DD-WRT :: View topic - I need a custom script that checks OpenVPN connection

I need a custom script that checks OpenVPN connection

DD-WRT Forum Index -> Advanced Networking

Goto page Previous 1, 2, 3, 4 Next

View previous topic :: View next topic

Author

Message

James2k
DD-WRT Guru

Joined: 23 Oct 2011
Posts: 549

Posted: Thu Jul 27, 2017 19:37 Post subject:

In your OpenVPN config set verb 5 (default is 3) this will increase the log messages and verbosity of various events. You essentially need to capture the logs when the VPN tunnel drops, to understand what happened leading up to it.
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world

Sponsor

mkaand
DD-WRT User

Joined: 06 Jan 2008
Posts: 307
Location: Istanbul

Posted: Thu Jul 27, 2017 20:54 Post subject:

Hi James,

I check the file openvpn.conf.config in tmp/openvpncl folder:

Code:

ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto udp4
cipher aes-128-cbc
auth sha1
auth-user-pass /tmp/openvpncl/credentials
remote us1.vpnbook.com 25000
comp-lzo yes
tun-mtu 1500
mtu-disc yes
ns-cert-type server
fast-io
[b]route-nopull
reneg-sec 300
ping 10
ping-restart 60
route 208.85.40.0 255.255.255.0
route 198.35.26.0 255.255.254.0[/b]

Just bold letters we added thru config window. Can I add verb 5 in config window? I guess if I added it will add two verbs. One comes from service directly. Is it problem?
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv

James2k
DD-WRT Guru

Joined: 23 Oct 2011
Posts: 549

Posted: Thu Jul 27, 2017 21:55 Post subject:

Yeah the default is verb 3, you should be able to override it by adding it to additional config. As it appears later in the config the verb 5 value should override.

OpenVPN status page will confirm the log level set.
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world

mkaand
DD-WRT User

Joined: 06 Jan 2008
Posts: 307
Location: Istanbul

Posted: Thu Jul 27, 2017 22:09 Post subject:

I added verb 5 but I dont know it is ok or not. I installed freeware ping monitor to my laptop. If no response from pandora.com IT will send me an email. So we will understand what time it gets down. But I am not make sure my logs now more detailed or not. Here is the log:

Code:

