VPNMON VPNMON-R2 v2.65 -Jan 27, 2024- DISCONTINUED - Upgrade to VPNMON-R3 Available! (#3)

[Viktor Jaep]

No, maybe I didn't make myself clear, I'll try to rephrase...

If the ping to the active VPN slot fails, connect to one of the available working slots (could be based on the ping performance). But never change the active slot under any other circumstances (even if the others work better, they have lower ping ms).

Oh! Yeah, it does this by default. Just set up your 5 slots manually, and don't pick the superrandom option under menu option 6 for your vpn provider. Also, don't integrate with VPNMGR... both these 2 options will overwrite your vpn slots with different hosts. Under menu option 5, you can choose how these slots are chosen when it reconnects: random, lowest ping or round robin.

 

[salvo]

I see, and maybe also setup high enough "Minimum PING Before Reset?" in order to not trigger VPN reset, right ?

Second observation from last weeks, I am having quite often messages about WAN error issue. But I am not aware of any WAN issue i.e. I do have user script wan-event for monitoring WAN status change like connected / disconnected messaging but WAN seems to be stable and not getting WAN disconnects / connects (no disconnects on Aug 17 based on wan-event) so wondering why I do see connectivity issue with VPNMON.

How to troubleshoot more why VPNMON detect issue with WAN connection ?

