What's new

VPNMON VPNMON-R3 v1.3.8 -Nov 28, 2024- Monitor WAN/Dual-WAN/OpenVPN Health & Reset Multiple OpenVPN Connections (Now available in AMTM!)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Do you see any errors on screen during this time, or when you scroll up in PuTTY?


Before we go that far... how about let's do a debug... here's a version of 1.12 that has debug enabled. Don't use screen, so just start it like "sh vpnmon-r3t.sh" in a new SSH window...

Wait until it gets to the timer... hit "s", and after a few, just CTRL-C out of it... then If you could copy and paste the results from this into a text file, and please send it over to me? Then I'll look and see if there's anything weird about how your router is interpreting this vs. everyone else. It's not unheard of that certain routers have more issues with certain things that other routers don't seem to care about. It could be just that.

Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R3/main/vpnmon-r3t.sh" -o "/jffs/scripts/vpnmon-r3t.sh" && chmod 755 "/jffs/scripts/vpnmon-r3t.sh"
I didn't get any errors before, just when I hit the S key the screen reloaded but didn't display the menu

No problem, will give it a try and send the output through to you shortly

If it helps, I'm using an RT-AX88U with the latest firmware from RMerlin (3004.388.6)
 
Viktor, hoping you can help here. I have a working OpenVPN connection, but VPNMON-R3 1.12 shows it failing the health check. I can definitely ping 8.8.8.8 across the VPN with no issues. What do I need to change to get this to work? My VPN goes down a few times a week and often I don't notice it right away, and if I'm out of the house then I have a problem.

I am using an RT-AX88U Pro running firmware version 3004.388.4

Also when working with the operations menu, I have to wait a long time for the (presumably) health checks to fail before I can interact with the menu, is this intended? I initially set it to monitor VPN 1 but then I could never interact with the menu again since it was busy resetting the VPN connection every minute since it thought it was failing. I have seen the health say OK twice, but every other time for the last hour has been FAIL. The VPN stays up for days normally and I sent a ping across it while it was showing FAIL, and the VPN was definitely up. This is what it gives me currently:

Slot | Mon | Svrs | Health | VPN State | Public VPN IP | Ping-->VPN | City Exit / Time
-------|-----|--------|--------|--------------|-----------------|------------|---------------------------------
VPN1 | [ ] | [0000] | [FAIL] | Connected | 216.131.118.129 | [0000.000] |
 
Last edited:
Viktor, hoping you can help here. I have a working OpenVPN connection, but VPNMON-R3 1.12 shows it failing the health check. I can definitely ping 8.8.8.8 across the VPN with no issues. What do I need to change to get this to work? My VPN goes down a few times a week and often I don't notice it right away, and if I'm out of the house then I have a problem.

I am using an RT-AX88U Pro running firmware version 3004.388.4

Also when working with the operations menu, I have to wait a long time for the (presumably) health checks to fail before I can interact with the menu, is this intended? I initially set it to monitor VPN 1 but then I could never interact with the menu again since it was busy resetting the VPN connection every minute since it thought it was failing. I have seen the health say OK twice, but every other time for the last hour has been FAIL. The VPN stays up for days normally and I sent a ping across it while it was showing FAIL, and the VPN was definitely up. This is what it gives me currently:

Slot | Mon | Svrs | Health | VPN State | Public VPN IP | Ping-->VPN | City Exit / Time
-------|-----|--------|--------|--------------|-----------------|------------|---------------------------------
VPN1 | [ ] | [0000] | [FAIL] | Connected | 216.131.118.129 | [0000.000] |
Are you able to reach https://ipv4.icanhazip.com from your router? If not, you may need to whitelist it? That's a necessary ingredient in determining tunnel health.
 
Are you able to reach https://ipv4.icanhazip.com from your router? If not, you may need to whitelist it? That's a necessary ingredient in determining tunnel health.
Yea sorry I thought I saved my edit earlier but I guess I didn't. I ended up solving it by upping the timeout to 6 instead of 3 for that curl to icanhazip.com. Over the VPN is just over 3 seconds for whatever reason.
 
Last edited:
Yea sorry I thought I saved my edit earlier but I guess I didn't I ended up solving it by upping the timeout to 6 instead of 3 for that curl
Thanks for the info... I'll make a change in the next version to show this:

Code:
ICANHAZIP=$(curl --silent --retry 3 --connect-timeout 6 --max-time 6 --retry-delay 1 --retry-all-errors --fail --interface $TUN --request GET --url https://ipv4.icanhazip.com) # Grab the public IP of the VPN Connection
 
Minor "Patch" updates, and conforming to the new versioning standards!

What's new?
v1.1.5 - (February 7, 2024)
- PATCH:
Changed the versioning logic to align with the general accepted way of versioning, using the notation: major.minor.patch ... finally, right? After seeing @thelonelycoder changing his ways, I figured it was probably time for me as well. All my scripts moving forward will go this route. Change log wording is now changed to conform to the major/minor/patch standards. So previously, FIXED now conforms to PATCH, ADDED conforms to MINOR, and MAJOR stays the same!
- PATCH: Found a situation where if someone was still using older VPN Slot allocations (like "1 2 3") and didn't update to the newer "1 2" or "1 2 3 4 5" slot allocations, then it would prevent the operations menu from showing, since it is geared towards either one of these two options. VPNMON now has some logic added that will force a "1 2 3" configuration to "1 2", and will require you to select which slots need to be monitored. Thanks to @TITAN for finding this one and working with me on the diagnosis! :)
- PATCH: Minor spacing and verbiage changes to make the experience more consistent.

Download link (Or update directly from AMTM or within VPNMON itself):
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R3/main/vpnmon-r3-1.1.5.sh" -o "/jffs/scripts/vpnmon-r3.sh" && chmod 755 "/jffs/scripts/vpnmon-r3.sh"
 
New release bringing back an oldie from R2! Enjoy! Again, using a new github process, publishing from a formal "develop" environment where community input, changes and development are welcome! Huge props to both @ExtremeFiretop and @Martinski for putting me on the right path with this... :)

What's new?
v1.2.1 - (February 23, 2024)
- MINOR:
Added a new configuration menu item that allows you to enable/disable the ability to import your VPN Server IP lists directly into the Skynet Firewall for whitelisting purposes. This is another feature coming over from VPNMON-R2, as there have been instances in the past where the Skynet blacklist would prevent a connection to a perfectly legitimate VPN Server that belongs to your VPN provider. This function will fire off each time you execute a VPN Server List automation under option (U), and will also run each time a "vpnmon-r3 -reset" command is executed. Please note: Skynet must already have been installed (using AMTM) and working/functional.
- PATCH: The update logic now pulls the vpnmon-r3.sh directly from github starting from versions after 1.2.1, instead of the vpnmon-r3-X.Y.Z.sh file based on the version number from the version.txt file.

Download link (or update directly within AMTM):
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/VPNMON-R3/main/vpnmon-r3.sh" -o "/jffs/scripts/vpnmon-r3.sh" && chmod 755 "/jffs/scripts/vpnmon-r3.sh"

Significant Screenshots:

Configuration menu item #7 to enable/disable the whitelisting of your VPN Server IP lists
1708718957079.png


More info on item #7 Skynet whitelisting functionality
1708719017228.png
 
Last edited:
Hello,
Is the script working with Wireguard client ?
Thank you
 
Noticed that my NordVPN client started getting constantly reconnected a couple of days back and it appears that it is due to syncing issues with Unbound.

VPNMON's logs shows a large number of out of sync with Unbound DNS Resolver messages - example below.

Mar 07 2024 00:21:34 RT-AX88U-3678 VPNMON-R3[31260] - INFO: VPN1 Connection Restarted - New Server: 192.166.246.140
298 Mar 07 2024 00:21:54 RT-AX88U-3678 VPNMON-R3[31260] - INFO: VPN Director Routing Service Restarted
299 Mar 07 2024 00:22:02 RT-AX88U-3678 VPNMON-R3[32199] - WARNING: VPN is out of sync with Unbound DNS Resolver
300 Mar 07 2024 00:22:10 RT-AX88U-3678 VPNMON-R3[32199] - INFO: VPN Connection Restarted - Current Server: 192.166.246.136
301 Mar 07 2024 00:22:12 RT-AX88U-3678 VPNMON-R3[31260] - WARNING: VPN1 is in an error state and being reconnected
302 Mar 07 2024 00:22:30 RT-AX88U-3678 VPNMON-R3[32199] - INFO: VPN Director Routing Service Restarted
303 Mar 07 2024 00:22:39 RT-AX88U-3678 VPNMON-R3[31260] - INFO: VPN1 Connection Restarted - New Server: 192.166.246.120
304 Mar 07 2024 00:22:48 RT-AX88U-3678 VPNMON-R3[32199] - WARNING: VPN1 is in an error state and being reconnected
305 Mar 07 2024 00:22:59 RT-AX88U-3678 VPNMON-R3[31260] - INFO: VPN Director Routing Service Restarted
306 Mar 07 2024 00:23:15 RT-AX88U-3678 VPNMON-R3[32199] - INFO: VPN1 Connection Restarted - New Server: 103.107.198.139
307 Mar 07 2024 00:23:35 RT-AX88U-3678 VPNMON-R3[32199] - INFO: VPN Director Routing Service Restarted
308 Mar 07 2024 00:23:52 RT-AX88U-3678 VPNMON-R3[32199] - WARNING: VPN1 is in an error state and being reconnected
309 Mar 07 2024 00:24:17 RT-AX88U-3678 VPNMON-R3[31260] - WARNING: VPN is out of sync with Unbound DNS Resolver

I've tried reinstalling both VPNMON and Unbound Manager but no luck.

This was working perfectly previously and no other settings were changed anywhere - grateful if someone can point me in the right direction to resolve this.
 
Noticed that my NordVPN client started getting constantly reconnected a couple of days back and it appears that it is due to syncing issues with Unbound.

VPNMON's logs shows a large number of out of sync with Unbound DNS Resolver messages - example below.

Mar 07 2024 00:21:34 RT-AX88U-3678 VPNMON-R3[31260] - INFO: VPN1 Connection Restarted - New Server: 192.166.246.140
298 Mar 07 2024 00:21:54 RT-AX88U-3678 VPNMON-R3[31260] - INFO: VPN Director Routing Service Restarted
299 Mar 07 2024 00:22:02 RT-AX88U-3678 VPNMON-R3[32199] - WARNING: VPN is out of sync with Unbound DNS Resolver
300 Mar 07 2024 00:22:10 RT-AX88U-3678 VPNMON-R3[32199] - INFO: VPN Connection Restarted - Current Server: 192.166.246.136
301 Mar 07 2024 00:22:12 RT-AX88U-3678 VPNMON-R3[31260] - WARNING: VPN1 is in an error state and being reconnected
302 Mar 07 2024 00:22:30 RT-AX88U-3678 VPNMON-R3[32199] - INFO: VPN Director Routing Service Restarted
303 Mar 07 2024 00:22:39 RT-AX88U-3678 VPNMON-R3[31260] - INFO: VPN1 Connection Restarted - New Server: 192.166.246.120
304 Mar 07 2024 00:22:48 RT-AX88U-3678 VPNMON-R3[32199] - WARNING: VPN1 is in an error state and being reconnected
305 Mar 07 2024 00:22:59 RT-AX88U-3678 VPNMON-R3[31260] - INFO: VPN Director Routing Service Restarted
306 Mar 07 2024 00:23:15 RT-AX88U-3678 VPNMON-R3[32199] - INFO: VPN1 Connection Restarted - New Server: 103.107.198.139
307 Mar 07 2024 00:23:35 RT-AX88U-3678 VPNMON-R3[32199] - INFO: VPN Director Routing Service Restarted
308 Mar 07 2024 00:23:52 RT-AX88U-3678 VPNMON-R3[32199] - WARNING: VPN1 is in an error state and being reconnected
309 Mar 07 2024 00:24:17 RT-AX88U-3678 VPNMON-R3[31260] - WARNING: VPN is out of sync with Unbound DNS Resolver

I've tried reinstalling both VPNMON and Unbound Manager but no luck.

This was working perfectly previously and no other settings were changed anywhere - grateful if someone can point me in the right direction to resolve this.

I thought it was just me. Unbound started misbehaving overnight a few days ago and giving me "exceeded number of attempts" erors of some sort, preventing resolution of any site. I ended up uninstalling unbound for now until I have time to troubleshoot.
 
I thought it was just me. Unbound started misbehaving overnight a few days ago and giving me "exceeded number of attempts" erors of some sort, preventing resolution of any site. I ended up uninstalling unbound for now until I have time to troubleshoot.

Thanks for the quick reply Viktor - happy to share any other info if it helps when you get the chance to troubleshoot this.

