OpenWrt Forum Archive

Topic: auto restart VPN if disconected

The content of this topic has been archived on 14 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hi
how can I check my VPN to see if its still working then have it restart its shelf
I was thinking of using cron but I have no idea how to go about ti

Hi,

Which VPN are you using? Openvpn, vpnc,... ?
I never had problems with openvpn to get an persistant tunnel, keepalive/reconnect seems to be implemented right. So you probably just need to configure it right.

vpnc on the other hand isn't designed for this kind of operation
I had this problem with an openwrt-box with vpnc which connects to a cisco-box.
I searched for a solution to get a persistent tunnel and found something related to openwrt (kamikaze), something for debian, and nothing did really work...
So I didn't come up with this stuff, it's mostly from https://forum.openwrt.org/viewtopic.php?id=13980
but this setup is a bit outdated and really complex so I just used the keepalive-script and made an init-script myself, and it is working for some weeks now.

I have this init-script so that I can start/stop/restart vpnc  (when I have time, I will make a proper init-script, but this one works, ok )

/etc/init.d/vpnc

#!/bin/sh

case "$1" in
    start)
       echo "Starting vpnc connections..."
        /usr/sbin/vpnc
    ;;

    stop)
        echo "Stopping vpnc..."
        vpnc-disconnect &

    ;;

    restart)
        echo "Restarting vpnc..."
        vpnc-disconnect &
        sleep 5
        vpnc
esac
exit 0

a script that pings 2 host on the other side of the tunnel and if it get no answer from any of them the vpnc is restarted

/usr/local/sbin/vpn-keepalive

#!/bin/sh
#
# Restart VPNC if both of the specified hosts on the command line are unavailable

if ! [ $(ping -q -c 1 ${1} 2>&1 | grep "1 packets received" | sed "s/.*\(1\) packets received.*/\1/") ] ||
   ! [ $(ping -q -c 1 ${2} 2>&1 | grep "1 packets received" | sed "s/.*\(1\) packets received.*/\1/") ]; then
    echo Not alive $1 or $2, restarting VPNC
    /etc/init.d/vpnc restart
else
echo Alive $1 or $2
fi

and I run this script every minute using cron to see if 192.168.0.1 and 192.168.0.10 are reachable:
crontab -e

* * * * *  /usr/local/sbin/vpnc-keepalive 192.168.0.1 192.168.0.10 &

thats all!
and this should be adaptable for any kind of vpn, you just need a "restart" or "reconnect"-command for it

(Last edited by eleon216 on 13 Sep 2011, 20:32)

Thanks for that but the ping does n't work as I can still ping from the router but I get no traffic passed if the VPN is down

for info Im using openvpn 

Im now trying to find a away of reading the state of netdev led status and then use that to trigger a cron task

hmm... I'm not sure if I can follow you
if you can ping a host behind the tunnel, than the tunnel is still up. If you are not able to send packages from the lan behind your router to the lan behind the vpn-server, it sound more like a routing/firewall issue.

But if restarting openvpn fixes your issue, you could run this script form a client in your lan, and if it cannot ping you could restart openvpn through ssh on the router.

I use openVPN and it re-establish connection if it's dropped without any additional scripting

The discussion might have continued from here.