Thu Aug 17 12:24:30 CEST 2023 - VPNMON-R2 ----------> ERROR: WAN CONNECTIVITY ISSUE DETECTED
Thu Aug 17 12:24:35 CEST 2023 - VPNMON-R2 - WAN Link Detected -- Trying to reconnect/Reset VPN
Thu Aug 17 12:25:39 CEST 2023 - VPNMON-R2 - Executing VPN Reset
Thu Aug 17 12:25:48 CEST 2023 - VPNMON-R2 - Killed all VPN Client Connections
Thu Aug 17 12:26:24 CEST 2023 - VPNMON-R2 - Refreshed VPN Slots 1 - 5 from 5 Recommended NordVPN Server Locations
Thu Aug 17 12:26:25 CEST 2023 - VPNMON-R2 - Randomly selected VPN3 Client ON
Thu Aug 17 12:26:29 CEST 2023 - VPNMON-R2 - VPN Reset Finished
Thu Aug 17 12:26:31 CEST 2023 - VPNMON-R2 - Trimmed the log file down to 1000 lines
Thu Aug 17 12:26:46 CEST 2023 - VPNMON-R2 - API call made to update WAN0 city to Brno
Thu Aug 17 12:26:46 CEST 2023 - VPNMON-R2 - API call made to update VPN city to Prague
Thu Aug 17 15:24:31 CEST 2023 - VPNMON-R2 ----------> ERROR: WAN CONNECTIVITY ISSUE DETECTED
Thu Aug 17 15:24:36 CEST 2023 - VPNMON-R2 - WAN Link Detected -- Trying to reconnect/Reset VPN
Thu Aug 17 15:25:40 CEST 2023 - VPNMON-R2 - Executing VPN Reset
Thu Aug 17 15:25:49 CEST 2023 - VPNMON-R2 - Killed all VPN Client Connections
Thu Aug 17 15:26:24 CEST 2023 - VPNMON-R2 - Refreshed VPN Slots 1 - 5 from 5 Recommended NordVPN Server Locations
Thu Aug 17 15:26:25 CEST 2023 - VPNMON-R2 - Randomly selected VPN4 Client ON
Thu Aug 17 15:26:29 CEST 2023 - VPNMON-R2 - VPN Reset Finished
Thu Aug 17 15:26:31 CEST 2023 - VPNMON-R2 - Trimmed the log file down to 1000 lines
Thu Aug 17 15:26:46 CEST 2023 - VPNMON-R2 - API call made to update WAN0 city to Brno
Thu Aug 17 15:26:46 CEST 2023 - VPNMON-R2 - API call made to update VPN city to Prague
Thu Aug 17 18:24:30 CEST 2023 - VPNMON-R2 ----------> ERROR: WAN CONNECTIVITY ISSUE DETECTED
Thu Aug 17 18:24:35 CEST 2023 - VPNMON-R2 - WAN Link Detected -- Trying to reconnect/Reset VPN
Thu Aug 17 18:25:39 CEST 2023 - VPNMON-R2 - Executing VPN Reset
Thu Aug 17 18:25:48 CEST 2023 - VPNMON-R2 - Killed all VPN Client Connections
Thu Aug 17 18:26:23 CEST 2023 - VPNMON-R2 - Refreshed VPN Slots 1 - 5 from 5 Recommended NordVPN Server Locations
Thu Aug 17 18:26:24 CEST 2023 - VPNMON-R2 - Randomly selected VPN1 Client ON
Thu Aug 17 18:26:28 CEST 2023 - VPNMON-R2 - VPN Reset Finished
Thu Aug 17 18:26:30 CEST 2023 - VPNMON-R2 - Trimmed the log file down to 1000 lines
Thu Aug 17 18:26:44 CEST 2023 - VPNMON-R2 - API call made to update WAN0 city to Brno
Thu Aug 17 18:26:45 CEST 2023 - VPNMON-R2 - API call made to update VPN city to Prague
Thu Aug 17 18:40:03 CEST 2023 - VPNMON-R2 ----------> ERROR: WAN CONNECTIVITY ISSUE DETECTED
Thu Aug 17 18:40:08 CEST 2023 - VPNMON-R2 - WAN Link Detected -- Trying to reconnect/Reset VPN
Thu Aug 17 18:41:12 CEST 2023 - VPNMON-R2 - Executing VPN Reset
Thu Aug 17 18:41:21 CEST 2023 - VPNMON-R2 - Killed all VPN Client Connections
Thu Aug 17 18:41:56 CEST 2023 - VPNMON-R2 - Refreshed VPN Slots 1 - 5 from 5 Recommended NordVPN Server Locations
Thu Aug 17 18:41:57 CEST 2023 - VPNMON-R2 - Randomly selected VPN3 Client ON
Thu Aug 17 18:42:01 CEST 2023 - VPNMON-R2 - VPN Reset Finished
Thu Aug 17 18:42:03 CEST 2023 - VPNMON-R2 - Trimmed the log file down to 1000 lines
Thu Aug 17 18:42:18 CEST 2023 - VPNMON-R2 - API call made to update WAN0 city to Brno
Thu Aug 17 18:42:18 CEST 2023 - VPNMON-R2 - API call made to update VPN city to Prague
Thu Aug 17 20:24:31 CEST 2023 - VPNMON-R2 ----------> ERROR: WAN CONNECTIVITY ISSUE DETECTED
Thu Aug 17 20:24:35 CEST 2023 - VPNMON-R2 - WAN Link Detected -- Trying to reconnect/Reset VPN
Thu Aug 17 20:25:39 CEST 2023 - VPNMON-R2 - Executing VPN Reset
Thu Aug 17 20:25:48 CEST 2023 - VPNMON-R2 - Killed all VPN Client Connections
Thu Aug 17 20:26:23 CEST 2023 - VPNMON-R2 - Refreshed VPN Slots 1 - 5 from 5 Recommended NordVPN Server Locations
Thu Aug 17 20:26:24 CEST 2023 - VPNMON-R2 - Randomly selected VPN1 Client ON
Thu Aug 17 20:26:28 CEST 2023 - VPNMON-R2 - VPN Reset Finished
Thu Aug 17 20:26:30 CEST 2023 - VPNMON-R2 - Trimmed the log file down to 1000 lines
Thu Aug 17 20:26:45 CEST 2023 - VPNMON-R2 - API call made to update WAN0 city to Brno
Thu Aug 17 20:26:45 CEST 2023 - VPNMON-R2 - API call made to update VPN city to Prague

 

[Viktor Jaep]

I see, and maybe also setup high enough "Minimum PING Before Reset?" in order to not trigger VPN reset, right ?

