPN1 Connection has failed. Executing VPN Reset"

When i reboot i get the "error config"....it is looping after that.

 

[Viktor Jaep]

H

Hi Viktor, steps that i took:

Defaulted the vpn connection, and created a new connection with fresh configs, and without chaging the custom configuration, after that i install the vpnmon config, fresh, set it up, and the result is "VPN1 Connection has failed. Executing VPN Reset"

When i reboot i get the "error config"....it is looping after that.

Here is what I would suggest doing. First off, leave vpnmon off for now. Go into your VPN client slot and make sure that everything looks correct. Hit the slider to "on", and make sure that your VPN connection actually starts. If it doesn't, you will need to download a new config file and set up the client slot from scratch. Only after you have verified that the VPN connection works, then feel free to start vpnmon.

 

[kuki68ster]

Here is what I would suggest doing. First off, leave vpnmon off for now. Go into your VPN client slot and make sure that everything looks correct. Hit the slider to "on", and make sure that your VPN connection actually starts. If it doesn't, you will need to download a new config file and set up the client slot from scratch. Only after you have verified that the VPN connection works, then feel free to start vpnmon.

I deleted the vpn profile and the vpnmon script, and started from scratch as you suggested, downloaded the new configuration, installed it and it worked without problems, did several reboots, and the vpn connection works without problems... Then I installed the vpnmon, configured it, and it worked after launching (in the sense of getting the data after launching "m1")...So I did a reset inside the script and it does the reset, however then I have the vpn error, and I can't connect again, ending in the check config error...

 

[Viktor Jaep]

I deleted the vpn profile and the vpnmon script, and started from scratch as you suggested, downloaded the new configuration, installed it and it worked without problems, did several reboots, and the vpn connection works without problems... Then I installed the vpnmon, configured it, and it worked after launching (in the sense of getting the data after launching "m1")...So I did a reset inside the script and it does the reset, however then I have the vpn error, and I can't connect again, ending in the check config error...

NordVPN, right? All vpnmon does is change the IP address in the VPN slot (if you have it configured to randomly pick new servers). Else, it just stops and starts the connection. Do you see any reason if it changes that address, for it not to work? Can you try manually replacing the IP address with another valid NordVPN address, and see if you get the same result? You should, based on what you're describing?

I outlined some steps on setting up the VPN in this post here. Are you doing anything different?

Post in thread 'VPNMON-R2 v2.52 -Mar 27, 2023- Monitor your VPN connection's Health (New: AirVPN, AMTM, KILLMON, supporting WeVPN/Nord/SurfShark/PerfectPrivacy) (#2)' https://www.snbforums.com/threads/v...-surfshark-perfectprivacy-2.79762/post-776164

Also, would you mind please sending me a copy of your /jffs/add-ons/vpnmon-r2.d/vpnmon-r2.cfg file?

 

[Jack Yaz]

NordVPN, right? All vpnmon does is change the IP address in the VPN slot (if you have it configured to randomly pick new servers). Else, it just stops and starts the connection. Do you see any reason if it changes that address, for it not to work? Can you try manually replacing the IP address with another valid NordVPN address, and see if you get the same result? You should, based on what you're describing?

I outlined some steps on setting up the VPN in this post here. Are you doing anything different?

Post in thread 'VPNMON-R2 v2.52 -Mar 27, 2023- Monitor your VPN connection's Health (New: AirVPN, AMTM, KILLMON, supporting WeVPN/Nord/SurfShark/PerfectPrivacy) (#2)' https://www.snbforums.com/threads/v...-surfshark-perfectprivacy-2.79762/post-776164

Also, would you mind please sending me a copy of your /jffs/add-ons/vpnmon-r2.d/vpnmon-r2.cfg file?

i noticed some nordvpn connections start trying to verify the server cn, is that possibly what happens here?

 

[Viktor Jaep]

i noticed some nordvpn connections start trying to verify the server cn, is that possibly what happens here?

I have not run across that yet... but wouldn't you just be able to disable that functionality with this option?

 

[machinist]

@Viktor Jaep
I admire your work ethic on this project. Thanks again for doing this.

I finally got some time and the chance to mess up the home network, so I took it.

Questions and comments:

1: Very impressed by all the features this script has.

