What's new

VPNMON VPNMON-R2 v2.52 -Mar 27, 2023- Monitor your VPN connection's Health (Thread locked/closed)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Excellent work @Kingp1n! You rock! :) PS. I may need to lean on you for some good documentation on how you accomplished this to include in the overall documentation set!


That just means that this VPN server wasn't responding to a ping for whatever reason... perhaps they rebooted it. ;) If it's persistently marked as OFFLINE, I would definitely recommend switching to something else. And yeah, the default action is to just notify you... it won't do anything else.


BTW, this will happen on occasion when the "free" IP Location API gets busy, and will just default to the IP instead of a city name. You can stop the script and restart it to give it another go, or just wait until the next reset cycle, or force a reset with the "R" option. Reboot only if necessary when you have a lot of dependencies all working in concert like this... right? LOL. I feel the same way. I've got some items that start up automatically that I have to keep an eye on after reboots as well.


That's awesome news... I'm happy to see you've got everything all tidied up and locked down! My results from this test show that I have leaks, but only because I'm using quad9, and not the recommended DNS servers that Nord provides me... but it leaks by design, over DoT. ;)
I can help as much I can help but honestly I think I might just gotten lucky :)
 
Minor update to v2.11 today, everyone... changelog below:

v2.11 - (August 3, 2022)
- ADDED:
Added a VPN Director rule restart after VPNMON-R2 goes through a reset cycle to help with possible compatibility issues in dual WAN/secondary WAN disconnects.
- FIXED: Minor tweaks and corrections
 
Being restless, another minor OCD-related update to v2.12 today!

v2.12 - (August 8, 2022)
- CHANGED:
the color scheme to match that of RTRMON and PWRMON a bit more. Seeing a little more uniformity and standardization between the three helps calm my OCD. ;)
- FIXED: realizing that the timezone abbreviation can vary from 1 char to 5 chars across the world which skews the time to the left/right, so I have built in some logic that adjusts the top line that includes the current line to ensure that it lines up with the subsequent lines underneath. Yep, another OCD-related fix. lol

Download:
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.12.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod a+rx "/jffs/scripts/vpnmon-r2.sh"

Screenshot:
vpnmon-r2-212-1.jpg
 
Being restless, another minor OCD-related update to v2.12 today!

v2.12 - (August 8, 2022)
- CHANGED:
the color scheme to match that of RTRMON and PWRMON a bit more. Seeing a little more uniformity and standardization between the three helps calm my OCD. ;)
- FIXED: realizing that the timezone abbreviation can vary from 1 char to 5 chars across the world which skews the time to the left/right, so I have built in some logic that adjusts the top line that includes the current line to ensure that it lines up with the subsequent lines underneath. Yep, another OCD-related fix. lol

Download:
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.12.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod a+rx "/jffs/scripts/vpnmon-r2.sh"

Screenshot:
View attachment 43387
This is AWESOME! :D:D:D:D:D
 

OK, you've convinced me -- how do I setup a VPN or run VPNMON-R2?​

In case you're curious about how to configure your own amazing whole-home VPN setup, here are some basic instructions... Please understand that this is how I have my OVPN client slots setup, and your needs may differ, so feel free to jump into this thread if you have any other setup questions!

1.) Insert a Flashdrive - First plug a flashdrive into the back of your router, where a lot of these scripts, cache and swap file will end up being located.

2.) Use the AMTM tool - Log into your router using an SSH terminal tool, like PuTTY (for Windows), execute "AMTM", and use the commands "fd" to format your flashdrive, and "sw" to configure a swap file. Minimum recommended size is at least 2GB.

3.) Configure your router to handle scripts - You must first enable the ability for your router to handle custom scripts. From your router UI, go to Administration -> System -> "Format JFFS partition at next boot" (yes) and "Enable JFFS custom scripts and configs" (yes)... reboot your router to enable these changes.

4.) Subscribe to a VPN provider - Picking NordVPN, SurfShark or Perfect Privacy will give you some more awesome functionality with VPNMON-R2, but you can basically pick anything you want. I'm going to use NordVPN in these examples...