That would be a good idea

Second observation from last weeks, I am having quite often messages about WAN error issue. But I am not aware of any WAN issue i.e. I do have user script wan-event for monitoring WAN status change like connected / disconnected messaging but WAN seems to be stable and not getting WAN disconnects / connects (no disconnects on Aug 17 based on wan-event) so wondering why I do see connectivity issue with VPNMON.

How to troubleshoot more why VPNMON detect issue with WAN connection ?

So if your "nvram get wan0_state_t" doesn't come back with a value of "2" (connected), and you are unable to get a good result from this command:

nc -w3 8.8.8.8 443 && echo | openssl s_client -connect 8.8.8.8:443 | awk 'handshake && $1 == "Verification" { if ($2=="OK") exit; exit 1 } $1 $2 == "SSLhandshake" { handshake = 1 }'

Then that's would cause vpnmon-r2 to think your WAN is down...

Make sure you're always able to reach 8.8.8.8 (google DNS server)...

 

[salvo]

nc -w3 8.8.8.8 443 && echo | openssl s_client -connect 8.8.8.8:443 | awk 'handshake && $1 == "Verification" { if ($2=="OK") exit; exit 1 } $1 $2 == "SSLhandshake" { handshake = 1 }'

Can you help me with command to log the error from the above command output and "nvram get wan0_state_t" value so I can troubleshoot more my connection at the time of failure ? Ideally logging into file in /tmp folder with date/time in the filename for instance 20230818-0900.txt. I would add error command output into the script locally to code below.

else
            wandownbreakertrip=1
            echo -e "$(date) - VPNMON-R2 ----------> ERROR: WAN CONNECTIVITY ISSUE DETECTED" >> $LOGFILE
        fi
      else
        wandownbreakertrip=1
        echo -e "$(date) - VPNMON-R2 ----------> ERROR: WAN CONNECTIVITY ISSUE DETECTED" >> $LOGFILE

Usually I get this results and so far have not been able to detect any failure so want to catch the failure log at time of failure to understand why my router (wan-event script) does not see the connection drop but command below raise an error !

ruaw@RT-AX86U-3E18:/tmp# nc -w3 8.8.8.8 443 && echo | openssl s_client -connect 8.8.8.8:443 | awk 'handshake && $1 == "Verification" { if ($2=="OK") exit; exit 1 } $1 $2 == "SSLhandshake" { handshake = 1 }'
Can't use SSL_get_servername
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = dns.google
verify return:1
DONE

Thanks

 

[Viktor Jaep]

Can you help me with command to log the error from the above command output and "nvram get wan0_state_t" value so I can troubleshoot more my connection at the time of failure ? Ideally logging into file in /tmp folder with date/time in the filename for instance 20230818-0900.txt. I would add error command output into the script locally to code below.

If you're talking about adding extra logging to the script, you could insert a statement like this:

echo -e "WAN0: $(nvram get wan0_state_t) -- WAN1: $(nvram get wan1_state_t)" >> $LOGFILE

else
            wandownbreakertrip=1
            echo -e "$(date) - VPNMON-R2 ----------> ERROR: WAN CONNECTIVITY ISSUE DETECTED" >> $LOGFILE
        fi
      else
        wandownbreakertrip=1
        echo -e "$(date) - VPNMON-R2 ----------> ERROR: WAN CONNECTIVITY ISSUE DETECTED" >> $LOGFILE

Usually I get this results and so far have not been able to detect any failure so want to catch the failure log at time of failure to understand why my router (wan-event script) does not see the connection drop but command below raise an error !

ruaw@RT-AX86U-3E18:/tmp# nc -w3 8.8.8.8 443 && echo | openssl s_client -connect 8.8.8.8:443 | awk 'handshake && $1 == "Verification" { if ($2=="OK") exit; exit 1 } $1 $2 == "SSLhandshake" { handshake = 1 }'
Can't use SSL_get_servername
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = dns.google
verify return:1
DONE

That is actually a normal result... so that looks fine. It would be interesting to see if you still have access to 8.8.8.8 when you are experiencing issues. The reason the WAN-EVENT script probably doesn't pick this up is because it's actually more concerned with the state of the WAN... so if it goes down, or reconnecting, etc. It may just all be a connectivity issue you're dealing with.

