L&LD
Part of the Furniture
Just curious why you didn't install the release of 384.11_0 for your router?
vpnclient1 up / down scripts (openvpn) ac86u help needed
- Thread starter Butterfly Bones
- Start date
Just curious why you didn't install the release of 384.11_0 for your router?
eibgrad
Part of the Furniture
I just grabbed what I thought was the latest and greatest. If you want me to try another build, I will.
L&LD
Part of the Furniture
Sorry, I hope I'm not making you go on a wild goose chase here.
But there were two 384.11 Beta builds (and 4 additional Alpha builds, previously).
384.11_0 was just released a couple of days ago.
https://www.snbforums.com/threads/release-asuswrt-merlin-384-11-is-available.56501/
Martineau
Part of the Furniture
I have updated 'VPN_Failover.h' with the corrected openvpn-event usage instructions, and hopefully tweaked the code in an attempt to ensure the desired expected integration with the proposed openvpn-event 'vpnclientX-route-pre-down' script.
Also, given your current configuration, pending firmare v384.12, you will also need to use openvpn-event 'vpnclient1-route-up' trigger rather than 'vpnclient1-up'
EDIT: Corrected typo in the openvpn-event trigger name.
Last edited:
Butterfly Bones
Very Senior Member
I still have the modified openvpn-event using john9527 template with your modification above, Here is the syslog of start and stop vpnclient1.
Code:
May 9 13:33:48 RT-AC86U-4608 rc_service: httpds 3184:notify_rc start_vpnclient1
May 9 13:33:48 RT-AC86U-4608 custom_script: Running /jffs/scripts/service-event (args: start vpnclient1)
May 9 13:33:57 RT-AC86U-4608 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1553 10.200.0.110 10.200.0.109)
May 9 13:33:57 RT-AC86U-4608 openvpn-event[20978]: Script not defined for VPN event: vpnclient1-route-up
May 9 13:35:38 RT-AC86U-4608 rc_service: httpds 3184:notify_rc stop_vpnclient1
May 9 13:35:38 RT-AC86U-4608 custom_script: Running /jffs/scripts/service-event (args: stop vpnclient1)
May 9 13:35:38 RT-AC86U-4608 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1553 10.200.0.110 10.200.0.109 init)
May 9 13:35:38 RT-AC86U-4608 openvpn-event[21258]: Script executing.. for VPN event: vpnclient1-route-pre-downThank you for the update.
Martineau
Part of the Furniture
The template contains no files, but expects you to physically create them.
i.e. you have obviously manually created script '/jffs/scripts/vpnclient1-route-pre-down' so it can be executed, but you seem completely oblivious to the fact that if you need to execute 'vpnclient1-route-up' then you need to physically create it?
Butterfly Bones
Very Senior Member
I created vpnclientX-up/vpnclientX-route-pre-up following the new documention.The template contains no files, but expects you to physically create them.
i.e. you have obviously manually created script '/jffs/scripts/vpnclient1-route-pre-down' so it can be executed, but you seem completely oblivious to the fact that if you need to execute 'vpnclient1-route-up' then you need to physically create it?
Code:
# Script may be initiated by openvpn-event vpnclientX-up/vpnclientX-route-pre-up ONLY if one VPN Client is ACTIVE at any given time!!!!Butterfly Bones
Very Senior Member
The scripts work now that I have the correct file name. I have syslog-ng scrape to an /opt/var/log/vpnfailover.log. No indication there or in htop or using ps grep that VPN_Failover.sh is running.
Code:
May 9 14:16:32 RT-AC86U-4608 rc_service: httpds 3184:notify_rc start_vpnclient1
May 9 14:16:32 RT-AC86U-4608 custom_script: Running /jffs/scripts/service-event (args: start vpnclient1)
May 9 14:16:41 RT-AC86U-4608 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1553 10.200.0.78 10.200.0.77)
May 9 14:16:41 RT-AC86U-4608 openvpn-event[28181]: Script executing.. for VPN event: vpnclient1-route-up
May 9 14:19:14 RT-AC86U-4608 rc_service: httpds 3184:notify_rc stop_vpnclient1
May 9 14:19:14 RT-AC86U-4608 custom_script: Running /jffs/scripts/service-event (args: stop vpnclient1)
May 9 14:19:14 RT-AC86U-4608 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1553 10.200.0.78 10.200.0.77 init)
May 9 14:19:14 RT-AC86U-4608 openvpn-event[28717]: Script executing.. for VPN event: vpnclient1-route-pre-downeibgrad
Part of the Furniture
Sorry, I hope I'm not making you go on a wild goose chase here.
But there were two 384.11 Beta builds (and 4 additional Alpha builds, previously).
