vpnfailsafe icon indicating copy to clipboard operation
vpnfailsafe copied to clipboard

Published 20 hours ago verified publisher icon wknapik

Auto re-connect every time the conection drops.

Open githubtefo opened this issue 7 years ago • 8 comments
trafficstars

Hi! I've been using the script since a while and it works great, thank you! But every time that my Wifi connection drops, I need to manually invoke a "clear iptables" script, followed by the command of openvpn with the vpnsailsafe script included: sudo openvpn --config config.ovpn --script-security 2 --up /etc/openvpn/vpnfailsafe.sh --down /etc/openvpn/vpnfailsafe.sh Is there any way to automatize this process when the connection is lost? Thanks again!

githubtefo avatar Aug 12 '18 00:08 githubtefo

Hi @githubtefo,

When your wifi connection is reestablished, OpenVPN should eventually reconnect on its own. However this can take a while, so personally, I use the pkill_hup_openvpn script mentioned here. Sending the HUP signal to OpenVPN makes it try to reconnect right away.

This is a solution if you're using NetworkManager, but you can achieve the same with dhcpcd-run-hooks if you're using dhcpcd. I would expect similar mechanisms to be available in other network managers.

There is one case though, where the reconnection will not be possible and that's by design - when you change network devices. For instance, if you establish your VPN connection while on cable (eth0/eno0/etc.) and then switch to wifi (wlan0/etc.). In this case you will indeed have to use something like vpnfailsafe_reset.sh before reconnecting to the VPN.

This is difficult to solve in vpnfailsafe itself, in a clean/simple, generally applicable and safe way (in addition to not being desirable to all users). It could be automated with a network manager hook though, with care being taken to avoid a leak when switching over.

Which is your use case ? Are you changing devices ?

wknapik avatar Aug 12 '18 14:08 wknapik

Hi @wknapik, thank you for your reply. I'm using the lxqt-connman-applet to manage my networks and the issue involves always the wlan0 network (my Wifi connection drops several times per day and every time I need to manually clear the iptables and set up the openvpn again).

githubtefo avatar Aug 13 '18 00:08 githubtefo

That should not be necessary. In fact it's a major goal for vpnfailsafe to make reconnections seamless and safe.

Can you tell me what the problem is when you reconnect to your wifi network ? Can you share the OpenVPN log ? What does ping -c1 8.8.8.8 say ? What about ping -c1 google.com ?

Let's start with that and we'll see where it goes.

wknapik avatar Aug 13 '18 14:08 wknapik

@wknapik, both pings have no respond when the connection drops out.

This is the log in the terminal:

Mon Aug 13 17:27:49 2018 [VPNHOSTNAME.com] Inactivity timeout (--ping-restart), restarting Mon Aug 13 17:27:49 2018 SIGUSR1[soft,ping-restart] received, process restarting Mon Aug 13 17:27:49 2018 Restart pause, 5 second(s) Mon Aug 13 17:27:54 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mon Aug 13 17:27:54 2018 NOTE: --fast-io is disabled since we are not using UDP Mon Aug 13 17:27:54 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]VPN_IP:443 Mon Aug 13 17:27:54 2018 Socket Buffers: R=[87380->425984] S=[16384->425984] Mon Aug 13 17:27:54 2018 Attempting to establish TCP connection with [AF_INET]VPN_IP:443 [nonblock] Mon Aug 13 17:29:54 2018 TCP: connect to [AF_INET]VPN_IP:443 failed: Connection timed out Mon Aug 13 17:29:54 2018 SIGUSR1[connection failed(soft),init_instance] received, process restarting Mon Aug 13 17:29:54 2018 Restart pause, 5 second(s) Mon Aug 13 17:29:59 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mon Aug 13 17:29:59 2018 NOTE: --fast-io is disabled since we are not using UDP Mon Aug 13 17:29:59 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]VPN_IP:443 Mon Aug 13 17:29:59 2018 Socket Buffers: R=[87380->425984] S=[16384->425984] Mon Aug 13 17:29:59 2018 Attempting to establish TCP connection with [AF_INET]VPN_IP:443 [nonblock]

And this is the output when I kill the openvpn process (ctrl+c):

^CMon Aug 13 17:33:20 2018 /usr/bin/ip route del VPN_IP/32 RTNETLINK answers: No such process Mon Aug 13 17:33:20 2018 ERROR: Linux route delete command failed: external program exited with error status: 2 Mon Aug 13 17:33:20 2018 /usr/bin/ip route del 0.0.0.0/1 Mon Aug 13 17:33:20 2018 /usr/bin/ip route del 128.0.0.0/1 Mon Aug 13 17:33:20 2018 Closing TUN/TAP interface Mon Aug 13 17:33:20 2018 /usr/bin/ip addr del dev tun0 10.7.7.68/24 Mon Aug 13 17:33:20 2018 /etc/openvpn/vpnfailsafe.sh tun0 1500 1656 10.7.7.68 255.255.255.0 init declare -r BASHOPTS="cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath" declare -ir BASHPID declare -ar BASH_VERSINFO=([0]="4" [1]="4" [2]="23" [3]="1" [4]="release" [5]="x86_64-unknown-linux-gnu") declare -ir EUID="0" declare -ir PPID="3371" declare -r SHELLOPTS="braceexpand:errexit:errtrace:hashall:interactive-comments:pipefail" declare -ir UID="0" declare -rx dev="tun0" Command line is not complete. Try option "help" Mon Aug 13 17:33:20 2018 SIGINT[hard,init_instance] received, process exiting

githubtefo avatar Aug 13 '18 21:08 githubtefo

Hi @githubtefo,

Those logs don't really help. I'm trying to establish what the exact problem is. You're saying you have no internet access after you reconnect to your wifi, but I need to know what exactly isn't working to be able to do anything about it. Is it the routing, is it the firewall, or maybe just name resolution...

The next time you're connected to a VPN and you get disconnected and reconnected to your wifi network, please run the following commands and share the output:

  • ping -c1 8.8.8.8
  • ping -c1 google.com
  • ip route
  • iptables -S
  • resolvconf -l
  • cat /etc/resolv.conf

Pasting the output here is fine by me, but if you'd rather not share it publicly, you can send me an email. My username at gmail is wmknapik and my PGP key signature is in my github profile description.

PS. You could also add set -x in the second line of vpnfailsafe.sh and include the output from OpenVPN - that would provide even more specific info.

wknapik avatar Aug 18 '18 17:08 wknapik

Great, I sent the outputs via email. Thank you!

githubtefo avatar Aug 18 '18 20:08 githubtefo

Hey. Sorry it took me so long to reply. I see the issue, but I'm not sure about the cause yet, it looks bizarre. I've actually used that provider before, without issues - reconnects worked just fine. I only used OpenVPN directly, without any additional applications, network managers, etc.

Can you send me the OpenVPN config, or at least the remote ... lines from that file ? And also the entries added by vpnfailsafe to /etc/hosts ?

Are you sure you're not using some other software that manipulates routes ? Like your VPN provider's application ? It looks like something is removing the route to your current VPN server, but there are additional routes to an IP vpnfailsafe never encountered, as far as I can tell from the logs. I have some theories, but I'd need the additional information.

wknapik avatar Sep 02 '18 21:09 wknapik

I use the default config files available in the webpage of my VPN. Regarding the /etc/hosts, it seems that vpnfailsafe are not adding any entries. (I sent you both files via email).

githubtefo avatar Sep 03 '18 22:09 githubtefo