 

[salvo]

During looking at your script I pick up 2 things I would consider differently, please review them and see if you found them useful.

1.) In order to compare VPN performance of connection as accurate as possible (apple to apple compare) I would ping all the hosts same way vs. not like now:
- Active VPN seems to be pinged from TUN interface to HOST for instance 8.8.8.8

AVGPING=$(ping -I $TUN -c 1 $PINGHOST | awk -F'time=| ms' 'NF==3{print $(NF-1)}' | sort -rn) > /dev/null 2>&1 # Get ping stats

- Disconnected VPN ones from WAN to OPENVPN (understand that tunX is not active at that time)

DISCHOSTPING=$(ping -I $WANIFNAME -c 1 $OFFLINEVPNIP | awk -F'time=| ms' 'NF==3{print $(NF-1)}' | sort -rn) > /dev/null 2>&1 # Get ping stats

So, why not to ping all the hosts from WAN to VPNIP in order to have same comparable results ?

2.) I would probably average response so at least 3 measurements for WAN, TUN or any other interface is considered, 1 ping is really not representative
I little bit adjusted your script and using avg. of 3 consecutive pings
from

CONNHOSTPING=$(ping -I $WANIFNAME -c 1 $VPNIP | awk -F'time=| ms' 'NF==3{print $(NF-1)}' | sort -rn) > /dev/null 2>&1 # Get ping stats

to

CONNHOSTPING=$(ping -I $WANIFNAME -c 3 $VPNIP | awk -F'[/=]' 'END{print $5}') > /dev/null 2>&1

 

[Viktor Jaep]

So, why not to ping all the hosts from WAN to VPNIP in order to have same comparable results ?

The main reason why I'm pinging through the active tunnel is because your VPN connection may break while still remaining connected... and if I was pinging the VPN server across the WAN, I would have no idea the tunnel was actually down. If the ping doesn't work across the tunnel, then you can assume that the VPN needs a reset. The other reason I chose to do it this way was because I'm most interested in displaying and measuring the ping across the VPN tunnel. This value is important because I'm also letting you choose the max ping amount before forcing a reset. Some people are connecting to other continents, so they need to keep those ping values adjusted to a much higher number. It wasn't until later when I thought it would be interesting to see what kind of ping values one would see for the other servers you have in your slots, and the only way to really measure those is to ping them across the WAN. This then led into coming up with options using these values to allow for lowest ping VPN connections.

2.) I would probably average response so at least 3 measurements for WAN, TUN or any other interface is considered, 1 ping is really not representative
I little bit adjusted your script and using avg. of 3 consecutive pings
from

CONNHOSTPING=$(ping -I $WANIFNAME -c 1 $VPNIP | awk -F'time=| ms' 'NF==3{print $(NF-1)}' | sort -rn) > /dev/null 2>&1 # Get ping stats

to

CONNHOSTPING=$(ping -I $WANIFNAME -c 3 $VPNIP | awk -F'[/=]' 'END{print $5}') > /dev/null 2>&1

I can agree with that, as long as there's not a huge decrease in performance... I'll play with your change, and see how that goes. I really appreciate the feedback on this!

 

[salvo]

The main reason why I'm pinging through the active tunnel is because your VPN connection may break while still remaining connected... and if I was pinging the VPN server across the WAN, I would have no idea the tunnel was actually down. If the ping doesn't work across the tunnel, then you can assume that the VPN needs a reset. The other reason I chose to do it this way was because I'm most interested in displaying and measuring the ping across the VPN tunnel. This value is important because I'm also letting you choose the max ping amount before forcing a reset. Some people are connecting to other continents, so they need to keep those ping values adjusted to a much higher number. It wasn't until later when I thought it would be interesting to see what kind of ping values one would see for the other servers you have in your slots, and the only way to really measure those is to ping them across the WAN. This then led into coming up with options using these values to allow for lowest ping VPN connections.