5.) Download your VPN server config - Go to your VPN providers server config download page (ex: https://nordvpn.com/servers/tools/), and pick one (or a selection) of OpenVPN UDP server configs, and download them. It will probably end up with a name like this: "us9488.nordvpn.com.udp.ovpn"

1657465836470.png



6.) Check the .ovpn contents - The contents of the .ovpn file will contain the security certificates, vpn server name, and configuration parameters. Give it a cursory glance to make sure it looks like everything's there.

7.) Configure your VPN Client Slots - From the Asus-Merlin VPN Client page, pick your 1st OpenVPN Client Slot... click on the "Choose File" button, and select the file you just downloaded, and click the "Upload" button to import it. This will populate most of your settings on this page, but will need to go through, name some things, and make some configuration tweaks. For example, these are the settings I use below... yours might differ based on your preferences.

Screenshot 2022-02-20 19.11.11.png

Screenshot 2022-02-20 19.11.56.png



8.) Apply these custom configuration entries on the bottom of the page - This is an important step! The custom config entries that come with the .ovpn file may work, but aren't the greatest. Please over-copy them with these configuration entries below. These work great for NordVPN, but for many other VPN providers as well. If they don't, revert back or look for some best practice entries for your particular VPN provider:

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

9). Test your VPN Client! After you hit "APPLY" on the bottom of the Asus-Merlin VPN Client page, slide the on/off switch to ON, and see if you can make a successful VPN connection. If you don't see any errors, and have been able to test that your client(s), network(s), etc. can browse through the VPN, you can crack open that beer in celebration. ;)

10.) Now go configure your other 4 slots! To make the best use of VPNMON-R2, you would want each of your 5 standalone VPN client slots pre-configured in the same way you just did your first. Note: If you're considering using the VPNMON-R2 SuperRandom functionality, you can actually use the same .ovpn file for each of your 4 other slots. Your VPN Slot's "server address" and "description" fields will be automatically filled in by the VPNMON-R2 script when it finds new random servers for you to connect to.

Important: VPN Director is an important element to consider as well, and would recommend creating 5 different entries for each of your 5 VPN Client slots to ensure that your local subnet will ALWAYS route through the VPN no matter which VPN client is currently connected. See below:

1657476560112.png


11.) Download VPNMON-R2 -- Using the AMTM tool, download and install VPNMON-R2. From it's main menu, type "sc" to setup and configure the script. You can use the defaults in place to run it with minimal functionality, or go through and make selections based on your particular environment.

12.) Profit! Now go ahead and enjoy the experience... :)

Gotchas​

  • If you want to make the integration with VPNMGR, please make sure you have installed VPNMGR, have populated your VPN slots with it, have tested refreshing its cache, and that you are able to successfully connect to your VPN provider before running this script. You may find the program and installation/configuration information here: https://www.snbforums.com/threads/v...ent-configurations-for-nordvpn-and-pia.64930/
  • Make sure you keep your VPN Client slots sequential... don't use 1, 2, and 4... for instance. Keep it to 1, 2, and 3.
  • If you're using the NordVPN SuperRandom(tm) functionality, please be sure that each of your VPN slots are fully configured, as this function will only replace your "server address" IP and the "description" in NordVPN - [CITY] format. It is also important to disable the VPNMGR update so they don't conflict.

Hi @Viktor Jaep, love your work, and have been experimenting with the script the past few hours.

The custom VPN settings you've got listed above don't seem to work for me with NordVPN.

The following settings do seem to work:
Code:
resolv-retry infinite
remote-random
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
remote-cert-tls server
pull
fast-io
cipher AES-256-CBC

Cheers!
 
Hi @Viktor Jaep, love your work, and have been experimenting with the script the past few hours.

The custom VPN settings you've got listed above don't seem to work for me with NordVPN.

The following settings do seem to work:
Code:
resolv-retry infinite
remote-random
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
remote-cert-tls server
pull
fast-io
cipher AES-256-CBC

Cheers!
Thanks @TITAN! I appreciate your comments! What kind of behavior are you seeing with my config vs yours? I could be wrong, but it seems the only difference is "cipher AES-256-CBC"?
 
