Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auto re-connect every time the conection drops. #31

Open
githubtefo opened this issue Aug 12, 2018 · 8 comments
Open

Auto re-connect every time the conection drops. #31

githubtefo opened this issue Aug 12, 2018 · 8 comments

Comments

@githubtefo
Copy link

Hi! I've been using the script since a while and it works great, thank you!
But every time that my Wifi connection drops, I need to manually invoke a "clear iptables" script, followed by the command of openvpn with the vpnsailsafe script included:
sudo openvpn --config config.ovpn --script-security 2 --up /etc/openvpn/vpnfailsafe.sh --down /etc/openvpn/vpnfailsafe.sh
Is there any way to automatize this process when the connection is lost?
Thanks again!
@wknapik
Copy link
Owner

wknapik commented Aug 12, 2018

Hi @githubtefo,

When your wifi connection is reestablished, OpenVPN should eventually reconnect on its own. However this can take a while, so personally, I use the pkill_hup_openvpn script mentioned here. Sending the HUP signal to OpenVPN makes it try to reconnect right away.

This is a solution if you're using NetworkManager, but you can achieve the same with dhcpcd-run-hooks if you're using dhcpcd. I would expect similar mechanisms to be available in other network managers.

There is one case though, where the reconnection will not be possible and that's by design - when you change network devices. For instance, if you establish your VPN connection while on cable (eth0/eno0/etc.) and then switch to wifi (wlan0/etc.). In this case you will indeed have to use something like vpnfailsafe_reset.sh before reconnecting to the VPN.

This is difficult to solve in vpnfailsafe itself, in a clean/simple, generally applicable and safe way (in addition to not being desirable to all users). It could be automated with a network manager hook though, with care being taken to avoid a leak when switching over.

Which is your use case ? Are you changing devices ?

@githubtefo
Copy link
Author

Hi @wknapik, thank you for your reply.
I'm using the lxqt-connman-applet to manage my networks and the issue involves always the wlan0 network (my Wifi connection drops several times per day and every time I need to manually clear the iptables and set up the openvpn again).

@wknapik
Copy link
Owner

wknapik commented Aug 13, 2018

That should not be necessary. In fact it's a major goal for vpnfailsafe to make reconnections seamless and safe.

Can you tell me what the problem is when you reconnect to your wifi network ? Can you share the OpenVPN log ? What does ping -c1 8.8.8.8 say ? What about ping -c1 google.com ?

Let's start with that and we'll see where it goes.

@githubtefo
Copy link
Author

@wknapik, both pings have no respond when the connection drops out.

This is the log in the terminal:

Mon Aug 13 17:27:49 2018 [VPNHOSTNAME.com] Inactivity timeout (--ping-restart), restarting
Mon Aug 13 17:27:49 2018 SIGUSR1[soft,ping-restart] received, process restarting
Mon Aug 13 17:27:49 2018 Restart pause, 5 second(s)
Mon Aug 13 17:27:54 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Aug 13 17:27:54 2018 NOTE: --fast-io is disabled since we are not using UDP
Mon Aug 13 17:27:54 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]VPN_IP:443
Mon Aug 13 17:27:54 2018 Socket Buffers: R=[87380->425984] S=[16384->425984]
Mon Aug 13 17:27:54 2018 Attempting to establish TCP connection with [AF_INET]VPN_IP:443 [nonblock]
Mon Aug 13 17:29:54 2018 TCP: connect to [AF_INET]VPN_IP:443 failed: Connection timed out
Mon Aug 13 17:29:54 2018 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Mon Aug 13 17:29:54 2018 Restart pause, 5 second(s)
Mon Aug 13 17:29:59 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Aug 13 17:29:59 2018 NOTE: --fast-io is disabled since we are not using UDP
Mon Aug 13 17:29:59 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]VPN_IP:443
Mon Aug 13 17:29:59 2018 Socket Buffers: R=[87380->425984] S=[16384->425984]
Mon Aug 13 17:29:59 2018 Attempting to establish TCP connection with [AF_INET]VPN_IP:443 [nonblock]

And this is the output when I kill the openvpn process (ctrl+c):

^CMon Aug 13 17:33:20 2018 /usr/bin/ip route del VPN_IP/32
RTNETLINK answers: No such process
Mon Aug 13 17:33:20 2018 ERROR: Linux route delete command failed: external program exited with error status: 2
Mon Aug 13 17:33:20 2018 /usr/bin/ip route del 0.0.0.0/1
Mon Aug 13 17:33:20 2018 /usr/bin/ip route del 128.0.0.0/1
Mon Aug 13 17:33:20 2018 Closing TUN/TAP interface
Mon Aug 13 17:33:20 2018 /usr/bin/ip addr del dev tun0 10.7.7.68/24
Mon Aug 13 17:33:20 2018 /etc/openvpn/vpnfailsafe.sh tun0 1500 1656 10.7.7.68 255.255.255.0 init
declare -r BASHOPTS="cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath"
declare -ir BASHPID
declare -ar BASH_VERSINFO=([0]="4" [1]="4" [2]="23" [3]="1" [4]="release" [5]="x86_64-unknown-linux-gnu")
declare -ir EUID="0"
declare -ir PPID="3371"
declare -r SHELLOPTS="braceexpand:errexit:errtrace:hashall:interactive-comments:pipefail"
declare -ir UID="0"
declare -rx dev="tun0"
Command line is not complete. Try option "help"
Mon Aug 13 17:33:20 2018 SIGINT[hard,init_instance] received, process exiting

@wknapik
Copy link
Owner

wknapik commented Aug 18, 2018

Hi @githubtefo,

Those logs don't really help. I'm trying to establish what the exact problem is. You're saying you have no internet access after you reconnect to your wifi, but I need to know what exactly isn't working to be able to do anything about it. Is it the routing, is it the firewall, or maybe just name resolution...

The next time you're connected to a VPN and you get disconnected and reconnected to your wifi network, please run the following commands and share the output:

  • ping -c1 8.8.8.8
  • ping -c1 google.com
  • ip route
  • iptables -S
  • resolvconf -l
  • cat /etc/resolv.conf

Pasting the output here is fine by me, but if you'd rather not share it publicly, you can send me an email. My username at gmail is wmknapik and my PGP key signature is in my github profile description.

PS. You could also add set -x in the second line of vpnfailsafe.sh and include the output from OpenVPN - that would provide even more specific info.

@githubtefo
Copy link
Author

Great, I sent the outputs via email.
Thank you!

@wknapik
Copy link
Owner

wknapik commented Sep 2, 2018

Hey. Sorry it took me so long to reply. I see the issue, but I'm not sure about the cause yet, it looks bizarre. I've actually used that provider before, without issues - reconnects worked just fine. I only used OpenVPN directly, without any additional applications, network managers, etc.

Can you send me the OpenVPN config, or at least the remote ... lines from that file ?
And also the entries added by vpnfailsafe to /etc/hosts ?

Are you sure you're not using some other software that manipulates routes ? Like your VPN provider's application ? It looks like something is removing the route to your current VPN server, but there are additional routes to an IP vpnfailsafe never encountered, as far as I can tell from the logs. I have some theories, but I'd need the additional information.

@githubtefo
Copy link
Author

I use the default config files available in the webpage of my VPN.
Regarding the /etc/hosts, it seems that vpnfailsafe are not adding any entries.
(I sent you both files via email).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wknapik @githubtefo