VPNMON VPNMON-R3 v1.3.5 -May 11, 2024- Monitor WAN/Dual-WAN/VPN Health & Reset Multiple OpenVPN Connections (Now available in AMTM!)

[iTyPsIDg]

https://downdetector.com/status/nord-vpn/

That is the exact same time as others started reporting issues. Thank you!

Could it be related to what's discussed here?

OpenVPN keeps on turning itself off

Hi, I have added NordVPN to my RT-AC68U (386.12_6) OpenVPN with this tutorial: https://support.nordvpn.com/hc/en-us/articles/20319214011921-AsusWRT-Merlin-setup-with-NordVPN I am using VPN director for selective tunneling. It is working, but it turns itself off for some reason after a while...

www.snbforums.com

I changed my custom config to what Viktor has here and my connection returned. I'm not sure if that was merely a timing issue though, due to the above issues others have been experiencing.

If you're using an old CURL statement to write servers to one of your VPN client slots in VPNMON-R3, then it may be coming back with zero/null. But there's a fix for that. Let us know what you're seeing on your end, what you're using, etc.

But Nord seems to be working fine for me today (US servers)...

The curl statement was still working. I managed to run that again and it still returned results.

 

[Viktor Jaep]

That is the exact same time as others started reporting issues. Thank you!

I changed my custom config to what Viktor has here and my connection returned. I'm not sure if that was merely a timing issue though, due to the above issues others have been experiencing.

The curl statement was still working. I managed to run that again and it still returned results.

Glad you're up & running again! Perhaps just localized internet weather causing regional outages depending on where you are, or where your destination servers are located?

 

[iTyPsIDg]

Glad you're up & running again! Perhaps just localized internet weather causing regional outages depending on where you are, or where your destination servers are located?

My current location is Medellín. My preferred servers are always in the US. This is my new curl command, just in case anyone else finds it useful.

curl --silent --retry 3 --connect-timeout 3 --max-time 6 --retry-delay 1 --retry-all-errors "https://api.nordvpn.com/v1/servers/recommendations?filters\[country_id\]=228&limit=20" | jq --raw-output '.[].station'

 

[Viktor Jaep]

Some small email-related fixes that rolled over from BACKUPMON...

What's new?
v1.3.3 - (April 2, 2024)
- PATCH: Fixed a small issue that was present in BACKUPMON and also affected VPNMON-R3 where it was creating success/failure emails in the /tmp/var/tmp folder and was not deleting these tmp email files if you opted not to receive success or failure emails. Thanks to the keen eye of @ExtremeFiretop watching his precious disk space slowly but surely getting eaten up with unsent emails that weren't deleting, this has now been patched! Also, huge props to him for testing out the fix in record time!
- PATCH: Made some small eye-candy improvements to incorporate a little splash-screen effect when running "vpnmon-r3 -setup", or when hitting the (e)xit key... just to keep the OG logo around a little longer.

Download Link (or update directly within AMTM/VPNMON-R3):

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R3/main/vpnmon-r3.sh" -o "/jffs/scripts/vpnmon-r3.sh" && chmod 755 "/jffs/scripts/vpnmon-r3.sh"

 

[Viktor Jaep]

Small bugfix update to enjoy with your Saturday morning coffee...

What's new?
v1.3.5 - (May 11, 2024)
- PATCH: Small bugfix after looking into issues with the vr3timers.txt file. Seems that there was a variable and a function both named the same thing, which could cause an issue down the road, and made sure these were formally separated into their own entities from this point forward.
- PATCH: When the script has detected an issue with the WAN, and falls back into its waiting loop, I seem to have mistakenly put in an email notification during this time. I thought it was helpful. Guess not, because it doesn't work when the internet is down, and just throws errors, so I've removed this particular email notification.

Download link (or update directly within VPNMON-R3 or AMTM!):

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R3/main/vpnmon-r3.sh" -o "/jffs/scripts/vpnmon-r3.sh" && chmod 755 "/jffs/scripts/vpnmon-r3.sh"

 

[Rajjco]

Here is a ProtonVPN command that filters servers based on load by adding a condition.
It will grab servers with a load less than or equal to %20

select(.EntryCountry=="US" and .Load < 20)

curl --silent --retry 3 --connect-timeout 3 --max-time 6 --retry-delay 1 --retry-all-errors https://api.protonvpn.ch/vpn/logicals | jq --raw-output '.LogicalServers[] | select(.EntryCountry=="US" and .Load < 20) | .Servers[].EntryIP' | sort | uniq

 

[Viktor Jaep]

Here is a ProtonVPN command that filters servers based on load by adding a condition.
It will grab servers with a load less than or equal to %20

select(.EntryCountry=="US" and .Load < 20)

curl --silent --retry 3 --connect-timeout 3 --max-time 6 --retry-delay 1 --retry-all-errors https://api.protonvpn.ch/vpn/logicals | jq --raw-output '.LogicalServers[] | select(.EntryCountry=="US" and .Load < 20) | .Servers[].EntryIP' | sort | uniq

I just ran this statement, and got 0 results. Guess ProtonVPN is BUSY today! Tried it with 50, and got a good set of results. Adding this to the set of instructions.

