What's new

VPNMON VPNMON-R2 v2.52 -Mar 27, 2023- Monitor your VPN connection's Health (Thread locked/closed)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

jax@GT-AX11000-6A10:/tmp/home/root# ip rule list
0: from all lookup local
100: from all to 8.8.8.8 iif lo lookup wan0
100: from all to 1.1.1.1 iif lo lookup wan1
32766: from all lookup main
32767: from all lookup default
That second rule is from WAN Failover, it could be interfering with your VPN Monitoring over the tunnel because it is taking precedence over any routing the tunnel might do. Try making them different targets.
 
That second rule is from WAN Failover, it could be interfering with your VPN Monitoring over the tunnel because it is taking precedence over any routing the tunnel might do. Try making them different targets.
Code:
100:    from all to 8.8.8.8 iif lo lookup wan0

This one, right ?
 
Code:
100:    from all to 8.8.8.8 iif lo lookup wan0

This one, right ?
That is correct, it's the same IP monitoring your tunnel interface it would appear based on logs I've looked at from this thread. Change them to different IPs, restart script. Make sure that rule is deleted if you change WAN Failover WAN0TARGET. This should delete it.
Code:
ip rule del from all iif lo to 8.8.8.8 lookup 100

Unfortunately our routers are limited in capability compared to enterprise equipment where you could monitor several interfaces/connections with the same IP because it can create virtual routers and and interfaces for said task.
 
That is correct, it's the same IP monitoring your tunnel interface it would appear based on logs I've looked at from this thread. Change them to different IPs, restart script. Make sure that rule is deleted if you change WAN Failover WAN0TARGET. This should delete it.
Code:
ip rule del from all iif lo to 8.8.8.8 lookup 100

Unfortunately our routers are limited in capability compared to enterprise equipment where you could monitor several interfaces/connections with the same IP because it can create virtual routers and and interfaces for said task.
Done and wow, VPN Monitor started working @Ranger802004 finally figured it out, hats off

Code:
0:      from all lookup local
100:    from all to 1.1.1.1 iif lo lookup wan1
100:    from all to 8.8.4.4 iif lo lookup wan0
32766:  from all lookup main
32767:  from all lookup default
 
Done and wow, VPN Monitor started working @Ranger802004 finally figured it out, hats off

Code:
0:      from all lookup local
100:    from all to 1.1.1.1 iif lo lookup wan1
100:    from all to 8.8.4.4 iif lo lookup wan0
32766:  from all lookup main
32767:  from all lookup default
Once I saw your logs for VPN going to 8.8.8.8 failing I had a hunch lol.
 
Once I saw your logs for VPN going to 8.8.8.8 failing I had a hunch lol.
Actually I found a way to resolve the conflict, I just need to specify Outgoing interface in the IP Rules, this should keep the 2 scripts from conflicting, I'll publish this fix in my next beta for WAN Failover.
 
Actually I found a way to resolve the conflict, I just need to specify Outgoing interface in the IP Rules, this should keep the 2 scripts from conflicting, I'll publish this fix in my next beta for WAN Failover.
Even better :p
 
Done and wow, VPN Monitor started working @Ranger802004 finally figured it out, hats off

Code:
0:      from all lookup local
100:    from all to 1.1.1.1 iif lo lookup wan1
100:    from all to 8.8.4.4 iif lo lookup wan0
32766:  from all lookup main
32767:  from all lookup default
Thanks for your help on this, @Ranger802004! LOL! I'm glad VPNMON-R2 was semi-correct and doing it's job as reported!
 
More of the same issue after wail failover @Viktor Jaep, Hope you had some luck figuring it out

So I have not had any luck getting this wifi hotspot/usb modem working right with the router... I'm not going to give up, and will see if I can get one of my old androids to act as a usb-tethered modem. If that works out, I'll probably invest in keeping that connection active. But in the end, I want to get this working as it should. Hopefully Beta 7 is a step in the right direction. ;)
 
So I have not had any luck getting this wifi hotspot/usb modem working right with the router... I'm not going to give up, and will see if I can get one of my old androids to act as a usb-tethered modem. If that works out, I'll probably invest in keeping that connection active. But in the end, I want to get this working as it should. Hopefully Beta 7 is a step in the right direction. ;)
I’m about to start reviewing logs sent to me to come up with a solution so standby.
 