Clientlog:
20170728 00:58:45 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
20170728 00:58:45 Local Options String (VER=V4): 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-128-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20170728 00:58:45 Expected Remote Options String (VER=V4): 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-128-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20170728 00:58:48 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170728 00:58:48 I UDPv4 link local: (not bound)
20170728 00:58:48 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170728 00:58:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:58:48 D MANAGEMENT: CMD 'state'
20170728 00:58:48 MANAGEMENT: Client disconnected
20170728 00:58:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:58:48 D MANAGEMENT: CMD 'state'
20170728 00:58:48 MANAGEMENT: Client disconnected
20170728 00:58:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:58:48 D MANAGEMENT: CMD 'state'
20170728 00:58:48 MANAGEMENT: Client disconnected
20170728 00:58:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:58:48 D MANAGEMENT: CMD 'status 2'
20170728 00:58:48 MANAGEMENT: Client disconnected
20170728 00:58:48 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=d9970c6b 9513c30c
20170728 00:58:48 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20170728 00:58:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:58:48 D MANAGEMENT: CMD 'log 500'
20170728 00:58:48 MANAGEMENT: Client disconnected
20170728 00:58:49 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170728 00:58:49 VERIFY OK: nsCertType=SERVER
20170728 00:58:49 VERIFY OK: depth=0 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170728 00:58:49 NOTE: --mute triggered...
20170728 00:58:49 1 variation(s) on previous 3 message(s) suppressed by --mute
20170728 00:58:49 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170728 00:58:50 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170728 00:58:51 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.210 10.10.0.209'
20170728 00:58:51 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170728 00:58:51 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170728 00:58:51 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170728 00:58:51 NOTE: --mute triggered...
20170728 00:58:51 1 variation(s) on previous 3 message(s) suppressed by --mute
20170728 00:58:51 OPTIONS IMPORT: timers and/or timeouts modified
20170728 00:58:51 OPTIONS IMPORT: --ifconfig/up options modified
20170728 00:58:51 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:406 ET:0 EL:3 ]
20170728 00:58:51 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170728 00:58:51 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170728 00:58:51 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170728 00:58:51 NOTE: --mute triggered...
20170728 00:58:51 1 variation(s) on previous 3 message(s) suppressed by --mute
20170728 00:58:51 I TUN/TAP device tun1 opened
20170728 00:58:51 TUN/TAP TX queue length set to 100
20170728 00:58:51 D do_ifconfig tt->did_ifconfig_ipv6_setup=0
20170728 00:58:51 I /sbin/ifconfig tun1 10.10.0.210 pointopoint 10.10.0.209 mtu 1500
20170728 00:58:51 /sbin/route add -net 208.85.40.0 netmask 255.255.255.0 gw 10.10.0.209
20170728 00:58:51 /sbin/route add -net 198.35.26.0 netmask 255.255.254.0 gw 10.10.0.209
20170728 00:58:51 I Initialization Sequence Completed
20170728 00:59:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:59:02 D MANAGEMENT: CMD 'state'
20170728 00:59:02 MANAGEMENT: Client disconnected
20170728 00:59:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:59:02 D MANAGEMENT: CMD 'state'
20170728 00:59:02 MANAGEMENT: Client disconnected
20170728 00:59:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:59:02 D MANAGEMENT: CMD 'state'
20170728 00:59:02 MANAGEMENT: Client disconnected
20170728 00:59:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:59:02 D MANAGEMENT: CMD 'status 2'
20170728 00:59:02 MANAGEMENT: Client disconnected
20170728 00:59:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:59:02 D MANAGEMENT: CMD 'log 500'
20170728 00:59:02 MANAGEMENT: Client disconnected
20170728 01:03:49 TLS: soft reset sec=0 bytes=165470/-1 pkts=1423/0
20170728 01:03:50 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170728 01:03:50 VERIFY OK: nsCertType=SERVER
20170728 01:03:50 NOTE: --mute triggered...
20170728 01:06:41 6 variation(s) on previous 3 message(s) suppressed by --mute
20170728 01:06:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:06:41 D MANAGEMENT: CMD 'state'
20170728 01:06:41 MANAGEMENT: Client disconnected
20170728 01:06:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:06:41 D MANAGEMENT: CMD 'state'
20170728 01:06:41 MANAGEMENT: Client disconnected
20170728 01:06:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:06:41 D MANAGEMENT: CMD 'state'
20170728 01:06:41 MANAGEMENT: Client disconnected
20170728 01:06:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:06:41 D MANAGEMENT: CMD 'status 2'
20170728 01:06:41 MANAGEMENT: Client disconnected
20170728 01:06:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:06:41 D MANAGEMENT: CMD 'log 500'
20170728 01:06:41 MANAGEMENT: Client disconnected
20170728 01:07:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:07:40 D MANAGEMENT: CMD 'state'
20170728 01:07:40 MANAGEMENT: Client disconnected
20170728 01:07:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:07:40 D MANAGEMENT: CMD 'state'
20170728 01:07:40 MANAGEMENT: Client disconnected
20170728 01:07:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:07:40 D MANAGEMENT: CMD 'state'
20170728 01:07:40 MANAGEMENT: Client disconnected
20170728 01:07:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:07:40 D MANAGEMENT: CMD 'status 2'
20170728 01:07:40 MANAGEMENT: Client disconnected
20170728 01:07:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:07:40 D MANAGEMENT: CMD 'log 500'
19700101 03:00:00

ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp4 cipher aes-128-cbc auth sha1 auth-user-pass /tmp/openvpncl/credentials remote us1.vpnbook.com 25000 comp-lzo yes tun-mtu 1500 mtu-disc yes ns-cert-type server fast-io route-nopull verb 5 reneg-sec 300 ping 10 ping-restart 60 route 208.85.40.0 255.255.255.0 route 198.35.26.0 255.255.254.0

_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv

James2k
DD-WRT Guru

Joined: 23 Oct 2011
Posts: 549

Posted: Thu Jul 27, 2017 22:17 Post subject:

Mmm, maybe it hasn't overwrote it then.