Last edited:
Thanks @TITAN! I appreciate your comments! What kind of behavior are you seeing with my config vs yours? I could be wrong, but it seems the only difference is "cipher AES-256-CBC"?
@Viktor Jaep, when I use your config for NordVPN it fails to connect. So what I did was download a config from NordVPN and upload it to the router, which then populated these lines in teh additional config (there was an extra line to verify the CN for the certificate, but I removed that so it allows connectivity to other servers)

I've sent you the logs in a private message
 
Just upgraded to vpnmon-Rv2.12 getting error message.

/jffs/scripts/vpnmon-2:sh:line3518:jq:not found

Did I do something wrong on the installation? Will not connect to any of my vpn's servers. Seems to be caught up in a boot loop, that I've seen in previous posts. I had to completely remove it! I think I might have missed a step somewhere.
I got rid of the nordvpn dns ip's, which I read can cause problems. Back to using the stock nordvpn and working fine without vpnmon-r2.12

I'd like to use it if I can get it sorted. Start and stop feature might be nice.
Best settings to use for Nordvpn users. I have my vpn connected to a RT-AC86U.

Thanks to all for the great work.
 
Last edited:
@Viktor Jaep "Feature Request" to consider for your next version ...

Since I use Failover and my Secondary WAN 1 connection is a pretty ordinary 4G USB stick, which has pretty variable and higher ping times anyway ...

A bit of "fine tuning" that would nice would be the ability to specify different "Minimum PING Before Reset?" values for each of WAN 0 and WAN 1, and using those for the VPN monitoring according to which WAN is "active".

At the moment I have to set the value much higher than I'd like in case it fails over to the USB stick. If I set it too low (but perfectly fine for my main "traditional" wired HFC WAN) VPNMON-R2 then would constantly be Resetting, if that makes sense?

Interested to hear your thoughts as always.
 
Just upgraded to vpnmon-Rv2.12 getting error message.

/jffs/scripts/vpnmon-2:sh:line3518:jq:not found

Did I do something wrong on the installation? Will not connect to any of my vpn's servers. Seems to be caught up in a boot loop, that I've seen in previous posts. I had to completely remove it! I think I might have missed a step somewhere.
I got rid of the nordvpn dns ip's, which I read can cause problems. Back to using the stock nordvpn and working fine without vpnmon-r2.12

I'd like to use it if I can get it sorted. Start and stop feature might be nice.
Best settings to use for Nordvpn users. I have my vpn connected to a RT-AC86U.

Thanks to all for the great work.
That's a pretty weird one. The jq command seems to work for me out-of-the-box. You have installed entware, I'm assuming, right? If not try doing that from amtm first.

If that still doesn't work, see if you can install jq separately? Here's the command:

Code:
opkg install jq
 
@Viktor Jaep "Feature Request" to consider for your next version ...

Since I use Failover and my Secondary WAN 1 connection is a pretty ordinary 4G USB stick, which has pretty variable and higher ping times anyway ...

A bit of "fine tuning" that would nice would be the ability to specify different "Minimum PING Before Reset?" values for each of WAN 0 and WAN 1, and using those for the VPN monitoring according to which WAN is "active".

At the moment I have to set the value much higher than I'd like in case it fails over to the USB stick. If I set it too low (but perfectly fine for my main "traditional" wired HFC WAN) VPNMON-R2 then would constantly be Resetting, if that makes sense?

Interested to hear your thoughts as always.
Makes perfect sense... I'll see how this might be able to be implemented. ;)
 
Thanks, Viktor...I'm definitely getting closer to getting this working. If the vpn stat is normal!

Noticed this: VPN1 Disconnected......Offline
VPN2 Disconnected.....Offline
VPN3 Tunnel Active....( Finally Connected)
VPN Stats: (Checking Nordvpn Server Load)
Error Cannot Allocate Memory Aborted
 
Thanks, Viktor...I'm definitely getting closer to getting this working. If the vpn stat is normal!

Noticed this: VPN1 Disconnected......Offline
VPN2 Disconnected.....Offline
VPN3 Tunnel Active....( Finally Connected)
VPN Stats: (Checking Nordvpn Server Load)
Error Cannot Allocate Memory Aborted
For that error... Have you configured a 2GB swap file on your USB drive?

