VPNMON VPNMON-R3 v1.4.1 -Jul 2, 2025- Monitor WAN/Dual-WAN/OpenVPN Health & Reset Multiple OpenVPN Connections (Available in AMTM!) Wireguard v1.5.03 Beta!

[Viktor Jaep]

I think the ping method is fine for most cases. Besides, regardless how you force data over the tunnel you will face issues anyway.
Other issues are with site2site (limited AllowedIPs) peer or when ping target are also used for dns which means It may get its own route to WAN which means you may not get the result you want.

The only thing the ping -I does is that the ping packet get the stated source address or interface so you need to make sure this packet gets properly routed to the interface as @SomeWhereOverTheRainBow showed.

Example on both these workaround are in my watchdog script: https://github.com/ZebMcKayhan/Asus-merlin-Wireguard-Watchdog

IF_IP=$(nvram get "$IF"_addr | cut -d '/' -f1)
ip rule add from $IF_IP lookup $IF prio 10

...

ip rule del prio 10

Ahhh OK, I was wondering why you were making things complicated with these ip rules! Thanks!

 

[Viktor Jaep]

@Viktor Jaep glad to hear your OCD is healthy and happy - I think you know we share a common bond there!

Based on some extra emails I'm getting from wan-failover (since re-installing vpnmon-r3) on a reboot, where it senses WAN0 is disconnected and then reconnects shortly after, I think there may be some kind of "tussle" going on but it's maybe a startup timing issue between the two scripts?

I might try playing with the respective delays of starting up VPNMON-R3 and WAN-FAILOVER and see if I can make it play nice, or do you have any other thoughts?
Your script doesn't restart the WAN interface does it? Trying to work out which should "settle" first ...

I have your "Provide additional WAN/Dual WAN monitoring" option enabled but what exactly does that do? Could that be playing into it?

Cheers and hope you are well!

StephenH

VPNMON-R3 just sits in the background and keeps an eye on the WAN itself. It doesn't restart anything... it just waits for the WAN to come back up so that it can re-establish the vpn connections. Even if timing doesn't work, VPNMON would just check again at the end of it's 5min cycle, and see if it's safe to resume. It shouldn't interfere with anything dealing with the WAN.

The "Provide additional WAN..." option just enables this functionality of showing the WAN interfaces in the UI, and provides for monitoring and falls-back when it goes out. If it's not on, VPNMON will just constantly keep retrying connecting the vpn connections.

Thanks for testing!!

 

[CaptainSTX]

So that's a problem I'm still trying to work out. With OVPN, VPNMON actually starts those up, so I can get an accurate start time. WG, on the other hand, starts when the router reboots. The only time you get a more accurate start time is if you reset the WG connection within VPNMON, then I can start its own timer.

OK. Thanks for the update. Minor issue for me really. WG connections seem to be more stable than OpenVPN client which seems to need restarting every two - three days when it exceeds a PING of 500 ms. Just handy to see that both the open and WG clients are running when you open VPMON.

 

[Viktor Jaep]

OK. Thanks for the update. Minor issue for me really. WG connections seem to be more stable than OpenVPN client which seems to need restarting every two - three days when it exceeds a PING of 500 ms. Just handy to see that both the open and WG clients are running when you open VPMON.

WG definitely seems more stable. Lower ping too. I have my WG connection getting reset to a random location when the OVPN connections reset early in the morning, so it's been showing the correct connection times now. I'll continue working on this.

 

[Viktor Jaep]

New VPNMON-R3 alpha out today with some needed updates! HUGE thanks to @iTyPsIDg for his excellent contributions to getting the WG functionality supported!

What's new!?
v1.5.02a - (July 19, 2025)
- PATCH: Fixed the "FAILOVER" message and corrected spacing thanks to @Stephen Harrington, my fellow OCD sufferer that keeps me honest!
- PATCH: Thanks to the huge contributions from @iTyPsIDg, not only has he figured out some automation methods to pull WG info via API from NordVPN, but he added the entire framework for the custom WG server list automation menu, along with multiple WG email events that were missing. I ended up combining both the VPN and his WG server automation screens into one single pane of glass to reduce complexity.
- PATCH: Instead of displaying the WG Endpoint IP (or hostname) on screen, it is now resolving the actual Public IP, as reported by @CaptainSTX. Thanks!
- PATCH: Added site2site ping workaround as discussed by @ZebMcKayhan that adds an ingenious ip rule to the vpndirector. Thanks for the corroboration by @SomeWhereOverTheRainBow on this!