Easiest solution, take out the verb 5 in additional config manually edit /tmp/openvpncl/openvpn.conf.

Change verb 3 to verb 5

Code:

stopservice openvpn && startservice openvpn

As long as you don't use the save/apply settings in the GUI, the setting should stick until a reboot. Should give more detailed log info for now.
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world

mkaand
DD-WRT User

Joined: 06 Jan 2008
Posts: 307
Location: Istanbul

Posted: Thu Jul 27, 2017 22:31 Post subject:

I cant do that. Because after modification stop-start the openvpb service its restores to original config. If I stop the service I got this.

root@WRT1900AC:~# stopservice openvpn
The kernel doesn't support the ebtables 'nat' table.
root@WRT1900AC:~# stopservice openvpn
root@WRT1900AC:~# startservice openvpn

First it doesnt let me stop I do it again and stops. If the openvpn service stops it deleted everyting in tmp/openvpncl folder. After start it creates automatically.
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv

James2k
DD-WRT Guru

Joined: 23 Oct 2011
Posts: 549

Posted: Thu Jul 27, 2017 22:34 Post subject:

You can potentially run OpenVPN manually via command line and copy the openvpn.conf to a separate file with verb 5 in it for testing.

Something like:

Code:

openvpn --config /tmp/openvpncl/openvpn-test.conf --route-up /tmp/openvpncl/route-up.sh --route-pre-down /tmp/openvpncl/route-down.sh --daemon

The difference is the openvpn-test.conf being your own version for this purpose.
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world

mkaand
DD-WRT User

Joined: 06 Jan 2008
Posts: 307
Location: Istanbul

Posted: Thu Jul 27, 2017 22:35 Post subject:

I have an idea about the reason of my problem. As you can see. I copied and overwrite custom.sh to route-up.sh at the startup. But if my openvpn server restarts for any reason it creates original route-up.sh file. Maybe I have to trigger copying custom.sh to route-up.sh every 30 minutes. If I have a chance to edit original gernated route-up.sh my problem will be fixed I guess.
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv

mkaand
DD-WRT User

Joined: 06 Jan 2008
Posts: 307
Location: Istanbul

Posted: Thu Jul 27, 2017 22:36 Post subject:

I think you already give me the answer of my last post Laughing

Thanks.

Edit:

But I have another question. I use this router for OpenVPN Client + OpenVPN Server. How about Server? My server works perfectly. MY garden IP Camera connects to this server. IT shouldn't be effected. Can I start OpenVPN Client Service separetly? Or they work together?
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv

Last edited by mkaand on Thu Jul 27, 2017 22:56; edited 1 time in total

mkaand
DD-WRT User

Joined: 06 Jan 2008
Posts: 307
Location: Istanbul

Posted: Fri Jul 28, 2017 9:40 Post subject:

According to my ping monitor today 11:19 AM pandora.com down. Here is the client log:

