What's new

VPNMON VPNMON-R2 v2.65 -Jan 27, 2024- DISCONTINUED - Upgrade to VPNMON-R3 Available! (#3)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Viktor Jaep

Part of the Furniture
v2.65 - Now with even more SuperRandom(tm) goodness!!
Updated January 27, 2024

***NOTICE*** VPNMON-R2 is being discontinued. Please upgrade to VPNMON-R3 for further support and new development!

Executive Summary
: VPNMON-R2 is an all-in-one script that works for any VPN service of your choice, but is optimized for NordVPN, SurfShark, AirVPN, WeVPN and Perfect Privacy VPN services. It can also compliment @JackYaz's VPNMGR program to maintain a NordVPN/PIA/WeVPN setup. This script will check the health of (up to) 5 VPN connections on a regular interval to see if one is connected, and sends a ping to a host of your choice through the active connection. If it finds that connection has been lost, it will execute a series of commands that will kill all VPN clients, will optionally whitelist all NordVPN/PerfectPrivacy VPN servers in the Skynet Firewall, and randomly picks one of your (up to) 5 VPN Clients to connect to. One of VPNMON-R2's unique features is called "SuperRandom", where it will randomly assign VPN endpoints for a random county (or your choice) to your VPN slots, and randomly connect to one of these. It will now also test your WAN connection, and put itself into standby until the WAN is restored before reconnecting your VPN connections. Major features: Now included in AMTM, Unbound Integration, Remote VPN Reset, Remote Router Reboot, KILLMON integration, Round-Robin, Fastest Connection Switching, AirVPN/WeVPN/Perfect Privacy/SurfShark/NordVPN VPN Compatible, WAN Awareness, YazFi Compatible, Multi-Country Capable.

VPNMON is free to use under the GNU General Public License version 3 (GPL 3.0).

This project is hosted on GitHub

Changelog here / What's new: The Last Version, New PING measurements, Unbound Reset Condition, Unbound Integration, AirVPN+Remote Reboot+Auto Start, KILLMON Suppression, KILLMON Integration, More Commandline Parameters, Round Robin + Stats, NordVPN Recommended Servers, Screen Utility Optimizations, Now Supporting WeVPN! -- VPNMON-R2 is now available in AMTM!

Screenshot:
vpnmon-r2-248-main.png


The Problem I was trying to solve​

  • As a former VPNMGR user, I had 5 different NordVPN VPN Client configurations populated on my Asus router running Merlin FW, each with a different city. There were times that I would lose connection to one of these servers, and the router would just endlessly keep trying to reconnect to no avail. Also, sometimes the SKynet firewall would block these NordVPN endpoints, and it would again, endlessly try to connect to a blocked endpoint. Other times, freakishly, I would have more than 1 VPN Client kick on for some reason. This program was built as a way to check to make sure VPN is connected, that the connection is clean, and that there aren't multiple instances running. If anything was off, it would launch a full-on assault and try to reset everything back to a normal state.
  • I also wanted a way for my VPN connection to reset each night, so that it would randomly select and connect to a different configuration, thus endpoint, so that I wouldn't be connected to the same city 24x7x365.
  • NordVPN literally has thousands of VPN endpoint servers which change frequently, depending on the distance or latency from your location scattered across the globe. On several occations, my Asus-Merlin-based Skynet firewall would block these VPN servers, and wanted to make sure I had a way to find all the latest VPN server IPs, and add them to the Skynet whitelist.
  • Above all, I wanted to make this script flexible enough for those who aren't running VPNMGR, using NordVPN or making use of the Skynet Firewall, so options have been built-in to bypass this functionality to make it usable in any VPN usage scenario.

How is this script supposed to run?​

Personally, I run this script from a SCREEN utility window running directly on the router itself, reachable through its own SSH window... but could very well just run from a PC that's connected directly to the Asus router, as it loops and checks the connection every 60 seconds. Instructions:
  1. Download and install directly from AMTM, or using your favorite SSH tools, copy & paste this command:
    Code:
    curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.65.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod 755 "/jffs/scripts/vpnmon-r2.sh"

  2. To initially configure this script, open up a dedicated SSH window, and simply execute the script::
    Code:
    sh /jffs/scripts/vpnmon-r2.sh -setup

  3. Once you've successfully configured the various options, you can run the script using this command:
    Code:
    sh /jffs/scripts/vpnmon-r2.sh -monitor
One particular ingenious way to run this is using the "screen" utility continuously from the router itself, instead of an attached session. (FYI, during the 'vpnmon-r2 -setup' process, you will be prompted to install the "screen" utility)
  1. First, make sure you install the "screen" utility (and have Entware installed):
    Code:
    opkg install screen

  2. The screen utility allows you to run the script in the background, detached from your current ssh session. Type:
    Code:
    screen -dmS vpnmon-r2 sh /jffs/scripts/vpnmon-r2.sh -monitor

  3. Perform the detach by hitting CTRL-A + D (NOTE: if you don't do this, you will kill your VPNMON-R2 session!)

  4. You can then reattach to the running script at any time, from any ssh session, on any client machine! Type:
    Code:
    screen -r vpnmon-r2

  5. To make life easier, can now also just launch or reconnect to VPNMON-R2 with the -screen switch. Type:
  6. Code:
    vpnmon-r2 -screen
What an awesome way to keep an SSH script running! Thanks @eibgrad!
 
