Awesome thank you @Martineau
I just use
remote then ip address and the port for the VPN
in the custom config on asus router works perfect.
See if this post from the previous page fits your use case requirements.Thanks a lot, but that doesn´t work in my setup, because there are different VPN providers. :-(
# VPN_Failover 1 multiconfig
# Monitor VPN Client 1 every 30 secs and if DOWN, retrieve the next round-robin VPN Client 1 config from '/jffs/configs/VPN_Failover' and restart VPN Client 1.
# (So rather than be limited by 5 VPN GUI configs, you can now specify an unlimited custom server list for a SINGLE VPN ISP
# e.g. 1 vpn.LA.server 553 udp #HMA Los Angeles
# 1 vpn.NY.server 443 tcp #HMA New York
# 1 vpn.SF.server 1194 udp #HMA San Francisco
YesIs it possible to run the VPN Failover script with different configurations in parallel ?
Here are examples of calling the VPN Failover script to create the failover-pair VPN Client 1 & 3 based on performance/throughput.and if so, how can I achieve that
Should I add them to the vpnclient1-route-up respectively vpnclient2-route-up script ?
VPN_ID=${dev:4:1}
Say "Requesting VPN Failover monitor with 2 min delay....."
/jffs/scripts/VPN_Failover.sh "$VPN_ID" "delay=120" "ignore=2,4,5" "verbose" "interval=1200" force minrates=600K,?,600K &
VPN_ID=${dev:4:1}
Say "Requesting VPN Failover monitor with 2 min delay....."
/jffs/scripts/VPN_Failover.sh "$VPN_ID" "delay=120" "ignore=1,3,5" "verbose" "interval=1200" force minrates=600K,?,600K &
I didn't see where this was mentioned in the thread. Does @mister also need to install John9527's /jffs/scripts/openvpn-event script so /jffs/scripts/vpnclient1-route-up and /jffs/scripts/vpnclient2-route-up get executed by openvpn-event?Yes
Here are examples of calling the VPN Failover script to create the failover-pair VPN Client 1 & 3 based on performance/throughput.
NOTE: I prefer the openvpn-event 'UP' triggers (rather than the 'route-UP' triggers)
/jffs/scripts/vpnclient1-up
...similarly for the failover-pair VPN Client 2 & 4Code:VPN_ID=${dev:4:1} Say "Requesting VPN Failover monitor with 2 min delay....." /jffs/scripts/VPN_Failover.sh "$VPN_ID" "delay=120" "ignore=2,4,5" "verbose" "interval=1200" force minrates=600K,?,600K &
/jffs/scripts/vpnclient2-up
NOTE: It may be simpler to failover the appropriate VPN Client instance to itself when the throughput is less than the expected threshold, but use a different round-robin server - specified either manually in the GUI config or using the script's 'multiconfig' option.Code:VPN_ID=${dev:4:1} Say "Requesting VPN Failover monitor with 2 min delay....." /jffs/scripts/VPN_Failover.sh "$VPN_ID" "delay=120" "ignore=1,3,5" "verbose" "interval=1200" force minrates=600K,?,600K &
The other item @mister needs to consider is the routing rules created by x3mRouting. If you switch from client1 to client2, the routing rules will still be pointing to client1!
Update:
The way to handle this is to run the x3mRouting script and pass the "del" parameter to it from /jffs/scripts/vpnclient1-down. This will purge the routes when the client goes down. Then, run the x3mRouting script from the vpnclient2-up passing the vpn client number "2" parameter to create the new routing rules.
That should do it. I bounced one of my clients to verify the script names for up and down events. x3mRouting already comes with an /jffs/scripts/x3mRouting/openvpn-event script. Use option 4 from the x3mRouting menu to install. If you were using /jffs/scripts/nat-start, comment out the references to x3mRouting or remove nat-start. You can add vpnclient1-down and vpnclient2-route-up scripts to the /jffs/scripts/x3mRouting folder.Thank you for your comments.
I will copy the complete content of the VPNCLIENT1-route-up script to a VPNCLIENT1-route-down script and add del after everything , right
e.g.
Code:
sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 1 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net
would be to
sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 1 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net del
and than I add
sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 2 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net
to VPNCLIENT2-route-up and create the VPNCLIENT2-route-down as for VPNCLIENT1-route-down.