384.11_0 was just released a couple of days ago.
https://www.snbforums.com/threads/release-asuswrt-merlin-384-11-is-available.56501/
Just tried 384.11_0, exact same results. No up/down events, only route-up/route-pre-down.
Butterfly Bones
Very Senior Member
Running from terminal:
Code:
17:27:53 v1.14 VPN Client Monitor: Checking VPN Client 1 connection status....
VPN Client 1 connection status OK
/jffs/scripts/VPN_Failover.sh: line 986: can't create : nonexistent directory
Will check VPN Client 1 connection status again in 30 secs.....@17:28:23
17:28:23 v1.14 VPN Client Monitor: Checking VPN Client 1 connection status....
VPN Client 1 connection status OK
/jffs/scripts/VPN_Failover.sh: line 986: can't create : nonexistent directory
Will check VPN Client 1 connection status again in 30 secs.....@17:28:54
17:28:54 v1.14 VPN Client Monitor: Checking VPN Client 1 connection status....
VPN Client 1 connection status OK
/jffs/scripts/VPN_Failover.sh: line 986: can't create : nonexistent directory
Will check VPN Client 1 connection status again in 30 secs.....@17:29:24
17:29:24 v1.14 VPN Client Monitor: Checking VPN Client 1 connection status....
VPN Client 1 connection status OK
/jffs/scripts/VPN_Failover.sh: line 986: can't create : nonexistent directory
Will check VPN Client 1 connection status again in 30 secs.....@17:29:54
17:29:54 v1.14 VPN Client Monitor: Checking VPN Client 1 connection status....
VPN Client 1 connection status OK
/jffs/scripts/VPN_Failover.sh: line 986: can't create : nonexistent directory
Will check VPN Client 1 connection status again in 30 secs.....@17:30:25
17:30:25 v1.14 VPN Client Monitor: Checking VPN Client 1 connection status....
VPN Client 1 connection status OK
/jffs/scripts/VPN_Failover.sh: line 986: can't create : nonexistent directory
Will check VPN Client 1 connection status again in 30 secs.....@17:30:55
17:30:55 v1.14 VPN Client Monitor: Checking VPN Client 1 connection status....
VPN Client 1 connection status OK
/jffs/scripts/VPN_Failover.sh: line 986: can't create : nonexistent directory
As I already explained:
Code:
Client:
updown.sh is only used if DNS mode is not set to "Ignore" and authentication mode is set to TLS. This is because there was nothing before that in that script for these other modes.This is how it's currently implemented, since there was no need for running updown.sh when DNS is ignored - that script's primary function is to configure dnsmasq.
octopus
Part of the Furniture
Try with: dos2unix /jffs/scripts/VPN_Failover.sh and run again.
eibgrad
Part of the Furniture
Understood. I'm not questioning your reasoning. For your purposes, this makes perfect sense, it's consistent. But from the user's perspective, this is inconsistent.
From the beginning, it's been my contention these events are *only* being triggered based on your needs, not the user's needs. And therefore, the user can't depend on these events being triggered in all situations (contrary to what others keep telling me). But the user is admonished for not using openvpn-event, with at least the implication they can depend on these events being called consistently. That's simply NOT the case. So the user is being sent mixed messages.
Personally, I'd like to see all these events triggered consistently, esp. if the user is being told to follow the openvpn-event model. I just don't think it's reasonable to expect the average user to be aware of these inconsistencies, and how to deal with them. Case and point, the very existence of this thread. The OP and I have the same configuration (Accept DNS Configuration = Disabled), so we have the same problem triggering the up/down events.
Of course, that's your call. At least the notion these events are being called on a consistent basis has been finally and officially debunked.
Martineau
Part of the Furniture
Martineau
Part of the Furniture
Xentrk
Part of the Furniture
I am enjoying the discussion in this thread. I too have dissected the code interaction and integration of updown.sh and vpnrouting.sh in the development of my selective routing project. But I have learned some new things from reading this thread and thank you everyone for sharing their insights.
Xentrk
Part of the Furniture
I have been experiencing issues with the OpenVPN event system messages not appearing in the system log recently. I find if I go to the system log screen and change the setting for system log level and press apply , they start showing up again. I will test this some more after I upgrade to 384.11 to see if the behavior continues. I know log level needs to be set at 3 or above in the OpenVPN client screen for the messages to get output to the system log.
Butterfly Bones
Very Senior Member
I'm a long time Linux user, my edits are done in xed or nano. I make certain that all scripts are chmod 755 as you can see. Who needs dos2unix when you have nothing dos related on your computer?
Code:
@RT-AC86U-4608:/tmp/home/root# ls -alh /jffs/scripts/
drwxr-xr-x 2 [redact] root 0 May 9 19:23 .
drwxr-xr-x 14 [redact] root 0 May 10 02:25 ..
-rwxr-xr-x 1 [redact] root 16.4K Mar 18 15:11 ChkWAN.sh
-rwxr-xr-x 1 [redact] root 40.0K May 9 13:23 VPN_Failover.sh
-rwxr-xr-x 1 [redact] root 59.6K Apr 30 09:53 amtm
-rw-rw-r-- 1 [redact] root 20.8K May 9 14:01 custom_menuTree.js
-rw-rw-r-- 1 [redact] root 23.2K May 9 14:01 custom_start_apply.htm
-rwxr-xr-x 1 [redact] root 3.4K Apr 21 09:52 disk-check
-rwxr-xr-x 1 [redact] root 39 Mar 18 15:11 dnsmasq.conf.add
-rwxr-xr-x 1 [redact] root 73 Mar 18 15:11 dnsmasq.postconf
-rwxr-xr-x 1 [redact] root 185.4K Apr 16 18:38 firewall
-rwxr-xr-x 1 [redact] root 99 Apr 29 08:51 firewall-start
-rwxr-xr-x 1 [redact] root 432 Mar 23 20:22 init-start
-rwxr-xr-x 1 [redact] root 56 Mar 18 15:11 ledsoff.sh
-rwxr-xr-x 1 [redact] root 56 Mar 18 15:11 ledson.sh
-rwxr-xr-x 1 [redact] root 108 May 9 14:01 nat-start
-rw-rw-rw- 1 [redact] root 125.3K May 10 08:15 ntpdstats_rrd.rrd
-rw-rw-rw- 1 [redact] root 5.0K May 9 14:01 ntpdstats_www.asp
-rwxr-xr-x 1 [redact] root 31.4K May 9 14:00 ntpmerlin
-rwxr-xr-x 1 [redact] root 2.0K May 9 07:25 openvpn-event
-rwxr-xr-x 1 [redact] root 333 Apr 30 09:58 post-mount
-rwxr-xr-x 1 [redact] root 629 May 5 07:20 post-mount.div
-rwxr-xr-x 1 [redact] root 53 Mar 18 15:11 pre-mount
-rwxr-xr-x 1 [redact] root 98 Apr 16 07:04 rm_dcd_crash
-rwxr-xr-x 1 [redact] root 726 Mar 21 19:47 rm_ovpn_cert.sh
-rwxr-xr-x 1 [redact] root 13.3K May 5 16:53 scmerlin
-rwxr-xr-x 1 [redact] root 21.7K May 5 13:35 scribe
-rwxr-xr-x 1 [redact] root 133 May 9 19:23 service-event
-rwxr-xr-x 1 [redact] root 273 May 9 20:38 services-start
-rwxr-xr-x 1 [redact] root 121 Apr 16 18:37 services-stop
-rw-rw-rw- 1 [redact] root 3.1K May 9 11:01 uiDivStats_cache.tar.gz
-rw-rw-rw- 1 [redact] root 62.9K May 9 06:16 uidivstats_rrd.rrd
-rwxr-xr-x 1 [redact] root 408 Mar 18 15:11 unmount
-rwxr-xr-x 1 [redact] root 3.1K Mar 18 15:11 update-notification
-rwxr-xr-x 1 [redact] root 416 May 9 13:27 vpnclient1-route-pre-down
-rwxr-xr-x 1 [redact] root 84 May 9 15:42 vpnclient1-route-up
-rwxr-xr-x 1 [redact] root 135 May 4 2018 wan-startButterfly Bones
Very Senior Member
For me it is intentional using syslog-ng implemented in the script named scribe by cmkelley.
https://www.snbforums.com/threads/scribe-syslog-ng-and-logrotate-installer-v0-10_2-beta.55853/
Here is what I see in the webGUI syslog (symlinked back from /opt/var/log/messages by scribe/syslog-ng).