I understand the reason why you ping from TUN interface and it is very valid. My point was more to measure and compare metrics i.e. measure all the tunnels under same conditions and then decide which one is the best for lowest ping for instance.

I have not tested the difference between pinging from TUN vs. WAN, and at the end might be very close but usually I try to make apple to apple compares whenever is possible. But in this case it would mean to add extra ping i.e. keep TUN for connectivity and add WAN for ping metrics.

 

[Viktor Jaep]

I understand the reason why you ping from TUN interface and it is very valid. My point was more to measure and compare metrics i.e. measure all the tunnels under same conditions and then decide which one is the best for lowest ping for instance.

When you choose the "lowest ping" option, it actually does determine the lowest ping by cycling through each of the VPN servers currently configured in your slots via the WAN.

 

[Viktor Jaep]

It's been a few weeks of testing, but finally releasing a new VPNMON-R2 update today that incorporates some of @salvo's suggestions, along with some other minor fixes! ENJOY!

What's new?
v2.62 - (October 2, 2023)
- ADDED: Thanks to @salvo for suggesting a different approach at displaying and measuring the pings for the current VPN slot and the disconnected slots. I used this same logic any time a ping measurement is done (which is now pinging 3x and getting the average), which should make these values a little more accurate. Please note, the connected VPN slot continues to measure a ping across the tunnel. The disconnected slots measure a ping across the WAN to the specified VPN server. As expected, this method does delay the screen draw of the values across the screen, but annoyance is fairly minimal in favor of more accuracy.
- FIXED: Added some more context in the logs when WAN0 and WAN1 receive a new city name.
- FIXED: Checking for VPN slot error states (-1), and if any return with this value, then set them back to zero to avoid any on-screen errors.

Download link (or update directly within AMTM/VPNMON-R2):

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.62.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod 755 "/jffs/scripts/vpnmon-r2.sh"

 

[Goobi]

@Viktor Jaep,

I noted in the features that you optionally whitelist all the NordVPN/PerfectPrivacy VPN servers in the Skynet Firewall. Do you think the same could be done for PIA VPN servers? There is an list out on get that gets updated everyday:

GitHub - Lars-/PIA-servers: This repository contains an automatically updated list of all Private Internet Access servers

This repository contains an automatically updated list of all Private Internet Access servers - Lars-/PIA-servers

github.com

Not sure if this is something you would be interested in considering as a future feature.

 

[Viktor Jaep]

@Viktor Jaep,

I noted in the features that you optionally whitelist all the NordVPN/PerfectPrivacy VPN servers in the Skynet Firewall. Do you think the same could be done for PIA VPN servers? There is an list out on get that gets updated everyday:

GitHub - Lars-/PIA-servers: This repository contains an automatically updated list of all Private Internet Access servers

This repository contains an automatically updated list of all Private Internet Access servers - Lars-/PIA-servers

github.com

Not sure if this is something you would be interested in considering as a future feature.

I had looked at PIA before, but they were using an old archaic system where their server lists/configs were provided in a large ZIP file. It wasn't really possible to do anything programmatically with this. I was primarily focusing on the VPN providers like NordVPN, Surfshark, PerfectPrivacy, etc, who make it a lot easier to query their lists through the use of an API, where you can limit servers by country, location, etc. I can take another gander at PIA, and see if they've changed their ways?

 

[visortgw]

I had looked at PIA before, but they were using an old archaic system where their server lists/configs were provided in a large ZIP file. It wasn't really possible to do anything programmatically with this. I was primarily focusing on the VPN providers like NordVPN, Surfshark, PerfectPrivacy, etc, who make it a lot easier to query their lists through the use of an API, where you can limit servers by country, location, etc. I can take another gander at PIA, and see if they've changed their ways?

Most likely they're still a Pain In (the) A__...

