Endless disconnect and loops on Xbian

[stuckinthe]

I just installed a Xbian and then VPN Manager. I am getting endless loops of connect and disconnect. I saw someone opened a bug awhile ago as they were having the same issue. They said they turned off Reconnect if connection lost. The problem is it keeps reconnecting for a reason and that is because the connection keeps dropping which I assume is on the xbian side so turning that off doesn't fix the problem. I searched on xbian and they said it could be a power supply but I also have a microSD with arch and it doesn't have this problem.

The following is a link to my log.

https://zerobin.net/?d99fde35f5bfee6c#OP2lPiZBpREOXtBBQDakWjRzeav6IokIDrZ6UASean0=

Thanks for looking.

[Zomboided]

The log is super tough to read because you switched general kodi debug on rather than enabled it on the VPN Mgr advanced setting panel. I can’t see anything obvious but if you wanna try again over a number of disconnect/reconnect with a better log I’ll have another look

On 26 Aug 2022, at 01:57, stuckinthe @.***> wrote:

 I just installed a Xbian and then VPN Manager. I am getting endless loops of connect and disconnect. I saw someone opened a bug awhile ago as they were having the same issue. They said they turned off Reconnect if connection lost. The problem is it keeps reconnecting for a reason and that is because the connection keeps dropping which I assume is on the xbian side so turning that off doesn't fix the problem. I searched on xbian and they said it could be a power supply but I also have a microSD with arch and it doesn't have this problem.

The following is a link to my log.

https://zerobin.net/?d99fde35f5bfee6c#OP2lPiZBpREOXtBBQDakWjRzeav6IokIDrZ6UASean0=

Thanks for looking.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

[stuckinthe]

Sorry I didn't read the wiki on how you like the debug file to make it easier to read. I just turned on the debug in the VPN manager and enabled https tracing. Below is a link to the file,

https://zerobin.net/?8c87eac965fdf10d#3QsXrhAn7Ad9rmvkr3Y8bHM5KAhz6GbVAd/n64A5RHs=

[Zomboided]

Here's an example of the VPN log file that's traced out when VPN Mgr finds that the VPN is not runnign when it's expecting to be: 2022-08-26 12:59:30.197 T:2705 INFO : VPN Mgr : (vpnplatform.py) VPN log file start >>> 2022-08-26 12:59:30.198 T:2705 INFO : 2022-08-26 12:58:49 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2022-08-26 12:59:30.198 T:2705 INFO : 2022-08-26 12:58:49 WARNING: file '/home/xbian/.kodi/addons/service.vpn.manager/UserDefined/pass.txt' is group or others accessible 2022-08-26 12:59:30.198 T:2705 INFO : 2022-08-26 12:58:49 OpenVPN 2.5.1 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021 2022-08-26 12:59:30.198 T:2705 INFO : 2022-08-26 12:58:49 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10 2022-08-26 12:59:30.198 T:2705 INFO : 2022-08-26 12:58:49 TCP/UDP: Preserving recently used remote address: [AF_INET]198.58.117.6:8888 2022-08-26 12:59:30.198 T:2705 INFO : 2022-08-26 12:58:49 Socket Buffers: R=[180224->180224] S=[180224->180224] 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 UDP link local: (not bound) 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 UDP link remote: [AF_INET]198.58.117.6:8888 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 TLS: Initial packet from [AF_INET]198.58.117.6:8888, sid=58b76a09 9f7307e1 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 VERIFY KU OK 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 Validating certificate extended key usage 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 VERIFY EKU OK 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 2022-08-26 12:59:30.199 T:2705 INFO : 2022-08-26 12:58:49 [VPN] Peer Connection Initiated with [AF_INET]198.58.117.6:8888 2022-08-26 12:59:30.200 T:2705 INFO : 2022-08-26 12:59:27 SENT CONTROL [VPN]: 'PUSH_REQUEST' (status=1) 2022-08-26 12:59:30.200 T:2705 INFO : 2022-08-26 12:59:27 [VPN] Inactivity timeout (--ping-exit), exiting 2022-08-26 12:59:30.200 T:2705 INFO : 2022-08-26 12:59:27 SIGTERM[soft,ping-exit] received, process exiting 2022-08-26 12:59:30.200 T:2705 INFO : VPN Mgr : (vpnplatform.py) <<< VPN log file end

This one above is interesting because it shows the process exiting because the ping that keeps the collection alive doesn't seem to be working.

The log at

2022-08-26 13:00:55.137 T:2705 INFO : VPN Mgr : (vpnplatform.py) VPN log file start >>>

includes

2022-08-26 13:00:55.139 T:2705 INFO : 2022-08-26 13:00:54 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.10.6.1,route 10.10.6.1,topology net30,ping 10,ping-restart 30,ifconfig 10.10.6.34 10.10.6.33'

which looks to be trying to set the ping too, and some of the other logs don't show the same VPN termination.