Did I understand you in the right way?
sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 0 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net del
sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 0 NETFLIX netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net
If you have configured overlapping Selective Routing IPs/ranges/CIDRs for more than one VPN Client, then activating the Kill-switch ONLY on the lowest priority VPN Client is the correct (GUI) solution i.e. it is not a workaround.So there is no possibility to use a killswitch with the VPN failover script ?
Maybe a workaround could be to activate the OVPNC5 client as well and activate only there the Killswitch?
Thanks a lot, I made it so. At the weekend I will try to implement your VPNfailover script. Is it possible to explain the "minrates=600K,?,600K &" in your script ? It would help me, if I want to modify the configuration that it fits best for me. Could the "ping" considered as well as trigger ?If you have configured overlapping Selective Routing IPs/ranges/CIDRs for more than one VPN Client, then activating the Kill-switch ONLY on the lowest priority VPN Client is the correct (GUI) solution i.e. it is not a workaround.
The script's help should assist in describing the syntaxIs it possible to explain the "minrates=600K,?,600K &" in your script ? It would help me, if I want to modify the configuration that it fits best for me.
./VPN_Failover.sh -h
#
# VPN_Failover [-h | help | status ] |
# {vpn_instance to monitor} [ignore='csv_vpn_clients] [interval='seconds'] [timeout='seconds']] [force[big | small]
# [curlrate='number'] [minrates='csv_rates'] [verbose] [delay='seconds'] [noswitch[='hhmm-hhmm'[,...]]] [silent]
# [multiconfig] [once] [pingonly=ping_target] [sendmail {emailcfg='config_file'}]
#
# VPN_Failover 1
# Monitor VPN Client 1 every 30 secs and if DOWN switch to VPN Client 2 and then monitor VPN Client 2
# (This initiates the round robin for ALL VPN Clients (if configured) in sequence 2,3,4,5 then back to VPN Client 1)
# VPN_Failover 1 once
# As above, but the script terminates immediately and exits if the VPN Client 1 connection is UP.
# VPN_Failover status
# Show the status of ACTIVE monitoring processes and the semaphores '/tmp/vpnclientX-VPNFailover'
# VPN_Failover 2 ignore=3,4,5
# Monitor VPN Client 2 every 30 secs and if DOWN switch to VPN Client 1 and then monitor VPN Client 1
# (This initiates the round robin ONLY for the two VPN Clients; VPN1 (Primary) and VPN2 (Fail-over)
# VPN_Failover 2 interval=60
# Monitor VPN Client 2 every 60 secs and if DOWN switch to VPN Client 3 and then monitor VPN Client 3
# VPN_Failover 5 timeout=45
# Monitor VPN Client 5 every 30 secs and if DOWN switch to VPN Client 1 and allow max 45 secs for Client 1 to start
# then monitor VPN Client 1
# VPN_Failover 4 pingonly=10.99.8.1
# Client 4's OpenVPN Server, may have 'LANONLY', so a cURL to retrieve the VPN exit-IP will not work, so instead
# force the test to use only PING. (NOTE: The ping target will normally be the remote router (nvram get lan_ipaddr))
# VPN_Failover 3 force curlrate=1M
# If the 12MB cURL transfer rate is <1048576 Bytes per second, then treat this as VPN Client 3 'DOWN'
# (This cURL rate is not applicable to other VPN Clients if a switch occurs)
# VPN_Failover 3 force curlrate=1M verbose
# As previous example, but additional cURL transfer statistics/progress messages are shown on the console. (Useful to determine appropriate 'minrates=')
# VPN_Failover 3 forcesmall curlrate=1000 verbose noswitch=08:59-17:00
# If the 433Byte cURL transfer rate is <1000 Bytes per second, no (disruptive) VPN Switch is performed during 'office' hours 9-5
