Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

測試run-nokill-wait.sh這個rc_firewall腳本 #11

Closed
GoogleCodeExporter opened this issue Feb 23, 2016 · 9 comments
Closed

測試run-nokill-wait.sh這個rc_firewall腳本 #11

GoogleCodeExporter opened this issue Feb 23, 2016 · 9 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

我目前跟Stephen在測試這個新腳本,主要改變是:

1) 等待PPTP撥號的時候能夠更智慧地判斷等待, 
如果等太久沒有播上就會kill掉某個PPTP 
process,這樣可以幫助某些ddwrt更容易播上PPTP
2) 目前這個腳本關閉了cron功能,但是仍會下載check.sh, 
這是為了簡化整個自動化的架構,如果必要的話可以sh 
check.sh執行手動修復。

rc_firewall內容如下:

cd /tmp;wget http://autoddvpn.googlecode.com/svn/trunk/run-nokill-wait.sh  && 
/bin/sh run-nokill-wait.sh || touch failed

Original issue reported on code.google.com by pahud...@gmail.com on 18 Jul 2010 at 3:49
@GoogleCodeExporter
Copy link
Author 

請大家踴躍測試回報問題上來,謝謝

Original comment by pahud...@gmail.com on 18 Jul 2010 at 6:52

@GoogleCodeExporter
Copy link
Author 

嗯,我这边的问题是这样,每次reboot之后
vpn会拨通一下(用ifconfig看到ppp1存在)
然后应该是你的脚本开始执行了
但vpn又会断开……然后导致静态路由添加了
但是最后的default GW会是ppp0的
之后过一会儿vpn又拨上去了,
但是用route查看发现最后的default GW并没有变成ppp1的
于是还是得手动执行vpndown.sh,vpnup.sh

另一方面,目前的情况,如果default GW是ppp1的
在vpn掉线的情况下,连DNS都会失效,导致任何网站都打不开

我没有仔细看源码,但是我建议是否可以考虑做如下的功能��
�
将静态路由的添加删除和vpn的up、down分离
(就是说写一遍以后不再删除)
而通过频繁的定时检测ppp1(vpn)是否存在来修改default GW
以便起到如果vpn拨通,则会自动走vpn;如果vpn掉线,也可以��
�常上国内网的效果

不知道表达得够不够清楚……

Original comment by Specter...@gmail.com on 18 Jul 2010 at 7:45

@GoogleCodeExporter
Copy link
Author 

@Specter.Hi

你的說明我了解了。VPN播上之後可能會有各種原因造成VPN斷��
�假設環境是這樣

ppp0 ADSL
ppp1 PPTP

autoddvpn會在路由器開起來之後一直檢查是否PPTP播上了,如果�
��上之後會開始調整路由表,包括google DNS 
8.8.8.8也會強迫走VPN出去,避免被劫持。

但是這時候如果PPTP 
VPN斷線了,這會造成所有對國外的路由全部癱瘓,因為autoddvp
n並不會把路由表改回來。目前有提供vpndown.sh沒錯,但是autodd
vpn並不會去執行,這個目前還是只提供debug過程使用。

不切回來的原因是:
1) 
一旦切回來,但是VPN又播上了,這樣反復切換路由表可能會��
�更大的麻煩
2) 
一旦切回來,意味著DNS劫持風險出現,ddwrt下面所有電腦全部
可能被dns污染

因此autoddvpn這樣的配置有個前提是PPTP 
VPN要夠穩,不能經常短線才行。

好,如果還是偶爾會VPN斷線怎麼辦?

/tmp/check.sh 
這支程序會幫你檢查是否PPTP又連上了,如果連上會做必要的�
��復,之前我們設置在CRON裡面定期檢查,但是發現CRON如果時�
��設的太密集的話可能會有一些麻煩的結果,所以目前 
run-nokill-wait.sh 
裡面我把CRON給關掉了,目前這個實驗版本如果發現PPTP斷了則
需要手動執行sh check.sh來修復,修復log會放在 /tmp/last_check.log

Original comment by pahud...@gmail.com on 18 Jul 2010 at 7:56

@GoogleCodeExporter
Copy link
Author 

check.sh 做的事情很簡單。

1) 檢查PPTP VPN是否連上
2) 檢查default gw是不是PPTP VPN gw, 
如果不是的話,執行vpndown.sh清空路由表,然後再vpnup.sh來重��
�載入路由表
3) 最後再檢查一次是否正常