I'll disable Unbound integration in the meantime.
 
Thanks for the quick reply Viktor - happy to share any other info if it helps when you get the chance to troubleshoot this.

I'll disable Unbound integration in the meantime.

No prob. Is unbound working for you normally? Without the integration? Mine was so broken it couldn't even resolve any longer. So I'm going to start from scratch and see if I can figure out where it's failing. I might give you some commands to try if you don't mind?
 
No prob. Is unbound working for you normally? Without the integration? Mine was so broken it couldn't even resolve any longer. So I'm going to start from scratch and see if I can figure out where it's failing. I might give you some commands to try if you don't mind?

Yes it appears to be fine by itself.

Sure, just pop over the commands where req'd and I'll try them out (though I'm not super technical so might throw some questions back to take things forward :)).
 
Yes it appears to be fine by itself.

Sure, just pop over the commands where req'd and I'll try them out (though I'm not super technical so might throw some questions back to take things forward :)).

Cool... could you please run this and let me know if the result it returns is the same IP as your VPN endpoint?

Code:
DNSResolver="$({ unbound-control flush whoami.akamai.net >/dev/null 2>&1; } && dig whoami.akamai.net +short @"$(netstat -nlp 2>/dev/null | awk '/.*(unbound){1}.*/{split($4, ip_addr, ":");if(substr($4,11) !~ /.*953.*/)print ip_addr[1];if(substr($4,11) !~ /.*953.*/)exit}')" -p "$(netstat -nlp 2>/dev/null | awk '/.*(unbound){1}.*/{if(substr($4,11) !~ /.*953.*/)print substr($4,11);if(substr($4,11) !~ /.*953.*/)exit}')" 2>/dev/null)"
echo $DNSResolver

Also... what does this site return for you?

 
Just set everything back up with Unbound this afternoon... continuing to experience issues. I'm starting to wonder if NordVPN made a change. :(

I just got AirVPN running on my router, and will be testing this in a bit to see if it works there.

@Ventola EDIT: I've had success with the Unbound integration using AirVPN... so it must be a NordVPN issue. A few days ago, they made some major changes and did away with a bunch of public APIs in the name of security... it was around this time that my Unbound integration stopped working through NordVPN, and experienced the same kinds of issues you are facing. Unless something changes in the near future, it doesn't sound like Nord is going to be a viable option moving forward. ;( What a sad state of affairs... I have tried dealing with their support, but their support team is probably one of the VERY worst I've ever come across. They don't seem to have a clue what you're talking about or what to recommend for a fix. You're welcome to give it a shot, but I have a feeling they're just going to point you to some generic link on their website and brush you off like they always do.
 
Last edited:
Just set everything back up with Unbound this afternoon... continuing to experience issues. I'm starting to wonder if NordVPN made a change. :(

I just got AirVPN running on my router, and will be testing this in a bit to see if it works there.

@Ventola EDIT: I've had success with the Unbound integration using AirVPN... so it must be a NordVPN issue. A few days ago, they made some major changes and did away with a bunch of public APIs in the name of security... it was around this time that my Unbound integration stopped working through NordVPN, and experienced the same kinds of issues you are facing. Unless something changes in the near future, it doesn't sound like Nord is going to be a viable option moving forward. ;( What a sad state of affairs... I have tried dealing with their support, but their support team is probably one of the VERY worst I've ever come across. They don't seem to have a clue what you're talking about or what to recommend for a fix. You're welcome to give it a shot, but I have a feeling they're just going to point you to some generic link on their website and brush you off like they always do.

I've encountered the public API issues as well earlier and thanks to your sharing on the other thread, worked around it with the updated server pull commands. This is indeed a pity given that they are the best in terms of speed that I've tried so far :(.

Just as an FYI I guess at this point, I've ran the command you've shared above and it's returning my secondary WAN's public IP (?).

DNS check tools gives me the following results (I'm using Nord's desktop app for NordLynx connectivity).

Screenshot 2024-03-07 131742.png
 
the same problem using nordvpn, apparently the redirection works but it's as if something is blocking the responses that unbound requires. I think that this is blocked on purpose, I don't know the reason. I reverted to the dnscrypt solution until it works again, but I don't trust it because I tried it with servers in different countries.
 