Last edited:

What this script does​

  1. Checks the VPN State from NVRAM and determines if each of the 5 Clients are connected or not
  2. If a VPN Client is connected, it sends a PING through to Google's DNS server to determine if the link is good (configurable)
  3. If it determines that the VPN Client is down, or connection is broken, it will attempt to reset the VPN
  4. If it determines that multiple VPN Clients are running, it will attempt to reset the VPN
  5. If it determines that the NordVPN server load is too high (optional), it will attempt to reset the VPN
  6. Updates Skynet whitelist with all US-based NordVPN endpoint IP addresses (optional) - FYI, you can easily change this for the country of your choice.
  7. Updates vpnmgr cache with recommended NordVPN/PIA/WeVPN endpoint information (optional), and merges/refreshes these changes with your VPN Client configurations
  8. Uses a randomizer to pick one of 5 different VPN Clients to connect to (configurable between 1 and 5)
  9. It will loop through this process every 60 seconds (configurable)
  10. Logs major events (resets/connection errors/etc) to a log file.
  11. It will reset your VPN connection at a regularly scheduled time using the settings at the top of the script (optional)
  12. It now shows the last time a VPN reset happened indicated by "Last Reset:", an indicator when the next reset will happen, and how often the interval happens (in seconds) on the easy-to-read VPNMON-R2 interface in your SSH shell, along with a progressbar to show script activity
  13. Added a new API lookup to display the VPN exit node city/location next to the active VPN connection. This API is free, and guarantees at least 1000 lookups per month. In lieu of doing a lookup each single refresh interval, a location lookup is only done when either the script starts up fresh, or if VPNMON-R2 initiates a reset.
  14. Added the concept of SuperRandom(tm) NordVPN Connections! This is a NordVPN/SurfShark/PerfectPrivacy feature only! When enabled, it will fill your VPN client slots with random VPN servers across the country of your choice. Distance, load, and performance be damned!!
  15. Added an integrated configuration utility (by running "vpnmon-r2.sh -config") that steps you through all the options and saves results to a config file, without the need to manually edit and configure the script itself.
  16. Added a script update checker, which notifies you when a new version becomes available, and allows you to easily download an install the latest script by using the 'vpnmon-r2.sh -update' command.
  17. Optionally shows a row of stats on bottom row, indicating low/high ping times, server load, Avg sent/received bandwidth (in Mbps), and total traffic sent/received on the active tunnel.
  18. Added the ability to specify up to 2 additional countries (for a total of 3) to randomly pick VPN servers located within that country. Yes, we have gone completely international!
  19. Happy to report that VPNMON-R2 now integrates beautifully with YazFi - the premier expanded guest network utility for Merlin firmware! For those running multiple guest networks, VPNMON-R2 can now automatically update your guest network slots with the latest VPN slot that VPNMON-R2 just made a connection to, then performs the necessary steps to make YazFi acknowledge the change to ensure your guest client devices continue to work without interruption!
  20. Added capabilities to check if your modem goes down, or your ISP stops working, then falls back and waits until your WAN comes back up in order to re-establish a VPN connection.
  21. VPNMON-R2 is now compatible with Perfect Privacy and SurfShark VPN services!
  22. Added capabilities to switch to the fastest connections based on ping ms to your VPN endpoints.
  23. Happy to announce that VPNMON-R2 is now being included in AMTM! Many thanks to @thelonelycoder!
  24. VPNMON-R2 is now compatible with WeVPN!
  25. Added the NordVPN "Recommended Servers" functionality, giving you access to the closest, fastest, lowest latency servers to you!
  26. Added the "Round Robin" method of picking your VPN slots!
  27. Integrated with KILLMON and showing integrity status within the UI
  28. Added AirVPN support!
  29. Added Remote Reboot -- using a simple command in an internet-accessible file, you can remotely reset the VPN or reboot your router!
  30. Added Auto Start after a router reboot... VPNMON-R2 will now run in the screen environment automatically.
  31. Added an integration with Unbound! Become your own secure DNS resolvers with queries being done over your VPN connection!

What if I'm not running VPNMGR/NordVPN(PIA/WeVPN)/Skynet?​

  1. As long as your VPN slots are configured and tested using the VPN provider of your choice, this script will run perfectly fine, and can monitor, reset and randomly start a new VPN client slot for you each day. Please know, this script was written to compliment NordVPN, Surfshark, WeVPN, Perfect Privacy, and AirVPN and gives a heavy preference to VPNMGR, but none of which is required.
  2. While stepping through the configuration utility ("vpnmon-r2.sh -config"), you can choose to disable the ability to update VPNMGR hosts, enable/disable specific NordVPN, Surfshark, WeVPN, Perfect Privacy, and AirVPN functionality, and the ability to whitelist the latest NordVPN/Perfect Privacy/AirVPN servers in Skynet.
  3. Let me know how you're using this script! Feel free to post in this forum. ;)

Usage​

VPNMON-R2 is driven with commandline parameters. These are the available options:
  • vpnmon-r2 -h (or vpnmon-r2.sh -help) -- displays a short overview of available commands
  • vpnmon-r2 -log -- displays the contents of the VPNMON-R2 activity log in the NANO text editor
  • vpnmon-r2 -config -- launches the configuration utility and saves your settings to a local config file
  • vpnmon-r2 -update -- launches the script update utility to download the newest version
  • vpnmon-r2 -setup -- launches the setup menu to configure and add optional Entware components
  • vpnmon-r2 -reset -- initiates a VPN reset for use with setting up external CRON jobs (like the vpnon script did)
  • vpnmon-r2 -pause -- pauses all operations, sits back and waits for a -resume command
  • vpnmon-r2 -resume -- resumes normal operations of VPNMON-R2, coming from a -pause
  • vpnmon-r2 -status -- indicates the current status of VPNMON-R2, along with the last known used VPN slot
  • vpnmon-r2 -failover -- stops and resumes all operations during a manual WAN failover/failback
  • vpnmon-r2 -uninstall -- launches the uninstall utility that removes VPNMON-R2 from your router
  • vpnmon-r2 -screen -- launches VPNMON-R2 using the "screen" utility, and places it in -monitor mode
  • vpnmon-r2 -monitor -- launches VPNMON-R2 in a normal operations mode, ready to monitor the health of your VPN connections
Screenshots

Persistent screen of VPNMON-R2 v2.48 running from your favorite SSH window:
vpnmon-r2-248-main.png



Example of VPNMON-R2 dealing with a dropped VPN connection:
vpnmon-r2-224-reset.jpg



You can optionally refresh VPNMGR, update/whitelist VPN hosts in the Skynet firewall, or randomly populate your VPN client slots using NordVPN/SurfShark/WeVPN/Perfect Privacy/AirVPN SuperRandom(tm), and update your YazFi Guest networks as well with the current active VPN connection!

Example of the log file contents:
vpnmon-r2-15-log.jpg



A setup menu is available by using the "vpnmon-r2.sh -setup" switch, or entering it directly from either AMTM, or from the main VPNMON-R2 UI itself.
vpnmon-r2-224-setup.jpg



And here is the configuration utility that takes you through the options step-by-step to ensure a compatible experience for your setup and keeps that VPN connection healthy! Please note, there are now 2 pages of options as of v2.48! :)
vpnmon-r2-248-config1.png
 
Last edited:

OK, you've convinced me -- how do I setup a VPN or run VPNMON-R2?​

In case you're curious about how to configure your own amazing whole-home VPN setup, here are some basic instructions... Please understand that this is how I have my OVPN client slots setup, and your needs may differ, so feel free to jump into this thread if you have any other setup questions!

1.) Insert a Flashdrive - First plug a flashdrive into the back of your router, where a lot of these scripts, cache and swap file will end up being located.

2.) Use the AMTM tool - Log into your router using an SSH terminal tool, like PuTTY (for Windows), execute "AMTM", and use the commands "fd" to format your flashdrive, and "sw" to configure a swap file. Minimum recommended size is at least 2GB.

3.) Configure your router to handle scripts - You must first enable the ability for your router to handle custom scripts. From your router UI, go to Administration -> System -> "Format JFFS partition at next boot" (yes) and "Enable JFFS custom scripts and configs" (yes)... reboot your router to enable these changes.

4.) Subscribe to a VPN provider - Picking NordVPN, SurfShark or Perfect Privacy will give you some more awesome functionality with VPNMON-R2, but you can basically pick anything you want. I'm going to use NordVPN in these examples...

5.) Download your VPN server config - Go to your VPN providers server config download page (ex: https://nordvpn.com/servers/tools/), and pick one (or a selection) of OpenVPN UDP server configs, and download them. It will probably end up with a name like this: "us9488.nordvpn.com.udp.ovpn"

1657465836470.png




6.) Check the .ovpn contents - The contents of the .ovpn file will contain the security certificates, vpn server name, and configuration parameters. Give it a cursory glance to make sure it looks like everything's there.