Code:
May 10 09:15:03 RT-AC86U-4608 rc_service: httpds 19418:notify_rc stop_vpnclient1
May 10 09:15:03 RT-AC86U-4608 custom_script: Running /jffs/scripts/service-event (args: stop vpnclient1)
May 10 09:15:03 RT-AC86U-4608 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1553 10.200.0.74 10.200.0.73 init)
May 10 09:15:03 RT-AC86U-4608 openvpn-event[8210]: Script executing.. for VPN event: vpnclient1-route-pre-down
May 10 09:16:17 RT-AC86U-4608 rc_service: httpds 19418:notify_rc start_vpnclient1
May 10 09:16:17 RT-AC86U-4608 custom_script: Running /jffs/scripts/service-event (args: start vpnclient1)
May 10 09:16:25 RT-AC86U-4608 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1553 10.200.0.42 10.200.0.41)
May 10 09:16:25 RT-AC86U-4608 openvpn-event[8643]: Script executing.. for VPN event: vpnclient1-route-up
Code:
May 10 09:15:03 RT-AC86U-4608 ovpn-client1[1628]: event_wait : Interrupted system call (code=4)
May 10 09:15:03 RT-AC86U-4608 ovpn-client1[1628]: vpnrouting.sh tun11 1500 1553 10.200.0.74 10.200.0.73 init
May 10 09:15:03 RT-AC86U-4608 openvpn-routing: Configuring policy rules for client 1
May 10 09:15:03 RT-AC86U-4608 ovpn-client1[1628]: Closing TUN/TAP interface
May 10 09:15:03 RT-AC86U-4608 ovpn-client1[1628]: /bin/ip addr del dev tun11 local 10.200.0.74 peer 10.200.0.73
May 10 09:15:03 RT-AC86U-4608 ovpn-client1[1628]: SIGTERM[hard,] received, process exiting
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8474]: OpenVPN 2.4.7 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 8 2019
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8474]: library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.08
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.170.240.115:1194
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: Socket Buffers: R=[524288->1048576] S=[524288->1048576]
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: UDP link local: (not bound)
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: UDP link remote: [AF_INET]107.170.240.115:1194
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: TLS: Initial packet from [AF_INET]107.170.240.115:1194, sid=39d7a590 e920bc3d
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: VERIFY OK: depth=1, C=US, ST=NY, L=New York, O=Simplex Solutions Inc., OU=Vpn Unlimited, CN=server.vpnunlimitedapp.com, name=server.vpnunlimitedapp.com, emailAddress=support@simplexsolutionsinc.com
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: VERIFY KU OK
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: Validating certificate extended key usage
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: VERIFY EKU OK
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: VERIFY OK: depth=0, CN=openvpn2.vpnunlimitedapp.com
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
May 10 09:16:17 RT-AC86U-4608 ovpn-client1[8475]: [openvpn2.vpnunlimitedapp.com] Peer Connection Initiated with [AF_INET]107.170.240.115:1194
May 10 09:16:18 RT-AC86U-4608 ovpn-client1[8475]: SENT CONTROL [openvpn2.vpnunlimitedapp.com]: 'PUSH_REQUEST' (status=1)
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: SENT CONTROL [openvpn2.vpnunlimitedapp.com]: 'PUSH_REQUEST' (status=1)
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.200.0.1,rcvbuf 262144,sndbuf 262144,comp-lzo no,ping 5,ping-exit 30,route 10.200.0.1,topology net30,ifconfig 10.200.0.42 10.200.0.41,peer-id 9,cipher AES-256-GCM'
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: OPTIONS IMPORT: timers and/or timeouts modified
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: OPTIONS IMPORT: compression parms modified
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: Socket Buffers: R=[1048576->524288] S=[1048576->524288]
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: OPTIONS IMPORT: --ifconfig/up options modified
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: OPTIONS IMPORT: route options modified
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: OPTIONS IMPORT: peer-id set
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: OPTIONS IMPORT: adjusting link_mtu to 1625
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: OPTIONS IMPORT: data channel crypto options modified
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: Data Channel: using negotiated cipher 'AES-256-GCM'
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: TUN/TAP device tun11 opened
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: TUN/TAP TX queue length set to 1000
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: /bin/ip link set dev tun11 up mtu 1500
May 10 09:16:23 RT-AC86U-4608 ovpn-client1[8475]: /bin/ip addr add dev tun11 local 10.200.0.42 peer 10.200.0.41
May 10 09:16:25 RT-AC86U-4608 openvpn-routing: Configuring policy rules for client 1
May 10 09:16:25 RT-AC86U-4608 ovpn-client1[8475]: Initialization Sequence CompletedButterfly Bones
Very Senior Member
Thanks, I've updated and went back through all scripts carefully. I see no indication anywhere that VPN_Failover.sh is running on my router, htop, ps grep, like I can if run via cron or from command line.Whoops
Similar threads
Similar threads
Similar threads
-
-
RT-AX88U wireless shuts down at irregular intervals
- Started by Nighthawke70
- Replies: 8
-
-
In dnsmasq, how do I stop overriding an address if the server goes down?
- Started by PickleTickle
- Replies: 1
-
-
-
Attached drive not idling down as the firmware says and is set for- Started by skeal
- Replies: 6
-
-
-
Latest threads
-
-
-
-
installed The latest beta 3 on an ASUS 96U and get tainted log messages.
- Started by Rawcus
- Replies: 1
-
Current Status of Time Machine for MacOS on Merlin Firmware
- Started by Istvanwagon
- Replies: 7
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!