Code:

lientlog:
20170728 10:09:19 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170728 10:09:19 VERIFY OK: nsCertType=SERVER
20170728 10:09:19 NOTE: --mute triggered...
20170728 11:15:05 114 variation(s) on previous 3 message(s) suppressed by --mute
20170728 11:15:05 I [vpnbook.com] Inactivity timeout (--ping-restart) restarting
20170728 11:15:05 TCP/UDP: Closing socket
20170728 11:15:05 I SIGUSR1[soft ping-restart] received process restarting
20170728 11:15:05 Restart pause 5 second(s)
20170728 11:15:10 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20170728 11:15:10 Re-using SSL/TLS context
20170728 11:15:10 LZO compression initializing
20170728 11:15:10 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
20170728 11:15:10 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
20170728 11:15:10 Local Options String (VER=V4): 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-128-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20170728 11:15:10 Expected Remote Options String (VER=V4): 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-128-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20170728 11:15:10 I TCP/UDP: Preserving recently used remote address: [AF_INET]198.7.62.204:25000
20170728 11:15:10 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170728 11:15:10 I UDPv4 link local: (not bound)
20170728 11:15:10 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170728 11:15:17 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=4d5b58f1 00b43533
20170728 11:15:22 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170728 11:15:22 VERIFY OK: nsCertType=SERVER
20170728 11:15:22 NOTE: --mute triggered...
20170728 11:15:23 2 variation(s) on previous 3 message(s) suppressed by --mute
20170728 11:15:23 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170728 11:15:24 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170728 11:15:25 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.66 10.10.0.65'
20170728 11:15:25 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170728 11:15:25 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170728 11:15:25 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170728 11:15:25 NOTE: --mute triggered...
20170728 11:15:25 1 variation(s) on previous 3 message(s) suppressed by --mute
20170728 11:15:25 OPTIONS IMPORT: timers and/or timeouts modified
20170728 11:15:25 OPTIONS IMPORT: --ifconfig/up options modified
20170728 11:15:25 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:406 ET:0 EL:3 ]
20170728 11:15:25 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170728 11:15:25 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170728 11:15:25 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170728 11:15:25 NOTE: --mute triggered...
20170728 11:15:25 1 variation(s) on previous 3 message(s) suppressed by --mute
20170728 11:15:25 I Preserving previous TUN/TAP instance: tun1
20170728 11:15:25 I Initialization Sequence Completed
20170728 11:20:23 TLS: soft reset sec=0 bytes=39094/-1 pkts=355/0
20170728 11:20:58 I [vpnbook.com] Inactivity timeout (--ping-restart) restarting
20170728 11:20:58 TCP/UDP: Closing socket
20170728 11:20:58 I SIGUSR1[soft ping-restart] received process restarting
20170728 11:20:58 Restart pause 5 second(s)
20170728 11:21:03 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20170728 11:21:03 Re-using SSL/TLS context
20170728 11:21:03 LZO compression initializing
20170728 11:21:03 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
20170728 11:21:03 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
20170728 11:21:03 Local Options String (VER=V4): 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-128-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20170728 11:21:03 Expected Remote Options String (VER=V4): 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-128-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20170728 11:21:03 I TCP/UDP: Preserving recently used remote address: [AF_INET]198.7.62.204:25000
20170728 11:21:03 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170728 11:21:03 I UDPv4 link local: (not bound)
20170728 11:21:03 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170728 11:21:04 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=57d35be8 2c392510
20170728 11:21:08 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170728 11:21:08 VERIFY OK: nsCertType=SERVER
20170728 11:21:08 NOTE: --mute triggered...
20170728 11:21:08 2 variation(s) on previous 3 message(s) suppressed by --mute
20170728 11:21:08 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170728 11:21:09 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170728 11:21:10 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.130 10.10.0.129'
20170728 11:21:10 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170728 11:21:10 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170728 11:21:10 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170728 11:21:10 NOTE: --mute triggered...
20170728 11:21:10 1 variation(s) on previous 3 message(s) suppressed by --mute
20170728 11:21:10 OPTIONS IMPORT: timers and/or timeouts modified
20170728 11:21:10 OPTIONS IMPORT: --ifconfig/up options modified
20170728 11:21:10 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:406 ET:0 EL:3 ]
20170728 11:21:10 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170728 11:21:10 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170728 11:21:10 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170728 11:21:10 NOTE: --mute triggered...
20170728 11:21:10 1 variation(s) on previous 3 message(s) suppressed by --mute
20170728 11:21:10 I Preserving previous TUN/TAP instance: tun1
20170728 11:21:10 I Initialization Sequence Completed
20170728 11:26:08 TLS: soft reset sec=0 bytes=50087/-1 pkts=371/0
20170728 11:26:10 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170728 11:26:10 VERIFY OK: nsCertType=SERVER
20170728 11:26:10 NOTE: --mute triggered...
20170728 12:38:41 132 variation(s) on previous 3 message(s) suppressed by --mute
20170728 12:38:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 12:38:41 D MANAGEMENT: CMD 'state'
20170728 12:38:41 MANAGEMENT: Client disconnected
20170728 12:38:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 12:38:41 D MANAGEMENT: CMD 'state'
20170728 12:38:41 MANAGEMENT: Client disconnected
20170728 12:38:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 12:38:41 D MANAGEMENT: CMD 'state'
20170728 12:38:41 MANAGEMENT: Client disconnected
20170728 12:38:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 12:38:41 D MANAGEMENT: CMD 'status 2'
20170728 12:38:41 MANAGEMENT: Client disconnected
20170728 12:38:42 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 12:38:42 D MANAGEMENT: CMD 'log 500'