# VPN_Failover 3 forcesmall curlrate=1000 verbose noswitch
# If the 433Byte cURL transfer rate is <1000 Bytes per second, no (disruptive) VPN Switch is performed at ANY time.
# (If VPN Client 3 is DOWN; the 'noswitch' directive is temporarily ignored to ensure the next round-robin VPN Client is started and found to be UP)
# VPN_Failover 1 force curlrate=900K minrates=?,500k,123456
# Explicitly override three of the VPN Client minimum cURL rates e.g. VPN1=9921600B/sec,VPN2=512000B/sec and VPN3=123456B/sec (VPN4 and VPN5 remain 0B/sec)
# If the 12MB cURL transfer rate is <9921600 Bytes per second, then treat this as VPN Client 1 'DOWN'
# (If a switch to VPN Client 2 occurs, a min rate of 512000B/sec will be expected, and if a switch to VPN3 occurs, a min rate of 123456B/sec will be expected)
# VPN_Failover 1 multiconfig
# Monitor VPN Client 1 every 30 secs and if DOWN, retrieve the next round-robin VPN Client 1 config from '/jffs/configs/VPN_Failover' and restart VPN Client 1.
# (So rather than be limited by 5 VPN GUI configs, you can now specify an unlimited custom server list for a SINGLE VPN ISP
# e.g. 1 vpn.LA.server 553 udp #HMA Los Angeles
# 1 vpn.NY.server 443 tcp #HMA New York
# 1 vpn.SF.server 1194 udp #HMA San Francisco
# VPN_Failover 2 interval=60 sendmail emailcfg=/jffs/configs/Email.conf
# Monitor VPN Client 2 every 60 secs and if DOWN switch to VPN Client 3 and then monitor VPN Client 3
# and send an email using the email configuration parms in '/jffs/configs/Email.conf'
You could try the 'pingonly=' option in lieu of the cURL data transfer.Could the "ping" considered as well as trigger ?
Thanks a lot for your support. I added the following commands to the files VPNClientX-upThe script's help should assist in describing the syntax
Code:./VPN_Failover.sh -h # # VPN_Failover [-h | help | status ] | # {vpn_instance to monitor} [ignore='csv_vpn_clients] [interval='seconds'] [timeout='seconds']] [force[big | small] # [curlrate='number'] [minrates='csv_rates'] [verbose] [delay='seconds'] [noswitch[='hhmm-hhmm'[,...]]] [silent] # [multiconfig] [once] [pingonly=ping_target] [sendmail {emailcfg='config_file'}] # # VPN_Failover 1 # Monitor VPN Client 1 every 30 secs and if DOWN switch to VPN Client 2 and then monitor VPN Client 2 # (This initiates the round robin for ALL VPN Clients (if configured) in sequence 2,3,4,5 then back to VPN Client 1) # VPN_Failover 1 once # As above, but the script terminates immediately and exits if the VPN Client 1 connection is UP. # VPN_Failover status # Show the status of ACTIVE monitoring processes and the semaphores '/tmp/vpnclientX-VPNFailover' # VPN_Failover 2 ignore=3,4,5 # Monitor VPN Client 2 every 30 secs and if DOWN switch to VPN Client 1 and then monitor VPN Client 1 # (This initiates the round robin ONLY for the two VPN Clients; VPN1 (Primary) and VPN2 (Fail-over) # VPN_Failover 2 interval=60 # Monitor VPN Client 2 every 60 secs and if DOWN switch to VPN Client 3 and then monitor VPN Client 3 # VPN_Failover 5 timeout=45 # Monitor VPN Client 5 every 30 secs and if DOWN switch to VPN Client 1 and allow max 45 secs for Client 1 to start # then monitor VPN Client 1 # VPN_Failover 4 pingonly=10.99.8.1 # Client 4's OpenVPN Server, may have 'LANONLY', so a cURL to retrieve the VPN exit-IP will not work, so instead # force the test to use only PING. (NOTE: The ping target will normally be the remote router (nvram get lan_ipaddr)) # VPN_Failover 3 force curlrate=1M # If the 12MB cURL transfer rate is <1048576 Bytes per second, then treat this as VPN Client 3 'DOWN' # (This cURL rate is not applicable to other VPN Clients if a switch occurs) # VPN_Failover 3 force curlrate=1M verbose # As previous example, but additional cURL transfer statistics/progress messages are shown on the console. (Useful to determine appropriate 'minrates=') # VPN_Failover 