I’m about to start reviewing logs sent to me to come up with a solution so standby.
Well, I've been kinda wanting a dual wan solution anyways, being in hurricane-prone southeast US. ;)
 
Well, I've been kinda wanting a dual wan solution anyways, being in hurricane-prone southeast US. ;)
I’m in Louisiana so I totally understand lol
 
OK... for all our Dual-WAN friends out there, here's an interim release v2.01 that addresses some of the optimizations made during our trials of making this work better through Dual-WAN failover and load balancing situations... Please note, I will be diving into this further to ensure everything's up to snuff during these different types of situations as soon as I get a Dual-WAN solution in place... should be shortly! :) In the meantime, just wanted to give a huge shout-out to @Ranger802004 for his willingness to jump in to help troubleshoot and work in some changes to help make his script more compatible with VPNMON-R2 during these failover situations! It's truly appreciated!

v2.01 - (July 17, 2022)
* ADDED:
New logic to determine if a screen session already is running with the alias 'vpnmon-r2'. If there is a session running, and you execute another "vpnmon-r2 -screen", it will prompt you whether or not you want to just reattach to the already-running session - thanks @Kal1975!
* FIXED: Better dual-wan logic for those running @Ranger802004's dual-wan script to eliminate some error messages when both WAN0 and WAN1 were connected at the same time. Thanks to @JAX1337 and @Stephen Harrington for the heads-up! Huge thanks To @Ranger802004 for further troubleshooting routing compatibility between our two scripts in a Dual-WAN failover/load balancing situation. Please note, this is an interim release until I can dive into Dual-WAN capabilities at a near future date to ensure VPNMON-R2 can effectively handle each situation presented to it.

Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.01.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod a+rx "/jffs/scripts/vpnmon-r2.sh"

... or update through your friendly AMTM tool on a router near you! :p
 
OK... for all our Dual-WAN friends out there, here's an interim release v2.01 that addresses some of the optimizations made during our trials of making this work better through Dual-WAN failover and load balancing situations... Please note, I will be diving into this further to ensure everything's up to snuff during these different types of situations as soon as I get a Dual-WAN solution in place... should be shortly! :) In the meantime, just wanted to give a huge shout-out to @Ranger802004 for his willingness to jump in to help troubleshoot and work in some changes to help make his script more compatible with VPNMON-R2 during these failover situations! It's truly appreciated!

v2.01 - (July 17, 2022)
* ADDED:
New logic to determine if a screen session already is running with the alias 'vpnmon-r2'. If there is a session running, and you execute another "vpnmon-r2 -screen", it will prompt you whether or not you want to just reattach to the already-running session - thanks @Kal1975!
* FIXED: Better dual-wan logic for those running @Ranger802004's dual-wan script to eliminate some error messages when both WAN0 and WAN1 were connected at the same time. Thanks to @JAX1337 and @Stephen Harrington for the heads-up! Huge thanks To @Ranger802004 for further troubleshooting routing compatibility between our two scripts in a Dual-WAN failover/load balancing situation. Please note, this is an interim release until I can dive into Dual-WAN capabilities at a near future date to ensure VPNMON-R2 can effectively handle each situation presented to it.

Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R2/master/vpnmon-r2-2.01.sh" -o "/jffs/scripts/vpnmon-r2.sh" && chmod a+rx "/jffs/scripts/vpnmon-r2.sh"

... or update through your friendly AMTM tool on a router near you! :p

Always here to try and help with solutions for all of us. I just want to note that the fix for compatibility for WAN Failover and VPNMON is still in 1.5.6 beta release and not in production release yet.
 
Hi all. I have another suggestion for VPNMON. I don't know if this happens to just me or others as well.

I have issues where sometimes my internet connection goes down. I'm using the ChkWAN script created by @Martineau. It's working well. I only use it to restart my WAN connection and not reboot the router. During the internet outage, my VPN keeps trying to reconnect, unsuccessfully . When the internet comes back, the VPN client is still trying to connect but it can't connect. From the messages, it looks like it can't resolve the server URL (I use a URL instead of an IP address in case the IP is load balanced among several IP addresses or the VPN provider changes the IP address). When I manually stop and restart the VPN client, all is well and goes back to normal. Before I restart the VPN client, the router is less responsive while it's trying to reconnect to the VPN client.

So, my suggestion is that when VPNMON checks the Wan connection, if it's down, to stop all VPN clients. After the Wan connection comes up, VPNMON will then reconnect to one of the VPN slots, either randomly or the previous one that was active. Maybe make this an option?

Just an idea/suggestion. Any thoughts?
 
Hi all. I have another suggestion for VPNMON. I don't know if this happens to just me or others as well.

I have issues where sometimes my internet connection goes down. I'm using the ChkWAN script created by @Martineau. It's working well. I only use it to restart my WAN connection and not reboot the router. During the internet outage, my VPN keeps trying to reconnect, unsuccessfully . When the internet comes back, the VPN client is still trying to connect but it can't connect. From the messages, it looks like it can't resolve the server URL (I use a URL instead of an IP address in case the IP is load balanced among several IP addresses or the VPN provider changes the IP address). When I manually stop and restart the VPN client, all is well and goes back to normal. Before I restart the VPN client, the router is less responsive while it's trying to reconnect to the VPN client.