7.) Configure your VPN Client Slots - From the Asus-Merlin VPN Client page, pick your 1st OpenVPN Client Slot... click on the "Choose File" button, and select the file you just downloaded, and click the "Upload" button to import it. This will populate most of your settings on this page, but will need to go through, name some things, and make some configuration tweaks. For example, these are the settings I use below... yours might differ based on your preferences.

Screenshot 2022-02-20 19.11.11.png


Screenshot 2022-02-20 19.11.56.png




8.) Apply these custom configuration entries on the bottom of the page - This is an important step! The custom config entries that come with the .ovpn file may work, but aren't the greatest. Please over-copy them with these configuration entries below. These work great for NordVPN, but for many other VPN providers as well. If they don't, revert back or look for some best practice entries for your particular VPN provider:

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450


9). Test your VPN Client! After you hit "APPLY" on the bottom of the Asus-Merlin VPN Client page, slide the on/off switch to ON, and see if you can make a successful VPN connection. If you don't see any errors, and have been able to test that your client(s), network(s), etc. can browse through the VPN, you can crack open that beer in celebration. ;)

10.) Now go configure your other 4 slots! To make the best use of VPNMON-R2, you would want each of your 5 standalone VPN client slots pre-configured in the same way you just did your first. Note: If you're considering using the VPNMON-R2 SuperRandom functionality, you can actually use the same .ovpn file for each of your 4 other slots. Your VPN Slot's "server address" and "description" fields will be automatically filled in by the VPNMON-R2 script when it finds new random servers for you to connect to.

Important: VPN Director is an important element to consider as well, and would recommend creating 5 different entries for each of your 5 VPN Client slots to ensure that your local subnet will ALWAYS route through the VPN no matter which VPN client is currently connected. See below:

1657476560112.png



11.) Download VPNMON-R2 -- Using the AMTM tool, download and install VPNMON-R2. From it's main menu, type "sc" to setup and configure the script. You can use the defaults in place to run it with minimal functionality, or go through and make selections based on your particular environment.

12.) Profit! Now go ahead and enjoy the experience... :)

Gotchas​

  • If you want to make the integration with VPNMGR, please make sure you have installed VPNMGR, have populated your VPN slots with it, have tested refreshing its cache, and that you are able to successfully connect to your VPN provider before running this script. You may find the program and installation/configuration information here: https://www.snbforums.com/threads/v...ent-configurations-for-nordvpn-and-pia.64930/
  • Make sure you keep your VPN Client slots sequential... don't use 1, 2, and 4... for instance. Keep it to 1, 2, and 3.
  • If you're using the NordVPN SuperRandom(tm) functionality, please be sure that each of your VPN slots are fully configured, as this function will only replace your "server address" IP and the "description" in NordVPN - [CITY] format. It is also important to disable the VPNMGR update so they don't conflict.

Known Issues
  • After installing, and if you see VPNMON-R2 continually resetting due to a "Ping/HTTP response failed" in your logs, then please read the following...
  • It has recently come to my attention that if you are using AdGuard Home, (perhaps even other site blocking tools like Diversion or Skynet), there is a chance that it may break VPNMON-R2's functionality, because it's blocking sites that I need to resolve IP addresses. Namely, please make sure you have unblocked
    https://ip4.icanhazip.com
    from your blacklists.
  • Here are the instructions on how to add this to your whitelist in AdGuard Home (thanks to @cptnoblivious)
    • Adguard home web interface | Filters | Custom filtering rules
    • Add: @@||ipv4.icanhazip.com^
    • Hit "Apply"

Auto-Startup Guidance
  • Great news! Auto start capabilities have been added to VPNMON-R2 as of v2.48! It uses the basic methodology as described below...
  • This is the way that many prefer to start the script using something more simple (below), or going all out (courtesy of @iTyPsIDg), though the choice is yours:
Code:
Editing your 'post-mount' file under /jffs/scripts, use the 'nano' commandline tool add this line:

(sleep 30 && /jffs/scripts/vpnmon-r2.sh -screen) & # Added by vpnmon-r2
 
Last edited:
Had to create a new thread (#3) because the old one expired after 6 months... :( Enjoy the continued conversation! Lol

storm-troopers.png
 
OK... but please know that the LOWESTPING option would only be beneficial if you had 2 or more VPN slots configured. If you only have 1, I would not use this functionality.

Interesting side note @Viktor Jaep is that I've always left my setup on (default?) LOWESTPING also, even though I only have one slot configured. I think at the time ROUNDROBIN and RANDOM made even less sense to me (with one slot) so I just left it the way it was. Maybe the option should be "greyed out" or disappear if you have "Slots Configured" = 1 or something? But then logically setup option 9 should be above option 5. Maybe I'm over thinking it?

But I don't think any of this has any bearing on @alisou's problem...
 