 

[Viktor Jaep]

Most likely they're still a Pain In (the) A__...

You are absolutely correct... Been searching around, and not finding anything that would give me any comfort. The best one by far is still whatever this Lars guy did on his github repository, and somehow cobbling this stuff together.

 

[biohazardx9]

Really good addon, quick question. can I use this just to check VPN status and if dead restart it? I don't need it for anything else nor do I route all my wan traffic over VPN.
I assume I can set a ping for it to keep it alive?

Many thanks!

 

[Viktor Jaep]

Really good addon, quick question. can I use this just to check VPN status and if dead restart it? I don't need it for anything else nor do I route all my wan traffic over VPN.
I assume I can set a ping for it to keep it alive?

Many thanks!

Absolutely, @biohazardx9! This is what it was made for. You basically tell it how many VPN slots it needs to keep watch over, and will use a PING to determine if the tunnel is still up (among other various tests). It will check every 60 seconds (by default), and if it determines that the tunnel is not responding, will drop and reconnect for you.

 

[biohazardx9]

Superb! - Although my old RT-AC88U is destined for the EOL bin.
I'll install that tonight, I use express VPN.

 

[mrf0ster]

OK, you've convinced me -- how do I setup a VPN or run VPNMON-R2?​

In case you're curious about how to configure your own amazing whole-home VPN setup, here are some basic instructions... Please understand that this is how I have my OVPN client slots setup, and your needs may differ, so feel free to jump into this thread if you have any other setup questions!

1.) Insert a Flashdrive - First plug a flashdrive into the back of your router, where a lot of these scripts, cache and swap file will end up being located.

2.) Use the AMTM tool - Log into your router using an SSH terminal tool, like PuTTY (for Windows), execute "AMTM", and use the commands "fd" to format your flashdrive, and "sw" to configure a swap file. Minimum recommended size is at least 2GB.

3.) Configure your router to handle scripts - You must first enable the ability for your router to handle custom scripts. From your router UI, go to Administration -> System -> "Format JFFS partition at next boot" (yes) and "Enable JFFS custom scripts and configs" (yes)... reboot your router to enable these changes.

4.) Subscribe to a VPN provider - Picking NordVPN, SurfShark or Perfect Privacy will give you some more awesome functionality with VPNMON-R2, but you can basically pick anything you want. I'm going to use NordVPN in these examples...

5.) Download your VPN server config - Go to your VPN providers server config download page (ex: https://nordvpn.com/servers/tools/), and pick one (or a selection) of OpenVPN UDP server configs, and download them. It will probably end up with a name like this: "us9488.nordvpn.com.udp.ovpn"

6.) Check the .ovpn contents - The contents of the .ovpn file will contain the security certificates, vpn server name, and configuration parameters. Give it a cursory glance to make sure it looks like everything's there.

7.) Configure your VPN Client Slots - From the Asus-Merlin VPN Client page, pick your 1st OpenVPN Client Slot... click on the "Choose File" button, and select the file you just downloaded, and click the "Upload" button to import it. This will populate most of your settings on this page, but will need to go through, name some things, and make some configuration tweaks. For example, these are the settings I use below... yours might differ based on your preferences.

8.) Apply these custom configuration entries on the bottom of the page - This is an important step! The custom config entries that come with the .ovpn file may work, but aren't the greatest. Please over-copy them with these configuration entries below. These work great for NordVPN, but for many other VPN providers as well. If they don't, revert back or look for some best practice entries for your particular VPN provider:

remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

9). Test your VPN Client! After you hit "APPLY" on the bottom of the Asus-Merlin VPN Client page, slide the on/off switch to ON, and see if you can make a successful VPN connection. If you don't see any errors, and have been able to test that your client(s), network(s), etc. can browse through the VPN, you can crack open that beer in celebration.

10.) Now go configure your other 4 slots! To make the best use of VPNMON-R2, you would want each of your 5 standalone VPN client slots pre-configured in the same way you just did your first. Note: If you're considering using the VPNMON-R2 SuperRandom functionality, you can actually use the same .ovpn file for each of your 4 other slots. Your VPN Slot's "server address" and "description" fields will be automatically filled in by the VPNMON-R2 script when it finds new random servers for you to connect to.