Download link:

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R3/develop/vpnmon-r3.sh" -o "/jffs/scripts/vpnmon-r3.sh" && chmod 755 "/jffs/scripts/vpnmon-r3.sh"

Significant Screenshots:

Thanks to @iTyPsIDg, he single-handedly added the WG Client Slot Server List Automation framework, along with a few missing WG email event messages that he added. Really appreciate your willingness to jump in and solve problems!

 

[ZebMcKayhan]

PATCH: Added site2site ping workaround as discussed by @ZebMcKayhan that adds an ingenious ip rule to the vpndirector. Thanks for the corroboration by @SomeWhereOverTheRainBow on this!

Thanks!

Health seems to work now for me:

But the script takes a long time getting the wg data, like 1min or so. Perhaps related to public ip and city exit failing?

Yep, still, manually setting wgc rp_filter to loose fixes both public ip retrieval and city (and speed).

Perhaps the workaround is needed in more places in the script?

I've used this before to retrieve info about my connection like city et.c:

https://ifconfig.co/json

should work with curl or wget. Not sure if it adds any value for you but thought I mention it.

 

[Viktor Jaep]

Health seems to work now for me:

Hurrah success!

But the script takes a long time getting the wg data, like 1min or so. Perhaps related to public ip and city exit failing?

Bah!

Yep, still, manually setting wgc rp_filter to loose fixes both public ip retrieval and city (and speed).

Perhaps the workaround is needed in more places in the script?

Quite possibly! Let me see if I can rework this a bit more, and see if it'll work for you! Please stand by!

I've used this before to retrieve info about my connection like city et.c:

https://ifconfig.co/json

should work with curl or wget. Not sure if it adds any value for you but thought I mention it.

That is NICE! Thanks for sharing that! Will see if this might be preferable over other methods. Might eliminate some redundant hoops I'm jumping through to get city data.

 

[Viktor Jaep]

@ZebMcKayhan ... please give the latest & greatest another shot. I added that same method to both the WG public IP and city lookups. Hoping that eliminates all delays without having to mess with your rp_filter!

Download link:

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R3/develop/vpnmon-r3.sh" -o "/jffs/scripts/vpnmon-r3.sh" && chmod 755 "/jffs/scripts/vpnmon-r3.sh"

 

[ZebMcKayhan]

@ZebMcKayhan ... please give the latest & greatest another shot. I added that same method to both the WG public IP and city lookups. Hoping that eliminates all delays without having to mess with your rp_filter!

Download link:

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R3/develop/vpnmon-r3.sh" -o "/jffs/scripts/vpnmon-r3.sh" && chmod 755 "/jffs/scripts/vpnmon-r3.sh"

Thanks!

Yep, now it works with 388 fw default rp_filter setting (1: strict). Great work!

 

[iTyPsIDg]

That is NICE! Thanks for sharing that! Will see if this might be preferable over other methods. Might eliminate some redundant hoops I'm jumping through to get city data.

In my experience, it provides inaccurate location data. My VPN is connecting to the US, but it claims I'm using a German IP address. The IP address is correct.

 

[CaptainSTX]

New VPNMON-R3 alpha out today with some needed updates! HUGE thanks to @iTyPsIDg for his excellent contributions to getting the WG functionality supported!

What's new!?
v1.5.02a - (July 19, 2025)
- PATCH: Fixed the "FAILOVER" message and corrected spacing thanks to @Stephen Harrington, my fellow OCD sufferer that keeps me honest!
- PATCH: Thanks to the huge contributions from @iTyPsIDg, not only has he figured out some automation methods to pull WG info via API from NordVPN, but he added the entire framework for the custom WG server list automation menu, along with multiple WG email events that were missing. I ended up combining both the VPN and his WG server automation screens into one single pane of glass to reduce complexity.
- PATCH: Instead of displaying the WG Endpoint IP (or hostname) on screen, it is now resolving the actual Public IP, as reported by @CaptainSTX. Thanks!
- PATCH: Added site2site ping workaround as discussed by @ZebMcKayhan that adds an ingenious ip rule to the vpndirector. Thanks for the corroboration by @SomeWhereOverTheRainBow on this!

Download link:

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R3/develop/vpnmon-r3.sh" -o "/jffs/scripts/vpnmon-r3.sh" && chmod 755 "/jffs/scripts/vpnmon-r3.sh"

Significant Screenshots:

Thanks to @iTyPsIDg, he single-handedly added the WG Client Slot Server List Automation framework, along with a few missing WG email event messages that he added. Really appreciate your willingness to jump in and solve problems!