 

[Rajjco]

Sorry for spamming the thread Viktor.

Here is a command that only shows Secure Core Servers for a given country using this list will enable Proton's secure server connections which is basically a multi-hop vpn connection more info at Secure Core

curl --silent --retry 3 --connect-timeout 3 --max-time 6 --retry-delay 1 --retry-all-errors https://api.protonvpn.ch/vpn/logicals | jq --raw-output '.LogicalServers[] | select(.EntryCountry != "US" and .ExitCountry == "US" and select(.Load < 50)) | .Servers[].EntryIP'

It checks if the EntryCountry is not equal to the ExitCountry and filters the ip which means it's a secure core server. Secure core servers are mostly located In Switzerland, Sweden and Iceland. You can confirm that by looking at the raw json api page at https://api.protonvpn.ch/vpn/logical

Finally if you get no results for the country of your choice try raising the .Load value since there's more demand on them.

 

[Viktor Jaep]

Sorry for spamming the thread Viktor.

Feel free to post API-related VPN server list content in this thread here:

VPNMON - VPNMON-R3 Custom Server List Generation Tutorials and Examples

FULL DISCLOSURE: I absolutely SUCK at JQuery... 😋 It's not like SQL at all, which I'm pretty decent with. I think the reason I am no good at this is because the sources this data comes from is always structured very differently in JSON, so there's always a completely different way at getting at...

www.snbforums.com

 

[Rajjco]

Feel free to post API-related VPN server list content in this thread here:

VPNMON - VPNMON-R3 Custom Server List Generation Tutorials and Examples

FULL DISCLOSURE: I absolutely SUCK at JQuery... 😋 It's not like SQL at all, which I'm pretty decent with. I think the reason I am no good at this is because the sources this data comes from is always structured very differently in JSON, so there's always a completely different way at getting at...

www.snbforums.com

My bad didn't notice there was a dedicated thread for server list content I will post there In the future if I find anything useful.

 

[Rajjco]

Hello @Viktor Jaep

I Noticed plenty of api requests In Adguard home to icanhazip.com around 9.6k requests In two days.

Will adding a 10 second sleep at the end of the while loop reduce cpu cycles and reduce the load on the api to avoid the risk of hitting rate limits?

The function starts at line 3105:

checkvpn()
{

  CNT=0
  TRIES=3
  TUN="tun1"$1

  while [ $CNT -lt $TRIES ]; do # Loop through number of tries
    ping -I $TUN -q -c 1 -W 2 $PINGHOST > /dev/null 2>&1 # First try pings
    RC=$?
    ICANHAZIP=$(curl --silent --retry 3 --connect-timeout 6 --max-time 6 --retry-delay 1 --retry-all-errors --fail --interface $TUN --request GET --url https://ipv4.icanhazip.com) # Grab the public IP of the VPN Connection
    IC=$?
    if [ $RC -eq 0 ] && [ $IC -eq 0 ]; then  # If both ping/curl come back successful, then proceed
      vpnping=$(ping -I $TUN -c 1 -W 2 $PINGHOST | awk -F'time=| ms' 'NF==3{print $(NF-1)}' | sort -rn) > /dev/null 2>&1
      VP=$?
      if [ $VP -eq 0 ]; then
        vpnhealth="${CGreen}[ OK ]${CClear}"
        vpnindicator="${InvGreen} ${CClear}"
      else
        vpnping=0
        vpnhealth="${CYellow}[UNKN]${CClear}"
        vpnindicator="${InvYellow} ${CClear}"
      fi
      printf "\33[2K\r"
      break
    else
      CNT=$((CNT+1))
      printf "\33[2K\r"
      printf "\r${InvDkGray} ${CWhite} VPN$1${CClear} [Attempt $CNT]"
      sleep 1 # Giving the VPN a chance to recover a certain number of times

      if [ $CNT -eq $TRIES ];then # But if it fails, report back that we have an issue requiring a VPN reset
        printf "\33[2K\r"
        vpnping=0
        vpnhealth="${CRed}[FAIL]${CClear}"
        vpnindicator="${InvRed} ${CClear}"
        echo -e "$(date +'%b %d %Y %X') $($timeoutcmd$timeoutsec nvram get lan_hostname) VPNMON-R3[$$] - WARNING: VPN$1 failed to respond" >> $logfile
        if [ "$((VPN$1))" == "1" ]; then
          resetvpn=$1
        fi
      fi
    fi
    sleep 10 # sleep for 10 seconds before starting a new loop iteration effectively decreasing the load on the API server and reducing cpu cycles.
  done

}

 

[Viktor Jaep]

Hello @Viktor Jaep

I Noticed plenty of api requests In Adguard home to icanhazip.com around 9.6k requests In two days.
View attachment 59104

Will adding a 10 second sleep at the end of the while loop reduce cpu cycles and reduce the load on the api to avoid the risk of hitting rate limits?

