What's new

DomainVPNRouting Domain VPN Routing

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Also what do you recommend i'm thinking of NOT using Firewall Restore because that seems to have an incompatibility with Killmon because it messes with IPtables... So I was thinking instead after reboot since it seems that the script waits 15 minutes (Check Interval) before querying the policy i'd change that to the minimum of 1 minute. Is that bad to do? meaning is there an issue of making it so little will that like overload the router.
I would add the firewall restore setting, it shouldn't interfere, all it does is add the restore policy command to the firewall start script. While you technically can reduce the cronjob to 1 minute, I don't recommend it because it will constantly have your router querying policies attempting it every minute. There won't be duplicate runs because of the lock file but whenever a job completes, the next minute another will start and that's a bit aggressive.
 
I would add the firewall restore setting, it shouldn't interfere, all it does is add the restore policy command to the firewall start script. While you technically can reduce the cronjob to 1 minute, I don't recommend it because it will constantly have your router querying policies attempting it every minute. There won't be duplicate runs because of the lock file but whenever a job completes, the next minute another will start and that's a bit aggressive.
No the reason why I was asking is using killmon with the firewall restore does in fact cause no connectivity on the vpn. Meaning some rules that killmon is adding to iptables doesn’t work when your script does the firewall restore. So what would be your recommendation ? Also could you make an option that it query’s at reboot automatically. Cause that’s my issue my issue is after a reboot unless I wait the 15 minutes without the firewall restore active my policies don’t work. Could you make a config option that after a reboot the policies are automatically queried.
 
No the reason why I was asking is using killmon with the firewall restore does in fact cause no connectivity on the vpn. Meaning some rules that killmon is adding to iptables doesn’t work when your script does the firewall restore. So what would be your recommendation ? Also could you make an option that it query’s at reboot automatically. Cause that’s my issue my issue is after a reboot unless I wait the 15 minutes without the firewall restore active my policies don’t work. Could you make a config option that after a reboot the policies are automatically queried.
I'm not sure what the killmon is doing to disrupt the traffic but the rules are going to be added once the query policy cron job runs anyway. Are you saying that once the rules are added you can't access the domains once the traffic is being told to be blocked? Are you wanting it to bypass and start using regular WAN if the VPN is killed? Query policy is called at boot via the wan-event, openvpn-event, or wgclient-start scripts (Executes from one of these, whichever is called first).
 
I'm not sure what the killmon is doing to disrupt the traffic but the rules are going to be added once the query policy cron job runs anyway. Are you saying that once the rules are added you can't access the domains once the traffic is being told to be blocked? Are you wanting it to bypass and start using regular WAN if the VPN is killed? Query policy is called at boot via the wan-event, openvpn-event, or wgclient-start scripts (Executes from one of these, whichever is called first).
I honestly don’t know why but when I use Killmon all the policies don’t work when I enable reboot protection of killmon. I am wondering if as a feature request if you can add a feature that if the router reboots once the router reboots it re-Querys the policy.
 
I honestly don’t know why but when I use Killmon all the policies don’t work when I enable reboot protection of killmon. I am wondering if as a feature request if you can add a feature that if the router reboots once the router reboots it re-Querys the policy.
It already calls query policy from the event script like I said, so it should be calling to query your policies on a reboot as well as create cron job for continuous runs. Maybe there is something going on timing wise preventing it from creating the rules necessary at the reboot time or they are being recreated and deleted. You'd have to enable verbose logging on a policy and see what it is doing during that time.
 
It already calls query policy from the event script like I said, so it should be calling to query your policies on a reboot as well as create cron job for continuous runs. Maybe there is something going on timing wise preventing it from creating the rules necessary at the reboot time or they are being recreated and deleted. You'd have to enable verbose logging on a policy and see what it is doing during that time.
Oh maybe it’s VPN-Mon which is like monitoring the VPN. Maybe I need to delay it meaning delay the start of your script. I think you have that option.
 
by the way I keep getting this error a lot as i'm working on editing things with my policies:
delete all policiesipset v7.6: Set cannot be destroyed: it is in use by a kernel component

Delete Policy - ***Error*** Failed to delete IPv4 IPSET for Amazon
***Error*** Failed to delete IPv4 IPSET for Hulu
 
by the way I keep getting this error a lot as i'm working on editing things with my policies:
delete all policiesipset v7.6: Set cannot be destroyed: it is in use by a kernel component

Delete Policy - ***Error*** Failed to delete IPv4 IPSET for Amazon
***Error*** Failed to delete IPv4 IPSET for Hulu
Not too sure what has those locked up, did you have something else accessing those IPSets?
 
I am beginning to notice that I’m getting a notification that I used to not get when I was using x3mrouting. I’m not sure if I should enable the NVRAM checks. How would I know if that should be enabled ?

VPN Slot 1 is Non-Responsive​

Date/Time: May 04 2024 18:00:50
Asus Router Model:
Firmware/Build Number:

FAILURE: VPNMON-R3 has detected that VPN Slot 1 is non-responsive. VPN Slot 1 has been reset.
Please check your network environment and configuration if this error continues to persist.
 
I am beginning to notice that I’m getting a notification that I used to not get when I was using x3mrouting. I’m not sure if I should enable the NVRAM checks. How would I know if that should be enabled ?

VPN Slot 1 is Non-Responsive​

Date/Time: May 04 2024 18:00:50
Asus Router Model:
Firmware/Build Number:

FAILURE: VPNMON-R3
has detected that VPN Slot 1 is non-responsive. VPN Slot 1 has been reset.
Please check your network environment and configuration if this error continues to persist.
I am not sure how @Viktor Jaep 's tool detects the VPN not working, maybe something going on with the VPN Server side of your VPN Client at the moment?
 
I am not sure how @Viktor Jaep 's tool detects the VPN not working, maybe something going on with the VPN Server side of your VPN Client at the moment?
@ComputerSteve ... if it successively fails a ping and a curl through the VPN tunnel 3x in a row, it will assume the VPN slot is non-responsive, and causes a reset.
 
@ComputerSteve ... if it successively fails a ping and a curl through the VPN tunnel 3x in a row, it will assume the VPN slot is non-responsive, and causes a reset.
Yes I understand.. What i'm saying is i'm getting that now everyday now that i'm using Domain Routing and I haven't got that once when I was using x3mrouting.. Also I notice it isn't down... Meaning as soon as VPNmon resets it then the connection is back up. Its not that the vpn is actually down because even with a reset the vpn wouldn't connect. Should I enable that nvram check feature?
 
Yes I understand.. What i'm saying is i'm getting that now everyday now that i'm using Domain Routing and I haven't got that once when I was using x3mrouting.. Also I notice it isn't down... Meaning as soon as VPNmon resets it then the connection is back up. Its not that the vpn is actually down because even with a reset the vpn wouldn't connect. Should I enable that nvram check feature?
Could be some kind of routing or resolution issue in that case?
 
Is there a disadvantage to enable NVRAM checks meaning why isn’t that on by default ?
It just runs a little slower processing but not really.
 
So there is something weird as I’m saying every day at around 6 pm the issue keeps happening and I’m loosing internet connectivity on the VPN. This never happened before I started using Domain Routing.. any ideas @Viktor Jaep or @Ranger802004
Nothing in VPNMON would be doing that. Doubt Domain Routing would be causing something. Have you looked at your syslogs and/or cronjobs?
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top