2: How exactly does the switching of VPN's function? I have it set to the middle of the night- If I'm using the VPN at that time, does it terminate the connection before switching, or? Is it effectively a kill switch that I can trust/count on?

EDIT: So having set it up and seeing how to works, it does appear to just let traffic through WAN when it's trying to locate a new VPN tunnel connection, is that accurate? So if pings for latency check, and it finds a higher ping that is set as a minimum, it will abandon that connection and look for a new one, all while letting traffic through, yes?

3: As for AirVPN: A VPN slot I usually populate with a conf file for a country. Is this what you mean by the service's recommended servers, in that it (at least should) find the best server in that conf file for the particular slot? So I would populate all 5 slots with countries, for instance, and it would find the best server out of all the slots that the service "recommends"?

So I ran through the amtm setup again, and I think I understand to be the case that the "recommended servers" picks whatever is closest to you. But it also doesn't let me configure any of the settings, so that won't do. I need Exclusive for the DNS, for instance.

4: Is it OK to use the Chacha20 protocol still? I find it to give the best speeds over AES.

5: Do I still set the rest of the settings like usual - e.g. exclusive DNS, VPN Director policies, Kill switch yes, and all that? I'm thinking yes, but asking anyway.

6: I was trying to populate the 5 slots with my config files, but it overrides them. It seems to connect/disconnect with any of the 5 at random. Is this expected behavior? Is this what it means to say yes to "connect to the one closest to my WAN exit?" -- i'd like to input my own config files, so should I say no to that?

7: Do I set "service state"? What about start at boot?

8: I know you've setup auto-start when the router boots - does that go for when the power was pulled, as well?

 

[Viktor Jaep]

@Viktor Jaep
I admire your work ethic on this project. Thanks again for doing this.

Absolutely! Thanks for all your thorough, well-thought-out questions... I'll try my best to help answer these, so reach out if I can help with any follow-ups.

2: How exactly does the switching of VPN's function? I have it set to the middle of the night- If I'm using the VPN at that time, does it terminate the connection before switching, or? Is it effectively a kill switch that I can trust/count on?

EDIT: So having set it up and seeing how to works, it does appear to just let traffic through WAN when it's trying to locate a new VPN tunnel connection, is that accurate? So if pings for latency check, and it finds a higher ping that is set as a minimum, it will abandon that connection and look for a new one, all while letting traffic through, yes?

During a reset, it terminates all running VPN connections (typically, there should only be 1)... then, via the WAN while the VPN is down, it optionally downloads a list of AirVPN server IPs, whitelists these in skynet, and re-establishes a new connection. All-in-all, takes about 30 seconds. Methods for resetting your VPN slots can be done in several ways... randomly, round robin, lowest-ping, etc. The SuperRandom functionality actually goes out and populates your slots' IP address with random servers across your country of choice, to give you some true randomness on your VPN exit points.

If you are already connected on a VPN connection, it will determine best latency/ping times to your other VPN server slots via a WAN connection, as it's looking for the quickest path from your router to the actual server.

VPNMON-R2 out of the box does not have any killswitch functionality. You can set a killswitch option in your VPN slot, but just be aware that this only would function if the VPN connection crashes or dies unexpectedly. If it's being reset via normal means, that built-in killswitch does not work as you might think it does. That's why I built KILLMON, which provides killswitch functionality even when VPN connections go offline via normal operations... but please know, it's not a true 100% killswitch, and will still have some limitations due to the nature of the Asus hardware/firmware... but it gets you pretty darn close. If you really need a failsafe killswitch, you would probably want to start looking at some commercial solutions.

3: As for AirVPN: A VPN slot I usually populate with a conf file for a country. Is this what you mean by the service's recommended servers, in that it (at least should) find the best server in that conf file for the particular slot? So I would populate all 5 slots with countries, for instance, and it would find the best server out of all the slots that the service "recommends"?

So I ran through the amtm setup again, and I think I understand to be the case that the "recommended servers" picks whatever is closest to you. But it also doesn't let me configure any of the settings, so that won't do. I need Exclusive for the DNS, for instance.

That's correct... recommended servers functionality is completely handled by AirVPN (or NordVPN), and looks at your WAN IP to determine which AirVPN servers would be the best suited based on your location/latency.