Important: VPN Director is an important element to consider as well, and would recommend creating 5 different entries for each of your 5 VPN Client slots to ensure that your local subnet will ALWAYS route through the VPN no matter which VPN client is currently connected. See below:

11.) Download VPNMON-R2 -- Using the AMTM tool, download and install VPNMON-R2. From it's main menu, type "sc" to setup and configure the script. You can use the defaults in place to run it with minimal functionality, or go through and make selections based on your particular environment.

12.) Profit! Now go ahead and enjoy the experience...

Gotchas​

• If you want to make the integration with VPNMGR, please make sure you have installed VPNMGR, have populated your VPN slots with it, have tested refreshing its cache, and that you are able to successfully connect to your VPN provider before running this script. You may find the program and installation/configuration information here: https://www.snbforums.com/threads/v...ent-configurations-for-nordvpn-and-pia.64930/
• Make sure you keep your VPN Client slots sequential... don't use 1, 2, and 4... for instance. Keep it to 1, 2, and 3.
• If you're using the NordVPN SuperRandom(tm) functionality, please be sure that each of your VPN slots are fully configured, as this function will only replace your "server address" IP and the "description" in NordVPN - [CITY] format. It is also important to disable the VPNMGR update so they don't conflict.

Known Issues

• After installing, and if you see VPNMON-R2 continually resetting due to a "Ping/HTTP response failed" in your logs, then please read the following...
• It has recently come to my attention that if you are using AdGuard Home, (perhaps even other site blocking tools like Diversion or Skynet), there is a chance that it may break VPNMON-R2's functionality, because it's blocking sites that I need to resolve IP addresses. Namely, please make sure you have unblocked
  https://ip4.icanhazip.com
  from your blacklists.
• Here are the instructions on how to add this to your whitelist in AdGuard Home (thanks to @cptnoblivious)
  • Adguard home web interface | Filters | Custom filtering rules
  • Add: @@||ipv4.icanhazip.com^
  • Hit "Apply"

Auto-Startup Guidance

• Great news! Auto start capabilities have been added to VPNMON-R2 as of v2.48! It uses the basic methodology as described below...
• This is the way that many prefer to start the script using something more simple (below), or going all out (courtesy of @iTyPsIDg), though the choice is yours:

Editing your 'post-mount' file under /jffs/scripts, use the 'nano' commandline tool add this line:

(sleep 30 && /jffs/scripts/vpnmon-r2.sh -screen) & # Added by vpnmon-r2

Would it be too much trouble to run through what this new code achieves? Now it does work for me compared to the old NORD suggestion, but I was curious as to what it does and why?

remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

 

[Viktor Jaep]

Would it be too much trouble to run through what this new code achieves? Now it does work for me compared to the old NORD suggestion, but I was curious as to what it does and why?

remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

They're all "options" on how you want OpenVPN to behave. Sometimes VPN providers require you meet some of these options in order to make a successful connection. After a lot of trial and error, we've found these options tend to work the best, even with other VPN providers. You can read more on what these options mean, and is available here:

Reference Manual For OpenVPN 2.4 | OpenVPN

Because OpenVPN tries to be a universal VPN tool offering a great deal of flexibility, there are a lot of options on this reference page for OpenVPN 2.4

openvpn.net

 

[mrf0ster]

They're all "options" on how you want OpenVPN to behave. Sometimes VPN providers require you meet some of these options in order to make a successful connection. After a lot of trial and error, we've found these options tend to work the best, even with other VPN providers. You can read more on what these options mean, and is available here:

Reference Manual For OpenVPN 2.4 | OpenVPN

Because OpenVPN tries to be a universal VPN tool offering a great deal of flexibility, there are a lot of options on this reference page for OpenVPN 2.4

openvpn.net

Much appreciated, thank you!

Cheers Mark