Provider disconnects / VPN does not reconnect

[Olivier L]

1 single vpn client running. VPNFailover launched through vpnclient1-up

#!/bin/sh
VPN_ID=${dev:4:1}
[ -z "$VPN_ID" ] && { SCR=$(basename $0); VPN_ID=${SCR:9:1}; }
logger -st "($(basename $0))" $$ "Requesting VPN Failover monitor with 15 min delay....."
sh /jffs/scripts/VPN_Failover.sh reset "$VPN_ID" && sleep 60 && sh /jffs/scripts/VPN_Failover.sh "$VPN_ID" "multiconfig" "interval=120" "delay=900" "ignore=2,3,4,5" "pingonly=1.1.1.1" &​

(VPN_Failover.sh): 30828 v1.22 Started..... [1 multiconfig interval=120 delay=900 ignore=2,3,4,5 pingonly=1.1.1.1]

let see...

 

[Martineau]

1 single vpn client running. VPNFailover launched through vpnclient1-up

#!/bin/sh
VPN_ID=${dev:4:1}
[ -z "$VPN_ID" ] && { SCR=$(basename $0); VPN_ID=${SCR:9:1}; }
logger -st "($(basename $0))" $$ "Requesting VPN Failover monitor with 15 min delay....."
sh /jffs/scripts/VPN_Failover.sh reset "$VPN_ID" && sleep 60 && sh /jffs/scripts/VPN_Failover.sh "$VPN_ID" "multiconfig" "interval=120" "delay=900" "ignore=2,3,4,5" "pingonly=1.1.1.1" &

(VPN_Failover.sh): 30828 v1.22 Started..... [1 multiconfig interval=120 delay=900 ignore=2,3,4,5 pingonly=1.1.1.1]

let see...

For a true test of v1.22, you should revert back to the original 'vpnclient1-up' that doesn't delete any existing instance of VPN_Failover.sh.

sh /jffs/scripts/VPN_Failover.sh "$VPN_ID" "multiconfig" "interval=120" "delay=900" "ignore=2,3,4,5" "pingonly=1.1.1.1" &

and also try to create a second instance of the monitor from the command line.

 

[Martineau]

(VPN_Failover.sh): 30828 v1.22 Started..... [1 multiconfig interval=120 delay=900 ignore=2,3,4,5 pingonly=1.1.1.1]

let see...

Embarrassingly, the beta v1.22 was still buggy , but after several hours (it was nothing to do with timing issues between the processes) I spotted my typo '-w'

So I have uploaded v1.22 VPN_Failover.sh

 

[Olivier L]

it looks perfect with that release. so far no issue. I will keep you posted. Thanks a lot !

 

[Olivier L]

HEllo,
2 instances running simultaneously

PID 2937 launched through vpnclient1-up

#!/bin/sh
VPN_ID=${dev:4:1}
logger -st "($(basename $0))" $$ "Requesting VPN Failover monitor with 15 min delay....."
sh /jffs/scripts/VPN_Failover.sh "$VPN_ID" "multiconfig" "interval=120" "delay=900" "ignore=2,3,4,5" "pingonly=1.1.1.1" &​

PID 13646 launched manually

/jffs/scripts/VPN_Failover.sh 1 multiconfig interval=120 delay=100 ignore=2,3,4,5 force curlrate=1M
​

ps w | grep VPN

2937 olivier 3476 S sh /jffs/scripts/VPN_Failover.sh 1 multiconfig interval=120 delay=900 ignore=2,3,4,5 pingonly=1.1.1.1
13646 olivier 3476 S {VPN_Failover.sh} /bin/sh /jffs/scripts/VPN_Failover.sh 1 multiconfig interval=120 delay=100 ignore=2,3,4​

Is that the expected behaviour ?

 

[Martineau]

HEllo,
2 instances running simultaneously
View attachment 20211

PID 2937 launched through vpnclient1-up

#!/bin/sh
VPN_ID=${dev:4:1}
logger -st "($(basename $0))" $$ "Requesting VPN Failover monitor with 15 min delay....."
sh /jffs/scripts/VPN_Failover.sh "$VPN_ID" "multiconfig" "interval=120" "delay=900" "ignore=2,3,4,5" "pingonly=1.1.1.1" &​

PID 13646 launched manually

/jffs/scripts/VPN_Failover.sh 1 multiconfig interval=120 delay=100 ignore=2,3,4,5 force curlrate=1M
​

ps w | grep VPN

2937 olivier 3476 S sh /jffs/scripts/VPN_Failover.sh 1 multiconfig interval=120 delay=900 ignore=2,3,4,5 pingonly=1.1.1.1
13646 olivier 3476 S {VPN_Failover.sh} /bin/sh /jffs/scripts/VPN_Failover.sh 1 multiconfig interval=120 delay=100 ignore=2,3,4​

Is that the expected behaviour ?