I'm not stopping you from messing with any of your VPN or DNS settings. All VPNMON-R2 ever messes with is the IP address of the server you are connecting to, or its description... if you've configured it to use those options.

4: Is it OK to use the Chacha20 protocol still? I find it to give the best speeds over AES.

I would think so? As long as all AirVPN servers support this protocol, I'm guessing?

5: Do I still set the rest of the settings like usual - e.g. exclusive DNS, VPN Director policies, Kill switch yes, and all that? I'm thinking yes, but asking anyway.

You can mess with all this stuff as much as you want. All I truly care about is that your VPN connection works when you hit that "ON" switch.

6: I was trying to populate the 5 slots with my config files, but it overrides them. It seems to connect/disconnect with any of the 5 at random. Is this expected behavior? Is this what it means to say yes to "connect to the one closest to my WAN exit?" -- i'd like to input my own config files, so should I say no to that?

Correct... if you choose SuperRandom, recommended servers, etc... it will actually change these slots to the IP addresses that would give you random servers across the country, or recommended AirVPN servers, and would thus override your own choices. So you would probably want to turn that functionality off, in order to use the servers of your choice.

7: Do I set "service state"? What about start at boot?

8: I know you've setup auto-start when the router boots - does that go for when the power was pulled, as well?

I don't mess with any service state, but it will auto-start on boot by enabling that particular setting on the second page of the config. And yes, that would cover you if power was pulled as well, and would immediately re-establish your VPN upon reboot.

 

[cptnoblivious]

Having continual issues on one install where it loops the resets.

To make sure it's not due to out of date software, I just did a full update on the AX68 that's having the issue (Router, Entware and VPNMON-R2) so all are current, router at 388.2 and vpnmon-r2 at 2.52.

VPN provider is surfshark. Same endpoint for both routers. Only a single VPN client configured (same on both).
Getting into a reset loop. Configuration is identical between my routers, one works, one does not and enters the reset loop.

In the logs I see this:

Sat Apr 15 09:40:36 PDT 2023 - VPNMON-R2 - Successfully wrote a new config file
Sat Apr 15 09:41:09 PDT 2023 - VPNMON-R2 - API call made to update WAN0 city to <<redacted>>
Sat Apr 15 09:41:58 PDT 2023 - VPNMON-R2 ----------> ERROR: VPN1 Ping/HTTP response failed
Sat Apr 15 09:42:00 PDT 2023 - VPNMON-R2 ----------> ERROR: VPN0 Connection failed - Executing VPN Reset
Sat Apr 15 09:42:00 PDT 2023 - VPNMON-R2 - Executing VPN Reset
Sat Apr 15 09:42:04 PDT 2023 - VPNMON-R2 - Killed all VPN Client Connections

Question: I don't have a VPN0. I only have VPN1 configured. Also, I validated that with the VPN up, I can ping both google (8.8.8.8) and yahoo (98.137.11.163). I tried switching to yahoo but same result.

I've then completely removed vpnmon-r2 and reinstalled and matched the configuration that works on my other router. No luck, same entries in the log.

When I leave vpnmon-r2 off, the VPN seems stable and the clients are properly routed through the VPN. And I can ping through the VPN. Ping times are good (around 18 - 25 ms) and stable, no packet loss.

Any suggestions would be appreciated

 

[sephiclo]

Having continual issues on one install where it loops the resets.

To make sure it's not due to out of date software, I just did a full update on the AX68 that's having the issue (Router, Entware and VPNMON-R2) so all are current, router at 388.2 and vpnmon-r2 at 2.52.

VPN provider is surfshark. Same endpoint for both routers. Only a single VPN client configured (same on both).
Getting into a reset loop. Configuration is identical between my routers, one works, one does not and enters the reset loop.