_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv

James2k
DD-WRT Guru

Joined: 23 Oct 2011
Posts: 549

Posted: Sat Jul 29, 2017 7:29 Post subject:

So, I think you have a DNS setup based issue here. I think the OpenVPN tunnel is actually OK, but your DNS setup breaks, causing domains to not be resolved once it happens. The two are related but not directly linked.

I personally don't use unbound so its hard to troubleshoot it. Likewise as you have various custom scripts, your going further away from any easy support.

Maybe someone else has more experience on the forums with unbound that can help. Sorry I can't be more help.
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world

mkaand
DD-WRT User

Joined: 06 Jan 2008
Posts: 307
Location: Istanbul

Posted: Sat Jul 29, 2017 15:18 Post subject:

James thank you very much for your help. I made this script and looks like it fixed.

In startup section I added these lines:

stopservice openvpn -f
openvpn --config /jffs/openvpncl/openvpn.conf --route-up /jffs/openvpncl/route-up.sh --route-pre-down /jffs/openvpncl/route-down.sh --daemon

I created a vpn connection test script:

Code:

#!/bin/bash
#
######################################################################
#
# vpn-test.sh @ VERSION 1.1
#
# OpenVPN Client Connection Tester by Kaan Dogan 29.07.2017
#
######################################################################

testserver="pandora.com"

while true; do ping -W 5 $testserver > /dev/null && break; done
stopservice openvpn -f
openvpn --config /jffs/openvpncl/openvpn.conf --route-up /jffs/openvpncl/route-up.sh --route-pre-down /jffs/openvpncl/route-down.sh --daemon

It is working but it needs to improve. Every hour I trigger this tester script. But I want to kill vpn-test.sh before it run at the beginning but how?
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv

mkaand
DD-WRT User

Joined: 06 Jan 2008
Posts: 307
Location: Istanbul

Posted: Sat Jul 29, 2017 15:40 Post subject:

I added these lines to top of script. I hope it works:

Code:

_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv

mkaand
DD-WRT User

Joined: 06 Jan 2008
Posts: 307
Location: Istanbul

Posted: Sat Jul 29, 2017 18:11 Post subject:

Finally I did it James. I merged my vpnbook password updater script with vpn tester script. It a little bit complicated but it work perfectly. VPNBook updates their free vpn password every 5-8 days. I wrote a php script that check @vpnbook twitter account every hour if the password change, it updates saved password in the router. My VPN tester script pings pandora.com. If no response during 5 second it restarts openvpn service with your suggested parameters (credit goes to James2k) Smile

Here is the my new startup script: (Only bold lines related with OpenVPN Client Service)