Sadly No

This is what happens when I try to manually start a second instance of 'VPN_Failover.sh' for the already ('vpnclient3-up') monitored VPN Client 3

./VPN_Failover.sh status

(VPN_Failover.sh): 9536 v1.22 Started..... [status]

 Active VPN Failover monitor processes

8620 admin 1488 S {VPN_Failover.sh} /bin/sh /jffs/scripts/VPN_Failover.sh 3 delay=120 ignore=1,2,4,5 verbose interval=3600
 5 Dec 9 23:14 /tmp/vpnclient3-VPNFailover Status/PID=8620

Attempt to manually create the second (foreground) instance....

./VPN_Failover.sh 3 delay=120 ignore=1,2,4,5 verbose interval=3600

(VPN_Failover.sh): 9640 v1.22 Started..... [3 delay=120 ignore=1,2,4,5 verbose interval=3600]

 ***ERROR: VPN Client 3 Failover monitor already running!
  PID= 8620 admin 1488 S {VPN_Failover.sh} /bin/sh /jffs/scripts/VPN_Failover.sh 3 delay=120 ignore=1,2,4,5 verbose interval=3600

and also attempt to start another (background) instance using 'vpnclient3-up'

./vpnclient3-up

(vpnclient3-up): 10155 User Processing '' () via args = []
(vpnclient3-up): 10155 Requesting VPN Failover monitor with 2 min delay.....
(vpnclient3-up): 10155 Acquiring lock semaphore '/tmp/WiFiVPN.sh-flock'

(vpnclient3-up): 10155 Lock semaphore acquired '/tmp/WiFiVPN.sh-flock'
(VPN_Failover.sh): 10168 v1.22 Started..... [3 delay=120 ignore=1,2,4,5 verbose interval=3600]
(vpnclient3-up): 10155 Lock semaphore released '/tmp/WiFiVPN.sh-flock'
(vpnclient3-up): 10155 User Processing Complete.

admin@RT-AC68U:/jffs/scripts# 

 ***ERROR: VPN Client 3 Failover monitor already running!
  PID= 8620 admin 1488 S {VPN_Failover.sh} /bin/sh /jffs/scripts/VPN_Failover.sh 3 delay=120 ignore=1,2,4,5 verbose interval=3600

No idea why the duplicate instance occurs on your router.

 

[Olivier L]

it is weird...

olivier@AX88U-olivier:/tmp/home/root# /jffs/scripts/VPN_Failover.sh status
(VPN_Failover.sh): 10814 v1.22 Started..... [status]
Active VPN Failover monitor processes
olivier@AX88U-olivier:/tmp/home/root#
​

whereas

cat /tmp/vpnclient1-VPNFailover
2937​

 

[Olivier L]

Hello,
I failed to understand why your script is not able to find duplicate on my setup, but finally it works with this workaround in vpnclientX-up

--
VPN_ID=X
kill -9 $(ps w | grep "/jffs/scripts/VPN_Failover.sh $VPN_ID" | grep -v grep | awk '{print $1}') > /dev/null 2>&1
sleep 10
logger -st "($(basename $0))" $$ "Requesting VPN Failover monitor with 4 min delay....."
sh /jffs/scripts/VPN_Failover.sh "$VPN_ID" "multiconfig" "interval=120" "delay=240" "ignore=2,3,4,5" "pingonly=1.1.1.1" &
--​

I kill all VPNFailover occurences regarding the same client prior to launching a new one.

And so far, for an unknown reason, I no longer have the issue with vpn ip rules not properly set up at vpn disconnect !
So it is all good.

 

[Martineau]

I failed to understand why your script is not able to find duplicate on my setup

I can only assume that the following

pidof VPN_Failover.sh

doesn't always work depending on the version of Busybox etc.

...but finally it works with this workaround in vpnclientX-up

kill -9 $(ps w | grep "/jffs/scripts/VPN_Failover.sh $VPN_ID" | grep -v grep | awk '{print $1}')

What would happen if you changed it to

kill -9 $(pidof VPN_Failover.sh)

would this always terminate the previous instance of the 'VPN_Failover.sh' monitoring script on your system?

I kill all VPNFailover occurences regarding the same client prior to launching a new one.

Whilst this will work for you, it means that there is no longer any round-robin failover i.e. you have just killed the monitoring process that is keeping track of which VPN server was last used as defined by the 'multiconfig' directive.

So, rather than simply rely on the PID, I have now added code to also check for the existence of the PID file and added a lock semaphore.

Uploaded v1.23 VPN_Failover.sh

 

[Olivier L]

On my RT-AX88U, "pidof VPN_Failover.sh" returns nothing !
That is why I use a dirty command to kill all VPN_Failover.sh occurences.

Sorry, I am not I catch what you meant by "So, rather than simply rely on the PID, I have now added code to also check for the existence of the PID file and added a lock semaphore.".

 

[Martineau]

On my RT-AX88U, "pidof VPN_Failover.sh" returns nothing !

Well that would explain why my script doesn't work for you!

Sorry, I am not I catch what you meant by "So, rather than simply rely on the PID, I have now added code to also check for the existence of the PID file and added a lock semaphore.".