Interesting side note @Viktor Jaep is that I've always left my setup on (default?) LOWESTPING also, even though I only have one slot configured. I think at the time ROUNDROBIN and RANDOM made even less sense to me (with one slot) so I just left it the way it was. Maybe the option should be "greyed out" or disappear if you have "Slots Configured" = 1 or something? But then logically setup option 9 should be above option 5. Maybe I'm over thinking it?

But I don't think any of this has any bearing on @alisou's problem...
Great minds think alike... after this back&forth, I was going to build in some kind of fail-safe when only 1 slot is identified, and eliminate the fancy features for those using the multiple slots. ;)
 
I'm not using the same configuration than Stephen. He is using dual wan with USB. And i'm using dual wan with ethernet. Perhabs not the same situation/configuration.
 
@alisou I would have thought your setup was more straightforward if anything.

A lot of the fine-tuning of my setup, and the interactions I had with both @Viktor Jaep and @Ranger802004 as "test mule" over the last few months were largely to do with the quirks of the Asus USB interface and the quirks of my particular 4G LTE USB stick.

Most of which doesn't apply to your situation if I'm reading it correctly?
 
Last edited:
Very strange. I don't have explanation for this moment 🧐
I would have thought your setup was more straightforward if anything.

A lot of the fine-tuning of my setup, and the interactions I had with both @Viktor Jaep and @Ranger802004 as "test mule" over the last few months were largely to do with the quirks of the Asus USB interface and the quirks of my particular 4G LTE USB stick.

Most of which doesn't apply to your situation if I'm reading it correctly?
 
Does it make any difference if you swap your Primary and Secondary ethernets?
Just for testing obviously ...
 
Minor v2.53 syntax fix released today -- thanks to @alisou!

What's new?
v2.53 - (April 25, 2023)
- FIXED: Syntax fix that might have been causing a "bad number" bug when using the Lowest Ping setting with 1 or more VPN slots. Thanks to @alisou for the find!

Download (or update directly through AMTM):
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.53.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod 755 "/jffs/scripts/vpnmon-r2.sh"
 
Happy Mother's Day! This one is dedicated to keep your Mom's DNS queries safe!! Thanks to everyone for helping me take a deep dive into the inner workings of Unbound and getting this working as advertised over a VPN tunnel! I truly appreciate your knowledge and expertise on this complex subject! @dave14305 @SomeWhereOverTheRainBow @chongnt @Twiglets and others!

What's new!?
v2.55 - (May 14, 2023)
- MAJOR:
Added major functionality to integrate more closely with Unbound! Unbound allows you to become your own DNS resolver, so you don't have to rely on other DNS providers (like from your ISP, Google, Quad9, etc.), and helps somewhat with privacy - because who knows what they log on their end, right? ;) The downside with Unbound is that the traffic you generate for your own DNS lookups to root servers or other authoritative servers is not encrypted... which would allow your ISP (or others) to still snoop on your plaintext port 53 DNS queries. So here's the good news -- this Unbound modification (thanks to @Martineau/Swinson) forces all plaintext port 53 traffic that Unbound generates for DNS lookups over your VPN tunnel instead! This means your internet activity is even more secure from your ISP (or others) prying eyes. Please note, this is not an end-all-be-all fix to keep all DNS lookups private, but it certainly helps get you closer. This update will now require that Unbound is installed and running, and will download and/or apply other scripts to the following files:
  • /jffs/scripts/nat-start
  • /jffs/scripts/openvpn-event
  • /jffs/scripts/post-mount
  • /jffs/addons/unbound/unbound_DNS_via_OVPN.sh
- NOTE: VPNMON-R2 does not play any role in manipulating Unbound or the associated scripts in any way... it continues to function as it normally does. Except now, as openvpn events fire off as VPN tunnels are disconnected or established, this will allow these scripts to work in harmony with each other to force Unbound traffic over the VPN tunnel. Playing with these scripts and modifications isn't for the feint of heart, and may take some serious troubleshooting skills to get it configured right if something doesn't work straight out of the gate.
- ADDED: Per one of @Martineau's old suggestions in the threads, when enabling this feature in the configuration menu, I've also added a command in the POST-MOUNT file that will disable Unbounds's VPN binding upon a router reboot as a fail-safe so that DNS resolutions aren't impacted as they would still be trying to get out over a VPN tunnel that is no longer in existence.

Download (or update directly through AMTM):
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.55.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod 755 "/jffs/scripts/vpnmon-r2.sh"

Significant Screenshot!
On the second config page, you'll find the ability to enable the Unbound/VPN integration functionality.

1683426135040.png


How do you know if it's working?

There are a number of good tools out there to help test your settings.
  1. https://dnscheck.tools -- shows what your current Public VPN exit is, and who your DNS resolver is.
  2. @eibgrad's DNSMON tool -- an excellent tool that shows you where your port 53 traffic originates from and returns to
First... using the DNSMON tool (linked above)... if you see that the sender SRC and recipient DST match your VPN IP (in my case, 10.8.3.4), then you are sending/receiving over your active VPN connection. Remember... green is good! :)

1683543761766.png


Second, taking at look at the https://dnscheck.tools/ site... if you see your public VPN IP/exit and DNS resolvers are the same IP, then your VPN IP is effectively acting as your DNS resolver:

1683543870513.png


You can get even more detail running tcpdumps... but these 2 indicators above are a good sign things are working!