There are some high-level instructions you should follow here... See if any of this might help?

 
Last edited:
That was the issue Viktor and I made a tweak also to dns config/client rules.

I appreciate all of your help and patience:)
 
That was the issue Viktor and I made a tweak also to dns config/client rules.

I appreciate all of your help and patience:)
Cool! Glad it's working for you as advertised now!! LOL
 
@Viktor Jaep "Feature Request" to consider for your next version ...

Since I use Failover and my Secondary WAN 1 connection is a pretty ordinary 4G USB stick, which has pretty variable and higher ping times anyway ...

A bit of "fine tuning" that would nice would be the ability to specify different "Minimum PING Before Reset?" values for each of WAN 0 and WAN 1, and using those for the VPN monitoring according to which WAN is "active".

At the moment I have to set the value much higher than I'd like in case it fails over to the USB stick. If I set it too low (but perfectly fine for my main "traditional" wired HFC WAN) VPNMON-R2 then would constantly be Resetting, if that makes sense?

Interested to hear your thoughts as always.
Hey @Stephen Harrington .... I've been pondering a solution, and wondering if you think this would be a good compromise:

1.) If the primary WAN is active, use the minimum ping rule
2.) If the secondary WAN is active, ignore the minimum ping rule, but once it flips back over to primary, use the minimum ping rule again.

I figure, if you're in a failover state, you probably want to hold onto your secondary connection no matter what, even if you have outrageous ping times.
 
I've been pondering a solution, and wondering if you think this would be a good compromise

Hi @Viktor Jaep, so yes your solution would work fine for my use case, and I’m assuming it would be a selectable option, as clearly others with “proper” secondary connections mightn’t want this?

Further food for thought and ideas for the future - I only have one device going through the VPN and if I am in “emergency failover” to the Secondary USB stick I would be happy to have the VPN just shut down or go into “pause” with firmware kill-switch kicking in (as it would use too much LTE data to have it operating anyway) and then reset/restart when the Primary connection became active again. Again, others with very different setups wouldn’t want this so needs to be optional.
 
Hi @Viktor Jaep, so yes your solution would work fine for my use case, and I’m assuming it would be a selectable option, as clearly others with “proper” secondary connections mightn’t want this?
Well, I think it might be a good default option to start out with. Secondary connections are typically meant to be temporary, so I don't mind treating them a bit differently, such as not including them in the minimum ping rule.

Further food for thought and ideas for the future - I only have one device going through the VPN and if I am in “emergency failover” to the Secondary USB stick I would be happy to have the VPN just shut down or go into “pause” with firmware kill-switch kicking in (as it would use too much LTE data to have it operating anyway) and then reset/restart when the Primary connection became active again. Again, others with very different setups wouldn’t want this so needs to be optional.
That is definitely a good idea, but just so you know, there are people out there who might rather keep their traffic off their ISP's radar even in a failover situation... so I will definitely put some thought into this to see if I can create a selectable option from this. ;)
 
there are people out there who might rather keep their traffic off their ISP's radar even in a failover situation..

Oh yes, I definitely get it, but thank you for considering the idea and making it configurable.
 
Fairly minor release to take care of some optimizations in its normal routines to v2.15! Enjoy!

v2.15 - (August 15, 2022)
- CHANGED:
The order of operations for checkwan, and now occurs directly after the interface tab is drawn. It makes sense to perform this operation here, before the WAN0/1 checks are done, in a more optimized fashion. Also, changed the look/feel of the checkwan/load check notifications to fall more in line with the rest of the theme.
- CHANGED: In a dual-WAN scenario, the high ping rule will be disabled should the WAN failover to WAN1, due to the fact that it will most likely be a slower more latent device. In this scenario, this rule would most likely cause continuous resets due to higher ping/latency, and is rightly so ignored in this particular scenario. (Thanks @Stephen Harrington!)
- FIXED: Minor tweaks and corrections

Download:
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.15.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod a+rx "/jffs/scripts/vpnmon-r2.sh"
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top