It's a programming method...... if really bored see Locks, Semaphores and Mutexes


TLDR;

Spoiler: How my script uses a Sempahore and Mutex

./VPN_Failover.sh status

(VPN_Failover.sh): 22985 v1.23 Started..... [status]

 Active VPN Failover monitor processes

21901 admin 1492 S {VPN_Failover.sh} /bin/sh /jffs/scripts/VPN_Failover.sh 1 delay=120 ignore=2,3,4,5 verbose interval=1200
 6 Dec 15 02:24 /tmp/vpnclient1-VPNFailover Status/PID=21901

which pidof

/bin/pidof


pidof VPN_Failover.sh

21901

So the VPN Client 1 monitor is running in the background and has created file '/tmp/vpnclient1-VPNFailover' which either contains a PID or the literal 'NOKILL'.
If you delete Semaphore '/tmp/vpnclient1-VPNFailover' then when the VPN Client 1 monitor notices that its PID file no longer exists it will then terminate itself gracefully.

On the other hand, if the VPN Client 1 monitor abnormally terminates, it will leave an 'orphaned' PID file.

e.g. manually destroy the monitoring instance

kill -9 21901


./VPN_Failover.sh status

(VPN_Failover.sh): 28167 v1.23 Started..... [status]

 Active VPN Failover monitor processes

 ***ERROR Orphaned PID file '/tmp/vpnclient1-VPNFailover'

Now prior to v1.23, 'vpnclient1-up' would not have a problem with this, i.e. if '$(pidof VPN_Failover.sh)' doesn't find a match, it simply overwrote '/tmp/vpnclient1-VPNFailover' containing a new PID.

Since I can no longer rely on $(pidof VPN_Failover.sh), if an 'orphaned' PID file exists, then you will now sadly need to use

./VPN_Failover.sh   reset   1

before 'vpnclient1-up' can create a new VPN Failover 1 monitoring instance.

NOTE: I also now use a Mutex to lock a 'critical' section of the script to ensure that another concurrent instance of 'VPN_Failover.sh 1' cannot create a new PID file '/tmp/vpnclient1-VPNFailover'

 

[Olivier L]

so it means even with this now programming method it will fail on my setup due to pidof failing ?

 

[Martineau]

so it means even with this now programming method it will fail on my setup due to pidof failing ?

Hopefully no.

If you have time please try v1.23 and report back.

 

[Olivier L]

something strange:

pidof /jffs/scripts/VPN_Failover.sh returns nothing
pidof sh /jffs/scripts/VPN_Failover.sh returns PIDs number of VPN_Failover.sh & of sh (launched by ssh) !

 

[Olivier L]

I am trying 1.23.
Killed all VPNFailover.sh, restarted openvpn client 1 from GUI.
ok a new VPNFailover.sh is running PID 3992.

But something strange

olivier@AX88U-olivier:/jffs/scripts# ./VPN_Failover.sh status 1
(VPN_Failover.sh): 14647 v1.23 Started..... [status 1]
Active VPN Failover monitor processes
***ERROR Orphaned PID file '/tmp/vpnclient1-VPNFailover'
olivier@AX88U-olivier:/jffs/scripts# cat /tmp/vpnclient1-VPNFailover
3992
olivier@AX88U-olivier:/jffs/scripts# ps w | grep 3992
3992 olivier 3476 S sh /jffs/scripts/VPN_Failover.sh 1 multiconfig interval=300 delay=600 ignore=2,3,4,5 force curlrate=1M​

???

 

[Olivier L]

Still the same, no pb to launched manually a new VPNFailover when a master one is already running

 

[Martineau]

I am trying 1.23.
Killed all VPNFailover.sh, restarted openvpn client 1 from GUI.
ok a new VPNFailover.sh is running PID 3992.

But something strange

olivier@AX88U-olivier:/jffs/scripts# ./VPN_Failover.sh status 1
(VPN_Failover.sh): 14647 v1.23 Started..... [status 1]
Active VPN Failover monitor processes
***ERROR Orphaned PID file '/tmp/vpnclient1-VPNFailover'
olivier@AX88U-olivier:/jffs/scripts# cat /tmp/vpnclient1-VPNFailover
3992
olivier@AX88U-olivier:/jffs/scripts# ps w | grep 3992
3992 olivier 3476 S sh /jffs/scripts/VPN_Failover.sh 1 multiconfig interval=300 delay=600 ignore=2,3,4,5 force curlrate=1M​

What happens if you omit the 'VPN client instance' arg on the 'status' command?

./VPN_Failover.sh status

Also, if you now run

./vpnclient1-up

is a duplicate VPN_Failover 1 instance created?

 

[Olivier L]

Yes launching manually vpnclient1-up still creates a new instance of VPNFailover.sh
./VPN_Failover.sh status is also failing to see running process.

 

[Martineau]

Yes launching manually vpnclient1-up still creates a new instance of VPNFailover.sh
./VPN_Failover.sh status is also failing to see running process.

As per the script's header instructions remove the 'sh' prefix

/jffs/scripts/vpnclient1-up

/jffs/scripts/VPN_Failover.sh "$VPN_ID" "multiconfig" "interval=120" "delay=900" "ignore=2,3,4,5" "pingonly=1.1.1.1" &

 

[Olivier L]

hum. looks much much better...
VPNFailover.sh status is working well.
pidof VPNFailover.sh as weel.