AFAIK there aren't any rate limits on either of these... been running this for years, 24x7, and never hit any... even with multiple VPN tunnels up.

 

[Viktor Jaep]

Hello @Viktor Jaep

I Noticed plenty of api requests In Adguard home to icanhazip.com around 9.6k requests In two days.
View attachment 59104

Will adding a 10 second sleep at the end of the while loop reduce cpu cycles and reduce the load on the api to avoid the risk of hitting rate limits?

If you are concerned, one thing you could do is lengthen then time between checks from 60 seconds to say, 300 seconds?

 

[Rajjco]

If you are concerned, one thing you could do is lengthen then time between checks from 60 seconds to say, 300 seconds?

It's not a huge concern tbh I was just trying to find a way to reduce the amount of requests shown In Adguard home logs It's currently sitting as the top queried domain.

I'd rather not mess with the script if that's acctually how it is intended to work.

Here is a live demonstration of how queries are coming out of my network:

https://imgur.com/jLrUdBg

 

[Viktor Jaep]

It's not a huge concern tbh I was just trying to find a way to reduce the amount of requests shown In Adguard home logs It's currently sitting as the top queried domain.

I'd rather not mess with the script if that's acctually how it is intended to work.

Here is a live demonstration of how queries are coming out of my network:

https://imgur.com/jLrUdBg

I will look at the code... I remember I was working on a way to use the NVRAM value instead, and if that wasnt there, then go for the icanhazip.com method.

 

[Viktor Jaep]

It's not a huge concern tbh I was just trying to find a way to reduce the amount of requests shown In Adguard home logs It's currently sitting as the top queried domain.

Yeah, so I had already addressed this here:

getvpnip()
{
  ubsync=""
  TUN="tun1"$1
  icanhazvpnip=$($timeoutcmd$timeoutsec nvram get vpn_client$1_rip)
  if [ -z $icanhazvpnip ] || [ "$icanhazvpnip" == "unknown" ]; then
    icanhazvpnip="curl --silent --fail --interface $TUN --request GET --url https://ipv4.icanhazip.com" # Grab the public IP of the VPN Connection
    icanhazvpnip="$(eval $icanhazvpnip)"; if echo $icanhazvpnip | grep -qoE 'Internet|traffic|Error|error'; then icanhazvpnip="0.0.0.0"; fi
  fi

One of the tests it does on each VPN tunnel is a PING + CURL... so for the ping it hits 8.8.8.8, and for the curl, it hits icanhazip.com... though it doesn't do anything with their results... just whether or not they complete successfully or not, to determine if the tunnel is still viable. So unfortunately it's a necessary evil.

If you have a way of excluding/filtering results from AGH, that might be a way of clearing the clutter?

 

[Rajjco]

Yeah, so I had already addressed this here:

getvpnip()
{
  ubsync=""
  TUN="tun1"$1
  icanhazvpnip=$($timeoutcmd$timeoutsec nvram get vpn_client$1_rip)
  if [ -z $icanhazvpnip ] || [ "$icanhazvpnip" == "unknown" ]; then
    icanhazvpnip="curl --silent --fail --interface $TUN --request GET --url https://ipv4.icanhazip.com" # Grab the public IP of the VPN Connection
    icanhazvpnip="$(eval $icanhazvpnip)"; if echo $icanhazvpnip | grep -qoE 'Internet|traffic|Error|error'; then icanhazvpnip="0.0.0.0"; fi
  fi

One of the tests it does on each VPN tunnel is a PING + CURL... so for the ping it hits 8.8.8.8, and for the curl, it hits icanhazip.com... though it doesn't do anything with their results... just whether or not they complete successfully or not, to determine if the tunnel is still viable. So unfortunately it's a necessary evil.

If you have a way of excluding/filtering results from AGH, that might be a way of clearing the clutter?

It is possible to stop AGH from logging requests coming out of the router from the client settings menu.

Don't worry about It I'll just leave it as it is if nothing can be done about it.

Edit:
Found the setting to not log specific domains was under General settings in AGH.
It no longer shows In Query log.