In the logs I see this:

Sat Apr 15 09:40:36 PDT 2023 - VPNMON-R2 - Successfully wrote a new config file
Sat Apr 15 09:41:09 PDT 2023 - VPNMON-R2 - API call made to update WAN0 city to <<redacted>>
Sat Apr 15 09:41:58 PDT 2023 - VPNMON-R2 ----------> ERROR: VPN1 Ping/HTTP response failed
Sat Apr 15 09:42:00 PDT 2023 - VPNMON-R2 ----------> ERROR: VPN0 Connection failed - Executing VPN Reset
Sat Apr 15 09:42:00 PDT 2023 - VPNMON-R2 - Executing VPN Reset
Sat Apr 15 09:42:04 PDT 2023 - VPNMON-R2 - Killed all VPN Client Connections

Question: I don't have a VPN0. I only have VPN1 configured. Also, I validated that with the VPN up, I can ping both google (8.8.8.8) and yahoo (98.137.11.163). I tried switching to yahoo but same result.

I've then completely removed vpnmon-r2 and reinstalled and matched the configuration that works on my other router. No luck, same entries in the log.

When I leave vpnmon-r2 off, the VPN seems stable and the clients are properly routed through the VPN. And I can ping through the VPN. Ping times are good (around 18 - 25 ms) and stable, no packet loss.

Any suggestions would be appreciated

I started getting the same error as well two days ago. I was just waiting to see if it was an only me thing. Guess I am not. For me it kept resetting between my 3 configured vpn slots. Like a reset loop.

 

[Stephen Harrington]

Having continual issues on one install where it loops the resets.

@cptnoblivious and @sephiclo

Yep, it's not just you! I've had to disable vpnmon-r2 for now, it was continually looping with same error you are seeing. 388.2 on an RT-AX86U for me, running NordVPN on only one slot. VPN is functioning fine when vpnmon is disabled. For me the error might have coincided with my upgrade from 388.2 beta 2 to final, but only a suspicion as vpnmon-r2 log had now been trimmed so can't go back that far.

@Viktor Jaep any clues as to what might be going on? What do you need to help you track this one down?

 

[Viktor Jaep]

I started getting the same error as well two days ago. I was just waiting to see if it was an only me thing. Guess I am not. For me it kept resetting between my 3 configured vpn slots. Like a reset loop.

Well crap. I haven't upgraded to 388.2 yet. I'll upgrade tomorrow and see what made VPNMON-R2 break. ;( You'd think if it made it past beta 2, there wouldn't have been an issue going to release. Bah.

Just looked at the release notes. OpenVPN, openssl and curl all got updated. Wonder if a switch got deprecated. Ugh.

 

[Stephen Harrington]

You'd think if it made it past beta 2, there wouldn't have been an issue going to release. Bah.

Yep, was definitely working for me on beta 2. Looks like vpnmon can no longer do its checks out through the VPN interface for some reason ... curl maybe?
I think you've been "Merlined"

 

[Stephen Harrington]

@Viktor Jaep is there a manual command line I could run to check connectivity for you?

 

[cptnoblivious]

Well crap. I haven't upgraded to 388.2 yet. I'll upgrade tomorrow and see what made VPNMON-R2 break. ;( You'd think if it made it past beta 2, there wouldn't have been an issue going to release. Bah.

Just looked at the release notes. OpenVPN, openssl and curl all got updated. Wonder if a switch got deprecated. Ugh.

Just to clarify, it was doing it on 388.1 running vpnmon-r2 2.41 as well. I upgraded to see if it would fix it. It didn't

I had 2 routers (AX58 & AX68) both on 388.1 and vpnmon-r2 2.41 when it started with the AX68.

 

[Stephen Harrington]

Just to clarify, it was doing it on 388.1 running vpnmon-r2 2.41 as well. I upgraded to see if it would fix it. It didn't

Ok that's weird. Was definitely working on 388.1 for me, been running that for months.
Installed 388.2 beta 2 on 5th April, and was also fine. Was only when I installed 388.2 final about 2 days ago that I belatedly noticed it started playing up?

 

[cptnoblivious]

Ok that's weird. Was definitely working on 388.1 for me, been running that for months.
Installed 388.2 beta 2 on 5th April, and was also fine. Was only when I installed 388.2 final about 2 days ago that I belatedly noticed it started playing up?

Yeah, for me it definitely started a few days ago on 388.1

Maybe it's a timing issue and is related to the infrastructure that Nord & Surfshark use (they are using some of the same datacenters I believe). But again, pinging from the VPN works when it's up so ... I'm stumped.

 

[sephiclo]

I'm still on 388.1 Merlin as well. I don't think it's a Merlin FW issue.