Either way, this is what I'd be investigating. You should be able to do this through the command line using the config file that VPN Mgr is using. You can see that here in the log

2022-08-26 13:00:52.792 T:2705 INFO : VPN Mgr : (Linux) Starting VPN with sudo "/usr/sbin/openvpn" "/home/xbian/.kodi/addons/service.vpn.manager/UserDefined/US_Dallas3 (UDP).ovpn" > /home/xbian/.kodi/temp/openvpn.log 2>&1 &

Start a config and observe what happens. Once you hit upon a config that works, you can look at what VPN Mgr is doing, and whether any of the advanced options will help. Right now though, it just looks like VPN Mgr is doing what you ask of it (restarting a dead connection), with no evidence of the connection itself being killed by VPN Mgr. You can see traces of it checking (or killing) as all calls to start, check and kill processes are traced out.

Hope this helps, there's nothing else I can really add here.

On Fri, Aug 26, 2022 at 7:12 PM stuckinthe @.***> wrote:

Sorry I didn't read the wiki. I just turned on the debug in the VPN manager and enable https tracing. Below is a link to the file,

https://zerobin.net/?8c87eac965fdf10d#3QsXrhAn7Ad9rmvkr3Y8bHM5KAhz6GbVAd/n64A5RHs=

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/372#issuecomment-1228782105, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZIIGAXMP7NG5KMUNFDV3ECHRANCNFSM57U7Z2FA . You are receiving this because you commented.Message ID: @.***>

[stuckinthe]

I started the vpn from the command line and it didn't give me any issues. I'm not sure what the xbian kodi is doing that's causing it to send a signal or making it appear that openvpn isn't connected. I'm using PINN so I just installed Raspberry PI OS lite version and VPN manager works without issue. I'd keep using arch on my other SDD but I'm having issues with inputstream adaptive or ffmpegdirect causing random Kodi freezes.

[Zomboided]

The only other thought I have is that maybe the behaviour of pidof is a bit funky on xbian. I put this option in years ago because of an issue someone else was having. https://github.com/Zomboided/service.vpn.manager/wiki/07.-Advanced-Options#alternative-running-openvpn-task-detection-linux-only You can try this out via the command line, in the log you'll see "(Linux) Checking VPN task with xxxxx" If you start a VPN using the command line, and then use pidof as per the trace, maybe rather than return the pid of the running command, it'll return a 0. And if the VPN is dead, I can't remember, but maybe it returns -1?

On Sat, Aug 27, 2022 at 3:30 AM stuckinthe @.***> wrote:

I started the vpn from the command line and it didn't give me any issues. I'm not sure what the xbian kodi is doing that's causing it to send a signal or making it appear that openvpn isn't connected. I'm using PINN so I just installed Raspberry PI OS lite version and VPN manager works without issue. I'd keep using arch on my other SDD but I'm having issues with inputstream adaptive or ffmpegdirect causing random Kodi freezes.

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/372#issuecomment-1229104007, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZKHDBJCGSR77GKECBDV3F4UDANCNFSM57U7Z2FA . You are receiving this because you commented.Message ID: @.***>

[stuckinthe]

Thanks for the info. I ended up moving to Raspberry PI OS lite and everything is working well including the inputstream.addaptive/ffmpegdirect that was causing Kodi freezes in arch. I will probably ditch my other arch setup and try xbian again after I make sure I have everything I need. I will try what you suggested.

[Zomboided]

Closing this as it's not clear there's a problem to go fix.

[stuckinthe]

I tried this again as I installed Xbian for Kodi Nexus. I was still having problems as the vpn connection was looping. I ran htop during this and I saw regular pids (like 726, 543, etc) were being generated and killed and then regenerated. I wasn't seeing Pids of zero or negative. I turned on alternative pid detection and then it connected. The problem is if I reboot it won't connect the vpn as it thinks it is already connected. I then change to a different server and then back to the original and all then works.

[Zomboided]

If you've enabled alternative pid detection and it's connecting, then it's not clear to me why it wouldn't work the first time - it's the same connection code and the option persists between reboots. The only thing I can think of is if you've using the option to connect before Kodi boots, which does some fiddling with systemd to start openvpn independently. If VPN Mgr thinks it's connected because it sees the PID, and openvpn is doing the connection/reconnection, then this could be the issue.

On Wed, Dec 28, 2022 at 6:25 PM stuckinthe @.***> wrote:

I tried this again as I installed Xbian for Kodi Nexus. I was still having problems as the vpn connection was looping. I ran htop during this and I saw regular pids (like 726, 543, etc) were being generated and killed and then regenerated. I wasn't seeing Pids of zero or negative. I turned on alternative pid detection and then it connected. The problem is if I reboot it won't connect the vpn as it thinks it is already connected. I then change to a different server and then back to the original and all then works.

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/372#issuecomment-1366839960, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZKHDGKN5XY7BPRLVQ3WPSA23ANCNFSM57U7Z2FA . You are receiving this because you modified the open/close state.Message ID: @.***>

[stuckinthe]

It is working now with the alternative pid detection check and it works on reboot. If I do disconnect, then for some reason it still thinks that the VPN is connected and it shows connected to blah blah blah in the popup but this isn't something that I do often as I was probably just testing things and miss thought what I saw. Thanks for the help.

[stuckinthe]

I was doing something else and I added my username to the sudoers for all commands (nopasswd:all) not just the commands required by vpn manager and for some reason I turned off the alternative method and VPN manager still worked without endless loops. The problem with the alternative method is it takes a long time (1.5-2 minutes) to disconnect and then reconnect to the desired service. With the regular way, it only takes a few seconds.