3 forcesmall curlrate=1000 verbose noswitch=08:59-17:00 # If the 433Byte cURL transfer rate is <1000 Bytes per second, no (disruptive) VPN Switch is performed during 'office' hours 9-5 # VPN_Failover 3 forcesmall curlrate=1000 verbose noswitch # If the 433Byte cURL transfer rate is <1000 Bytes per second, no (disruptive) VPN Switch is performed at ANY time. # (If VPN Client 3 is DOWN; the 'noswitch' directive is temporarily ignored to ensure the next round-robin VPN Client is started and found to be UP) # VPN_Failover 1 force curlrate=900K minrates=?,500k,123456 # Explicitly override three of the VPN Client minimum cURL rates e.g. VPN1=9921600B/sec,VPN2=512000B/sec and VPN3=123456B/sec (VPN4 and VPN5 remain 0B/sec) # If the 12MB cURL transfer rate is <9921600 Bytes per second, then treat this as VPN Client 1 'DOWN' # (If a switch to VPN Client 2 occurs, a min rate of 512000B/sec will be expected, and if a switch to VPN3 occurs, a min rate of 123456B/sec will be expected) # VPN_Failover 1 multiconfig # Monitor VPN Client 1 every 30 secs and if DOWN, retrieve the next round-robin VPN Client 1 config from '/jffs/configs/VPN_Failover' and restart VPN Client 1. # (So rather than be limited by 5 VPN GUI configs, you can now specify an unlimited custom server list for a SINGLE VPN ISP # e.g. 1 vpn.LA.server 553 udp #HMA Los Angeles # 1 vpn.NY.server 443 tcp #HMA New York # 1 vpn.SF.server 1194 udp #HMA San Francisco # VPN_Failover 2 interval=60 sendmail emailcfg=/jffs/configs/Email.conf # Monitor VPN Client 2 every 60 secs and if DOWN switch to VPN Client 3 and then monitor VPN Client 3 # and send an email using the email configuration parms in '/jffs/configs/Email.conf'
Effectively, it enforces (possibly different) throughput thresholds to be applied when switching between different VPN clients - in this case VPN 1 and 3 will both have the same (600K Bytes/Second) download threshold.
The '&' means the script will execute in the background.
You could try the 'pingonly=' option in lieu of the cURL data transfer.
In Syslog, there should be messages that indicate the scheduled interval (hh:mm:ss) for the next check to confirm the VPN connection is UP and/or meeting the throughput threshold.I tried manually turn off VPN4 via GUI can waited 5 minutes. But the OVPNC3 was not started as I want - altough I checked the Status and it was active.....
Last question to my OVPNC5 configuration. In the case, OVPNC5 goes down, the service is restarted after 2 Minutes , correct ?
Sep 1 10:51:40 RT-AC68U (VPN_Failover.sh): 27180 VPN Client Monitor: Checking VPN Client 1 connection status....
Sep 1 10:51:41 RT-AC68U (VPN_Failover.sh): 27180 using IP retrieval (xxx.xxx.xxx.xxx) - cURL 'http://ipecho.net/plain' rc15=0
Sep 1 10:51:41 RT-AC68U (VPN_Failover.sh): 27180 VPN Client Monitor: VPN Client 1 status OK
Sep 1 10:51:42 RT-AC68U (VPN_Failover.sh): 27180 Will check VPN Client 1 connection status again in 00:20:00 .....@11:11:42
sh /jffs/scripts/VPN_Failover.sh 4 "delay=120" "ignore=1,2,5" "verbose" "interval=1200" force minrates=600K,?,600K &
sh /jffs/scripts/VPN_Failover.sh 5 "delay=120" "ignore=1,2,3,4" "verbose" "interval=1200" force minrates=600K,?,600K &
Yes@Martineau i got a couple of quick questions:
1. For the multiconfig option, can I put vpn servers to be used by vpn1/3/5 in the same /jffs/scripts/VPNfailover file? If so, how does it know which servers belong to what vpn client? Is it the first number in each server line?
The 'multiconfig' option was designed to be used for basic round-robin selection from a list of OpenVPN servers (i.e. UDP/TCP sockets) provided by the same VPN ISP. (This script feature is now available in the OpenVPN GUI configuration)2. Can I combine other parameters with multiconfig (delay,interval,etc.)?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!