Quote:

openvpn --mktun --dev tap2
brctl addif br0 tap2
ifconfig tap2 0.0.0.0 promisc up
sleep 45
vpncmd localhost:443 /SERVER /PASSWORD /CMD ConfigSet //tmp//vpn_server.config
sleep 15
brctl addif br0 tap_soft

sleep 10
stopservice unbound
stopservice dnsmasq
sed -i '/server:/ a\port: 5153\' /tmp/unbound.conf
unbound -c /tmp/unbound.conf

sed -i '/port=0/d' /tmp/dnsmasq.conf
sed -i '/resolv-file=\/tmp\/resolv.dnsmasq/d' /tmp/dnsmasq.conf
dnsmasq --conf-file=/tmp/dnsmasq.conf
sleep 30
stopservice openvpn -f
sleep 5
stopservice openvpn -f
openvpn --config /jffs/openvpncl/openvpn.conf --route-up /jffs/openvpncl/route-up.sh --route-pre-down /jffs/openvpncl/route-down.sh --daemon

Here is the VPN-Password updater vpn-pass.sh
0 * * * * root sh /jffs/vpn-pass.sh

Code:

#!/bin/bash
#
######################################################################
#
# vpn-pass.sh @ VERSION 1.1
#
# VPNBook Password Updater by Kaan Dogan
#
######################################################################

file=/tmp/openvpncl/credentials
statuscode=`curl -sL -w "%{http_code}\\n" "http://xxxxxxxxxxxxxxx/vpnbook.php" -o /dev/null`
oldpassword=$(cat "$file")
oldpassword=$(echo $oldpassword| cut -d' ' -f 2)

vpnpasssrc="http://xxxxxxxxxxx/vpnbook.php"
newpassword=$( curl -s "$vpnpasssrc" )

if [ "$statuscode" == "200" ]; then
if [ "$newpassword" != "$oldpassword" ]; then
nvram set openvpncl_pass="$newpassword";
nvram commit;
reboot;
fi
fi
kill $(ps | grep "custom.sh" | grep -v "grep" | cut -d " " -f2)
kill $(ps | grep "ping" | grep -v "grep" | cut -d " " -f2)
sh /tmp/custom.sh

Here is the custom.sh

Code:

kill $(ps | grep "vpn-pass.sh" | grep -v "grep" | cut -d " " -f2)
testserver="pandora.com"
while true; do ping -W 5 $testserver > /dev/null && break; done
stopservice openvpn -f
sleep 1
stopservice openvpn -f
openvpn --config /jffs/openvpncl/openvpn.conf --route-up /jffs/openvpncl/route-up.sh --route-pre-down /jffs/openvpncl/route-down.sh --daemon

_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv

mchaley
DD-WRT User

Joined: 19 Feb 2008
Posts: 121

Posted: Sun Jul 30, 2017 12:39 Post subject:

I've noticed my VPN just goes offline for some reason and nukes the internet connectivity from the router. A quick 'apply' refreshes the connection.

I added:

reneg-sec 300
ping 10
ping-restart 60

to the additional config. Just to be sure, will this reconnect the VPN if ping times out?

would it be worth adding the following:

### Keep Alive
reneg-sec 300
ping 10
ping-restart 60
resolv-retry infinite
persist-key
persist-tun

### Speed Tweaks
comp-lzo
fast-io
sndbuf 523216
rcvbuf 523216
push "sndbuf 523216"
push "rcvbuf 523216"

### General
remote-cert-tls server
nobind
disable-occ

That is for PIA UDP

from: https://www.dd-wrt.com/phpBB2/viewtopic.php?p=1081271&highlight=#1081271

Goto page Previous 1, 2, 3, 4 Next

Display posts from previous:

Page 3 of 4

DD-WRT Forum Index -> Advanced Networking

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

I need a custom script that checks OpenVPN connection

Quick Links

Log in