Enjoy!
 
v2.55 - Now with even more SuperRandom(tm) goodness!!
Updated May 14, 2023

Executive Summary: VPNMON-R2 is an all-in-one script that works for any VPN service of your choice, but is optimized for NordVPN, SurfShark VPN, WeVPN and Perfect Privacy VPN services. It can also compliment @JackYaz's VPNMGR program to maintain a NordVPN/PIA/WeVPN setup. This script will check the health of (up to) 5 VPN connections on a regular interval to see if one is connected, and sends a ping to a host of your choice through the active connection. If it finds that connection has been lost, it will execute a series of commands that will kill all VPN clients, will optionally whitelist all NordVPN/PerfectPrivacy VPN servers in the Skynet Firewall, and randomly picks one of your (up to) 5 VPN Clients to connect to. One of VPNMON-R2's unique features is called "SuperRandom", where it will randomly assign VPN endpoints for a random county (or your choice) to your VPN slots, and randomly connect to one of these. It will now also test your WAN connection, and put itself into standby until the WAN is restored before reconnecting your VPN connections. Major features: Now included in AMTM, Unbound Integration, Remote VPN Reset, Remote Router Reboot, KILLMON integration, Round-Robin, Fastest Connection Switching, AirVPN/WeVPN/Perfect Privacy/SurfShark/NordVPN VPN Compatible, WAN Awareness, YazFi Compatible, Multi-Country Capable.

VPNMON is free to use under the GNU General Public License version 3 (GPL 3.0).

This project is hosted on GitHub

Changelog here / What's new: Unbound Integration, AirVPN+Remote Reboot+Auto Start, KILLMON Suppression, KILLMON Integration, More Commandline Parameters, Round Robin + Stats, NordVPN Recommended Servers, Screen Utility Optimizations, Now Supporting WeVPN! -- VPNMON-R2 is now available in AMTM!

Screenshot:
vpnmon-r2-248-main.png


The Problem I was trying to solve​

  • As a former VPNMGR user, I had 5 different NordVPN VPN Client configurations populated on my Asus router running Merlin FW, each with a different city. There were times that I would lose connection to one of these servers, and the router would just endlessly keep trying to reconnect to no avail. Also, sometimes the SKynet firewall would block these NordVPN endpoints, and it would again, endlessly try to connect to a blocked endpoint. Other times, freakishly, I would have more than 1 VPN Client kick on for some reason. This program was built as a way to check to make sure VPN is connected, that the connection is clean, and that there aren't multiple instances running. If anything was off, it would launch a full-on assault and try to reset everything back to a normal state.
  • I also wanted a way for my VPN connection to reset each night, so that it would randomly select and connect to a different configuration, thus endpoint, so that I wouldn't be connected to the same city 24x7x365.
  • NordVPN literally has thousands of VPN endpoint servers which change frequently, depending on the distance or latency from your location scattered across the globe. On several occations, my Asus-Merlin-based Skynet firewall would block these VPN servers, and wanted to make sure I had a way to find all the latest VPN server IPs, and add them to the Skynet whitelist.
  • Above all, I wanted to make this script flexible enough for those who aren't running VPNMGR, using NordVPN or making use of the Skynet Firewall, so options have been built-in to bypass this functionality to make it usable in any VPN usage scenario.

How is this script supposed to run?​

Personally, I run this script from a SCREEN utility window running directly on the router itself, reachable through its own SSH window... but could very well just run from a PC that's connected directly to the Asus router, as it loops and checks the connection every 60 seconds. Instructions:
  1. Download and install directly from AMTM, or using your favorite SSH tools, copy & paste this command:
    Code:
    curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.55.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod 755 "/jffs/scripts/vpnmon-r2.sh"

  2. To initially configure this script, open up a dedicated SSH window, and simply execute the script::
    Code:
    sh /jffs/scripts/vpnmon-r2.sh -setup

  3. Once you've successfully configured the various options, you can run the script using this command:
    Code:
    sh /jffs/scripts/vpnmon-r2.sh -monitor
One particular ingenious way to run this is using the "screen" utility continuously from the router itself, instead of an attached session. (FYI, during the 'vpnmon-r2 -setup' process, you will be prompted to install the "screen" utility)
  1. First, make sure you install the "screen" utility (and have Entware installed):
    Code:
    opkg install screen

  2. The screen utility allows you to run the script in the background, detached from your current ssh session. Type:
    Code:
    screen -dmS vpnmon-r2 sh /jffs/scripts/vpnmon-r2.sh -monitor

  3. Perform the detach by hitting CTRL-A + D (NOTE: if you don't do this, you will kill your VPNMON-R2 session!)

  4. You can then reattach to the running script at any time, from any ssh session, on any client machine! Type:
    Code:
    screen -r vpnmon-r2

  5. To make life easier, can now also just launch or reconnect to VPNMON-R2 with the -screen switch. Type:
  6. Code:
    vpnmon-r2 -screen
What an awesome way to keep an SSH script running! Thanks @eibgrad!
This just keeps getting better and better.
 
v2.55 - Now with even more SuperRandom(tm) goodness!!
Updated May 14, 2023

Executive Summary: VPNMON-R2 is an all-in-one script that works for any VPN service of your choice, but is optimized for NordVPN, SurfShark VPN, WeVPN and Perfect Privacy VPN services. It can also compliment @JackYaz's VPNMGR program to maintain a NordVPN/PIA/WeVPN setup. This script will check the health of (up to) 5 VPN connections on a regular interval to see if one is connected, and sends a ping to a host of your choice through the active connection. If it finds that connection has been lost, it will execute a series of commands that will kill all VPN clients, will optionally whitelist all NordVPN/PerfectPrivacy VPN servers in the Skynet Firewall, and randomly picks one of your (up to) 5 VPN Clients to connect to. One of VPNMON-R2's unique features is called "SuperRandom", where it will randomly assign VPN endpoints for a random county (or your choice) to your VPN slots, and randomly connect to one of these. It will now also test your WAN connection, and put itself into standby until the WAN is restored before reconnecting your VPN connections. Major features: Now included in AMTM, Unbound Integration, Remote VPN Reset, Remote Router Reboot, KILLMON integration, Round-Robin, Fastest Connection Switching, AirVPN/WeVPN/Perfect Privacy/SurfShark/NordVPN VPN Compatible, WAN Awareness, YazFi Compatible, Multi-Country Capable.

VPNMON is free to use under the GNU General Public License version 3 (GPL 3.0).

This project is hosted on GitHub

Changelog here / What's new: Unbound Integration, AirVPN+Remote Reboot+Auto Start, KILLMON Suppression, KILLMON Integration, More Commandline Parameters, Round Robin + Stats, NordVPN Recommended Servers, Screen Utility Optimizations, Now Supporting WeVPN! -- VPNMON-R2 is now available in AMTM!

Screenshot:
vpnmon-r2-248-main.png


The Problem I was trying to solve​

  • As a former VPNMGR user, I had 5 different NordVPN VPN Client configurations populated on my Asus router running Merlin FW, each with a different city. There were times that I would lose connection to one of these servers, and the router would just endlessly keep trying to reconnect to no avail. Also, sometimes the SKynet firewall would block these NordVPN endpoints, and it would again, endlessly try to connect to a blocked endpoint. Other times, freakishly, I would have more than 1 VPN Client kick on for some reason. This program was built as a way to check to make sure VPN is connected, that the connection is clean, and that there aren't multiple instances running. If anything was off, it would launch a full-on assault and try to reset everything back to a normal state.
  • I also wanted a way for my VPN connection to reset each night, so that it would randomly select and connect to a different configuration, thus endpoint, so that I wouldn't be connected to the same city 24x7x365.
  • NordVPN literally has thousands of VPN endpoint servers which change frequently, depending on the distance or latency from your location scattered across the globe. On several occations, my Asus-Merlin-based Skynet firewall would block these VPN servers, and wanted to make sure I had a way to find all the latest VPN server IPs, and add them to the Skynet whitelist.
  • Above all, I wanted to make this script flexible enough for those who aren't running VPNMGR, using NordVPN or making use of the Skynet Firewall, so options have been built-in to bypass this functionality to make it usable in any VPN usage scenario.

How is this script supposed to run?​

Personally, I run this script from a SCREEN utility window running directly on the router itself, reachable through its own SSH window... but could very well just run from a PC that's connected directly to the Asus router, as it loops and checks the connection every 60 seconds. Instructions:
  1. Download and install directly from AMTM, or using your favorite SSH tools, copy & paste this command:
    Code:
    curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.55.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod 755 "/jffs/scripts/vpnmon-r2.sh"

  2. To initially configure this script, open up a dedicated SSH window, and simply execute the script::
    Code:
    sh /jffs/scripts/vpnmon-r2.sh -setup

  3. Once you've successfully configured the various options, you can run the script using this command:
    Code:
    sh /jffs/scripts/vpnmon-r2.sh -monitor
One particular ingenious way to run this is using the "screen" utility continuously from the router itself, instead of an attached session. (FYI, during the 'vpnmon-r2 -setup' process, you will be prompted to install the "screen" utility)
  1. First, make sure you install the "screen" utility (and have Entware installed):
    Code:
    opkg install screen