目前在run-nokill-wait.sh 裡面只會下載check.sh, 
不交由cron來執行。

Original comment by pahud...@gmail.com on 18 Jul 2010 at 8:00

@GoogleCodeExporter
Copy link
Author 

我剛剛使用一台硅谷的VPN測試目前這個rc_firewall,  
autoddvpn.log如下,目前看起來很順利。



root@DD-WRT:/tmp# cat /tmp/autoddvpn.log 
[INFO#496] 01/Jan/1970:00:00:24 log starts
[DEBUG#496] 01/Jan/1970:00:00:25 failed to get PPTPDEV, retry in 10 seconds
[DEBUG#496] 01/Jan/1970:00:00:35 failed to get PPTPDEV, retry in 10 seconds
[DEBUG#496] 01/Jan/1970:00:00:46 failed to get PPTPDEV, retry in 10 seconds
[DEBUG#496] 01/Jan/1970:00:00:56 failed to get PPTPDEV, retry in 10 seconds
[INFO#496] 01/Jan/1970:00:01:06 got concurrent 2 running clients, just leave 
them alone :-) 1/5
[DEBUG#496] 01/Jan/1970:00:01:06 failed to get PPTPDEV, retry in 10 seconds
[INFO#496] 01/Jan/1970:00:01:16 got PPTPDEV as ppp0, set into nvram
[INFO#496] 01/Jan/1970:00:01:17 got PPTPGW as 192.168.199.1, set into nvram
[INFO#496] 01/Jan/1970:00:01:17 VPN is UP, trying to modify the routing table
[INFO#677] OLDGW is 192.168.1.254
[INFO#677] delete default gw 192.168.1.254
[INFO#677] add default gw 192.168.199.1
[INFO#677] adding the static routes, this may take a while.
[INFO#677] final check the default gw
[DEBUG#677] my current gw is 192.168.199.1
[INFO#677] static routes added
[DEBUG#496] 01/Jan/1970:00:01:42 return 0
[INFO#496] 01/Jan/1970:00:01:42 preparing the exceptional routes
[INFO#496] 01/Jan/1970:00:01:42 modifying the exceptional routes
[INFO#496] 01/Jan/1970:00:01:42 fetching exceptional routes for flickr
[INFO#496] 01/Jan/1970:00:01:44 adding 68.142.214.43 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:44 adding 69.147.90.159 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:44 adding 69.147.90.215 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:44 adding 67.195.19.66 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:44 adding 67.195.19.74 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:44 fetching exceptional routes for vimeo
[INFO#496] 01/Jan/1970:00:01:45 adding 66.235.126.128 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:45 modifying custom exceptional routes if available
[INFO#496] 01/Jan/1970:00:01:45 preparing the self-fix script
[DEBUG#496] 01/Jan/1970:00:01:46 ALL DONE!

Original comment by pahud...@gmail.com on 18 Jul 2010 at 8:12

@GoogleCodeExporter
Copy link
Author 

嗯,我了解你说的担心DNS污染的问题
但是如果VPN已经断了,此时反正已经无法访问那些网站了啊��
�…其实也无所谓污染与否了啊
如果不把default GW切回来的话,徒然导致任何网站都打不开

不过确实如你所言,应该使用比较稳定的VPN

Original comment by Specter...@gmail.com on 18 Jul 2010 at 10:02

@GoogleCodeExporter
Copy link
Author 

@Specter.Hi

謝謝你的建議,今晚我重新思考了一下你的建議,也觀察了��
�下DDWRT的filesystem配置,重新調整了整個邏輯,目前實做了一�
��新版本在這裡,這可能是一次很大的改進,請試試看

http://code.google.com/p/autoddvpn/issues/detail?id=12

Original comment by pahud...@gmail.com on 18 Jul 2010 at 5:00

@GoogleCodeExporter
Copy link
Author 

這個問題即將在這裡獲得解決
http://code.google.com/p/autoddvpn/issues/detail?id=13

Original comment by pahud...@gmail.com on 18 Jul 2010 at 8:03

@GoogleCodeExporter
Copy link
Author 

JFFS方式也獲得了解決
http://code.google.com/p/autoddvpn/wiki/jffs

Original comment by pahud...@gmail.com on 19 Jul 2010 at 9:23

  • Changed state: Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter