fix(vpn): pia-consent daemon + vpn-monitor crash-loop fix#75
Merged
smartwatermelon merged 1 commit intomainfrom Feb 27, 2026
Merged
Conversation
pia-proxy-consent: Convert StartInterval single-pass job to KeepAlive daemon with a 10s polling loop. The previous StartInterval=60 design caused launchd ThrottleInterval escalation: consistent 3-second exits (script checks 3 processes + fallback serially) caused launchd to back off well beyond 60s, causing multi-hour gaps in monitoring — which is exactly what was observed (dialog visible for 90+ minutes). vpn-monitor: Three targeted || log "WARNING" additions on all launch_transmission calls prevent set -e from crashing the monitor when Transmission fails to start within 6s. Previously this triggered KeepAlive restart storms (visible Feb 16 log: 10s restart loop for 15+ minutes) that prevented Transmission from ever stabilizing. Added health check in the main polling loop: if VPN is up but Transmission is not running (crashed mid-session or failed initial launch), automatically relaunch with the last-known VPN IP. transmission-setup.sh: Update pia-proxy-consent plist from StartInterval to KeepAlive to match new daemon pattern. Issues fixed: - PIA consent dialog ignored for 90+ minutes (launchd throttle) - Transmission bound to wrong IP after VPN restart storm (crash-loop) - No recovery if Transmission crashes mid-session Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
smartwatermelon
deleted the
claude/fix-vpn-monitor-pia-consent-1772214026
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
StartInterval=60single-pass job to aKeepAlivedaemon with a 10s polling loop. The old design caused launchdThrottleIntervalescalation: consistent 3-second exits (checking 3 candidate processes serially) caused launchd to back off well beyond 60s, resulting in multi-hour gaps — confirmed by user observation of 90+ minute window where consent dialog went unclicked.|| log "WARNING"additions on alllaunch_transmissioncalls preventset -efrom crashing the monitor when Transmission takes longer than 6s to start. Previously, this triggered KeepAlive restart storms (Feb 16 log shows 10s restart cycles for 15+ minutes) that prevented Transmission from ever stabilizing, sometimes leaving it bound to the wrong IP.StartIntervaltoKeepAliveto match new daemon pattern, addStandardOutPath/StandardErrorPathfor better log capture.Root Causes Fixed
StartIntervaljob exits in ~3s → launchd throttle escalates past 90minlaunch_transmissionfailure →set -eexits monitor → KeepAlive restarts → kill/restart stormDeployed & Verified on Tilsit
Both scripts deployed and running on the live server:
com.tilsit.vpn-monitor: running, Transmission at PID 87984 on VPN IPcom.tilsit.pia-proxy-consent: running in daemon mode, 10s poll loop activeTest Plan
BindAddressIPv4pref)🤖 Generated with Claude Code