So, my suggestion is that when VPNMON checks the Wan connection, if it's down, to stop all VPN clients. After the Wan connection comes up, VPNMON will then reconnect to one of the VPN slots, either randomly or the previous one that was active. Maybe make this an option?

Just an idea/suggestion. Any thoughts?
Have you tried restarting dnsmasq service when having this problem?
 
No, I haven't tried that.

I was just looking through the VPNMON code and it looks like it does a VPN reset after the WAN comes back up.

I probably didn't have VPNMON running this last time when the internet went down. I'll keep testing and see what happens with VPNMON running.

Ranger802004, thanks for the idea about checking dnsmasq. I'll keep an eye on that and try restarting dnsmasq depending on further tests with VPNMON.



EDIT:
In thinking about when VPNMON does the reset, it does it after the internet connection comes back up. For my situation, it would be beneficial if the VPN clients were stopped when VPNMON sees that the internet connection is down, if any are active. This will avoid the router continually trying to reconnect the VPN client while the internet connection is down as VPNMON only does the reset after the internet connection comes back up...if I'm reading the code correctly.
 
Last edited:
No, I haven't tried that.

I was just looking through the VPNMON code and it looks like it does a VPN reset after the WAN comes back up.

I probably didn't have VPNMON running this last time when the internet went down. I'll keep testing and see what happens with VPNMON running.

Ranger802004, thanks for the idea about checking dnsmasq. I'll keep an eye on that and try restarting dnsmasq depending on further tests with VPNMON.



EDIT:
In thinking about when VPNMON does the reset, it does it after the internet connection comes back up. For my situation, it would be beneficial if the VPN clients were stopped when VPNMON sees that the internet connection is down, if any are active. This will avoid the router continually trying to reconnect the VPN client while the internet connection is down as VPNMON only does the reset after the internet connection comes back up...if I'm reading the code correctly.
Hey @Kal1975... I was going to mention that VPNMON already does this... this is basically the steps it takes:

1.) Check the WAN
2.) If its up, continue as normal, and check the PINGs/PING speeds/VPN Connections...
3.) If it's down, and the WAN state is reporting something other than "2", then all VPN connections would have gotten disconnected anyways.
4.) If a WAN connection appears to be coming back up, then it will attempt a VPN reset, which includes checking the WAN, killing all VPN connections, etc.
5.) If the WAN state comes back as "2" (connected), then there should not be a reason for VPNMON to reestablish a VPN connection.

I am not sure what ChkWAN does... I would also try to make sure that none of your VPN slots are set to automatically connect incase that's interfering:
1658269247294.png


Also... if you want, please make sure you share some screenshots or VPNMON-R2 logs when an event like this happens, and that will give me some more clues to go on to help you, OK?
 
In the step 3, you're assuming all VPN connections got disconnected. Technically, yes, but if they keep trying to connect, that's the issue I'm trying to avoid.

ChkWAN just keeps pinging every specified interval and if multiple pings or curls don't work, it will restart the WAN...and only the WAN. There are settings to make it reboot, but I don't have it set that way. This is especially useful if you have a flaky internet connection or for remote settings where you can't reset or restart anything, once the internet comes back up.

I checked the "Automatic start at boot time" setting. I believe this is the issue. I have VPN slot 1 set to Yes and all other slots set to no. I had a closer look at the log and realized that it was slot 1 trying to reconnect. I'm going to turn that off as well and test or wait for the issue to reoccur. It seems to have at least every 2 or 3 days.

Thanks, I believe that is the issue.

Now to make sure on initial boot, a VPN slot is activated and VPNMON is started automatically...haven't done that yet.
 
In the step 3, you're assuming all VPN connections got disconnected. Technically, yes, but if they keep trying to connect, that's the issue I'm trying to avoid.

ChkWAN just keeps pinging every specified interval and if multiple pings or curls don't work, it will restart the WAN...and only the WAN. There are settings to make it reboot, but I don't have it set that way. This is especially useful if you have a flaky internet connection or for remote settings where you can't reset or restart anything, once the internet comes back up.

I checked the "Automatic start at boot time" setting. I believe this is the issue. I have VPN slot 1 set to Yes and all other slots set to no. I had a closer look at the log and realized that it was slot 1 trying to reconnect. I'm going to turn that off as well and test or wait for the issue to reoccur. It seems to have at least every 2 or 3 days.

Thanks, I believe that is the issue.

Now to make sure on initial boot, a VPN slot is activated and VPNMON is started automatically...haven't done that yet.
That probably was the issue... The other one you might want to look at on the bottom of the VPN client page is "Connection Retry attempts"... perhaps change that to 3 or something, if you have it set to something else.

I see your concern though... I've thrown an extra round of VPN kill commands into my WAN down function, just to be safe that all VPN connections are dead when it figures the WAN is having issues. I'll have that out after I'm done testing some other stuff... ;)
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top