  2. The screen utility allows you to run the script in the background, detached from your current ssh session. Type:
    Code:
    screen -dmS vpnmon-r2 sh /jffs/scripts/vpnmon-r2.sh -monitor

  3. Perform the detach by hitting CTRL-A + D (NOTE: if you don't do this, you will kill your VPNMON-R2 session!)

  4. You can then reattach to the running script at any time, from any ssh session, on any client machine! Type:
    Code:
    screen -r vpnmon-r2

  5. To make life easier, can now also just launch or reconnect to VPNMON-R2 with the -screen switch. Type:
  6. Code:
    vpnmon-r2 -screen
What an awesome way to keep an SSH script running! Thanks @eibgrad!
A very elegant solution but my needs are very basic. I run two StrongVPN clients on slots 1 & 2. VPN director has rules deciding if connected device goes WAN, VPN1 or VPN2. No kill switch as connectivity is more important than the VPN tunnel. All I want is to restart VPN clients at 1 AM in case a tunnel has failed it will be reestablished at I AM. In experimenting with VPMON I have experienced VPMON shutting down a client usually client 2. How do I get VPMON only to do the daily reset? Do I use under Selection 5 the default option 0 random?
 
A very elegant solution but my needs are very basic. I run two StrongVPN clients on slots 1 & 2. VPN director has rules deciding if connected device goes WAN, VPN1 or VPN2. No kill switch as connectivity is more important than the VPN tunnel. All I want is to restart VPN clients at 1 AM in case a tunnel has failed it will be reestablished at I AM. In experimenting with VPMON I have experienced VPMON shutting down a client usually client 2. How do I get VPMON only to do the daily reset? Do I use under Selection 5 the default option 0 random?
Sorry @CaptainSTX, but VPNMON was built with only 1 VPN connection in mind. There would be a way you could do this, but it would be a bit more manual... You would select having only 1 VPN slot in VPNMON... and it would just be monitoring slot 1. You could then have it do a daily reset on it. For the second slot, you'd need to create a cron job that would basically stop/start slot 2. I can help you with a simple script if you would like? Or, you could just eliminate VPNMON from the picture, and use this cron script to reset both of your slots at once...

Unfortunately, for me, having multiple VPNs going was creating havoc, and wanted to make sure that VPNMON simplified life by only allowing 1 at a time. ;)
 
Last edited:
Sorry @CaptainSTX, but VPNMON was built with only 1 VPN connection in mind. There would be a way you could do this, but it would be a bit more manual... You would select having only 1 VPN slot in VPNMON... and it would just be monitoring slot 1. You could then have it do a daily reset on it. For the second slot, you'd need to create a cron job that would basically stop/start slot 2. I can help you with a simple script if you would like? Or, you could just eliminate VPNMON from the picture, and use this cron script to reset both of your slots at once...

Unfortunately, for me, having multiple VPNs going was creating havoc, and wanted to make sure that VPNMON simplified life by only allowing 1 at a time. ;)
 
OK. Now I know and will stop playing around with VPNMON. Good solution for a lot of problems and my issues just not my situation. Thank you for getting back to me.
 
We've added another reset condition, based on the newly added Unbound functionality! Basically, if your public VPN IP doesn't match your Public DNS Resolver IP (which should be the same if this functionality is enabled and working as advertised in VPNMON-R2), then RESET! Enjoy!

What's new!?
v2.58 - (May 24, 2023)
- ADDED:
Building on the Unbound functionality, I've implemented another reset condition, in particular, if the Unbound public DNS Resolver IP is not the same at your public VPN IP. Thanks so much to @SomeWhereOverTheRainBow for his amazing regex and awk skills to pull this query off with a dig command. You will now find a new item under the config menu to enable this feature, on page 2, item 18, and will ask if you want to enable an Unbound out-of-sync reset. In rare conditions (typically for anything messing with your iptables like skynet version updates, and whatnot, your Unbound public IP DNS Resolver may revert to your public WAN IP. This reset will force it to send its encrypted DNS traffic back over the VPN tunnel if it happens to go out-of-sync. If you are OK with your DNS Resolver IP being different than your Public VPN IP, simply don't enable this.
- FIXED: Thanks to @SomeWhereOverTheRainBow, he uncovered a more stable, preferred method to run CURL statements. This version of VPNMON-R2 has had all CURL statements modified per these suggestions! Thank you!
- FIXED: Optimizations and bugfixes

Download (or update directly through AMTM):
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.58.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod 755 "/jffs/scripts/vpnmon-r2.sh"

Significant Screenshot!
On the second config page, you'll find the ability to enable the Unbound/VPN Reset functionality.
vpnmon-r2-2.57-config.png


If this functionality is enabled (both items 17 & 18 in the config), you will see an indicator on the bottom of the main VPNMON-R2 UI indicating that both IPs are IN SYNC
vpnmon-r2-2.57-main.png
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top