View attachment 66768

Thanks. Everything working including showing WG's client's actual public IP.

 

[Viktor Jaep]

A whole new level of Wireguard has been achieved with many thanks to @iTyPsIDg for his awesome tutorial thread. Access to 2203 NordVPN WG servers ready to be randomized to!

 

[ZebMcKayhan]

In my experience, it provides inaccurate location data. My VPN is connecting to the US, but it claims I'm using a German IP address. The IP address is correct.

Does this do a better job?

http://ip-api.com/json/

Or perhaps

https://ipapi.co/json/

 

[Viktor Jaep]

Does this do a better job?

http://ip-api.com/json/

Or perhaps

https://ipapi.co/json/

That's the one I use... ip-api.com

 

[Ripshod]

I stopped using VPNMON when I switched to purely wireguard. Now we have the WG functionality I'm testing this alpha.
One point I noted. If I enable WAN checks in the config, the check times out occasionally, even though it's obvious I'm using the Internet.

 

[Viktor Jaep]

I stopped using VPNMON when I switched to purely wireguard. Now we have the WG functionality I'm testing this alpha.
One point I noted. If I enable WAN checks in the config, the check times out occasionally, even though it's obvious I'm using the Internet.

Hey @Ripshod ... Could you please elaborate on what you mean with "times out"? Perhaps a screenshot? That would help! Are you using 8.8.8.8 as your ping host?

 

[Ripshod]

Ping host is the default 8.8.8.8. I can't remember the exact message, but it stuck for maybe a minute and mentioned something about trying again in 5 minutes? Does that sound right?
I'll grab a screenie when it happens again.

 

[Viktor Jaep]

Ping host is the default 8.8.8.8. I can't remember the exact message, but it stuck for maybe a minute and mentioned something about trying again in 5 minutes? Does that sound right?
I'll grab a screenie when it happens again.

Yep, that's expected behavior if it can no longer detect a WAN connection.

 

[CaptainSTX]

New VPNMON-R3 alpha out today with some needed updates! HUGE thanks to @iTyPsIDg for his excellent contributions to getting the WG functionality supported!

What's new!?
v1.5.02a - (July 19, 2025)
- PATCH: Fixed the "FAILOVER" message and corrected spacing thanks to @Stephen Harrington, my fellow OCD sufferer that keeps me honest!
- PATCH: Thanks to the huge contributions from @iTyPsIDg, not only has he figured out some automation methods to pull WG info via API from NordVPN, but he added the entire framework for the custom WG server list automation menu, along with multiple WG email events that were missing. I ended up combining both the VPN and his WG server automation screens into one single pane of glass to reduce complexity.
- PATCH: Instead of displaying the WG Endpoint IP (or hostname) on screen, it is now resolving the actual Public IP, as reported by @CaptainSTX. Thanks!
- PATCH: Added site2site ping workaround as discussed by @ZebMcKayhan that adds an ingenious ip rule to the vpndirector. Thanks for the corroboration by @SomeWhereOverTheRainBow on this!

Download link:

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R3/develop/vpnmon-r3.sh" -o "/jffs/scripts/vpnmon-r3.sh" && chmod 755 "/jffs/scripts/vpnmon-r3.sh"

Significant Screenshots:

Thanks to @iTyPsIDg, he single-handedly added the WG Client Slot Server List Automation framework, along with a few missing WG email event messages that he added. Really appreciate your willingness to jump in and solve problems!

View attachment 66768

Just a heads up that in my case to get the uptime for WG clients to show I needed to stop the WG clients using VPMON then start them again and finally in the settings selecting to monitor the active slots again. Updating to the latest beta alone didn't enable this uptime to show. Makes sense in that VPMON needs to have a starting point to calculate uptime from.

Also, in the in the options menus it would be less confusing and more consistent if the WG slots were consistently referred to as 6-0 instead of in some places repeating WG as 1-5 as well as VPN 1-5.

 

[Viktor Jaep]

Just a heads up that in my case to get the uptime for WG clients to show I needed to stop the WG clients using VPMON then start them again and finally in the settings selecting to monitor the active slots again. Updating to the latest beta alone didn't enable this uptime to show. Makes sense in that VPMON needs to have a starting point to calculate uptime from.

Yep, that's exactly the conundrum!

Also, in the in the options menus it would be less confusing and more consistent if the WG slots were consistently referred to as 6-0 instead of in some places repeating WG as 1-5 as well as VPN 1-5.

I like that idea. I'll start looking at this.