@dave14305 @Martineau @SomeWhereOverTheRainBow ... I was wondering if any of you would happen to know what NordVPN could have done on their end to prevent Unbound from acting as a resolver across a VPN tunnel? Up until a few days ago, this was working for years. They recently made a change that disabled the ability to utilize certain public APIs, and have a feeling that the deprecation of this feature was rolled into it as well.

I would like to go back to their support, yank their chains a bit, and ask them to consider reversing what they did here... I would love to know what I could use to go at them with... Like, could they be preventing certain port traffic from getting blocked at their VPN endpoint that prevents other services from determining what your DNS resolver is, like https://dnscheck.tools/ ? Unbound itself is no longer able to resolve anything for me in this configuration. I'm using this statement in my script (below with many thanks to @SomeWhereOverTheRainBow for his help on this) to check if the VPN endpoint IP matches the DNS Resolver, and like I said, worked for years... but neither of these tools function or show your VPN endpoint as your DNS resolver any longer when Unbound is used with NordVPN in this fashion. I just tried this on AirVPN, and it works just fine there.

Code:
DNSResolver="$({ unbound-control flush whoami.akamai.net >/dev/null 2>&1; } && dig whoami.akamai.net +short @"$(netstat -nlp 2>/dev/null | awk '/.*(unbound){1}.*/{split($4, ip_addr, ":");if(substr($4,11) !~ /.*953.*/)print ip_addr[1];if(substr($4,11) !~ /.*953.*/)exit}')" -p "$(netstat -nlp 2>/dev/null | awk '/.*(unbound){1}.*/{if(substr($4,11) !~ /.*953.*/)print substr($4,11);if(substr($4,11) !~ /.*953.*/)exit}')" 2>/dev/null)"

If you have anything of substance that I can use to persuade them with, I'd love to hear your feedback on this! :) Thanks in advance...
 
Last edited:
@dave14305 @Martineau @SomeWhereOverTheRainBow ... I was wondering if any of you would happen to know what NordVPN could have done on their end to prevent Unbound from acting as a resolver across a VPN tunnel? Up until a few days ago, this was working for years. They recently made a change that disabled the ability to utilize certain public APIs, and have a feeling that the deprecation of this feature was rolled into it as well.

I would like to go back to their support, yank their chains a bit, and ask them to consider reversing what they did here... I would love to know what I could use to go at them with... Like, could they be preventing certain port traffic from getting blocked at their VPN endpoint that prevents other services from determining what your DNS resolver is, like https://dnscheck.tools/ ? Unbound itself is no longer able to resolve anything for me in this configuration. I'm using this statement in my script (below with many thanks to @SomeWhereOverTheRainBow for his help on this) to check if the VPN endpoint IP matches the DNS Resolver, and like I said, worked for years... but neither of these tools function or show your VPN endpoint as your DNS resolver any longer when Unbound is used with NordVPN in this fashion. I just tried this on AirVPN, and it works just fine there.

Code:
DNSResolver="$({ unbound-control flush whoami.akamai.net >/dev/null 2>&1; } && dig whoami.akamai.net +short @"$(netstat -nlp 2>/dev/null | awk '/.*(unbound){1}.*/{split($4, ip_addr, ":");if(substr($4,11) !~ /.*953.*/)print ip_addr[1];if(substr($4,11) !~ /.*953.*/)exit}')" -p "$(netstat -nlp 2>/dev/null | awk '/.*(unbound){1}.*/{if(substr($4,11) !~ /.*953.*/)print substr($4,11);if(substr($4,11) !~ /.*953.*/)exit}')" 2>/dev/null)"

If you have anything of substance that I can use to persuade them with, I'd love to hear your feedback on this! :) Thanks in advance...
You could try adjusting the dig command to dig +short A whoami.akamai.net @"$(netstat -nlp 2>/dev/null | awk '/.*(unbound){1}.*/{split($4, ip_addr, ":");if(substr($4,11) !~ /.*953.*/)print ip_addr[1];if(substr($4,11) !~ /.*953.*/)exit}')" -p "$(netstat -nlp 2>/dev/null | awk '/.*(unbound){1}.*/{if(substr($4,11) !~ /.*953.*/)print substr($4,11);if(substr($4,11) !~ /.*953.*/)exit}')" 2>/dev/null)"

Just place all that after the &&.

But I dont think it will help if they got rid of their legacy endpoints. This is something NordVPN chose to do and nothing you have control over.
 
Last edited:

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top