search

Zomboided / service.vpn.manager

VPN plugin for Kodi
GNU General Public License v2.0
305 stars 81 forks source link

ping-restart taking 9 minutes? #400

Closed lmarceg closed 4 months ago

lmarceg commented 1 year ago

Hi, I am using the latest LE (11.0.1) but this problem occurs since a while, so I don't think it's really LE dependent. I use an Rpi4 and WiFi, and I sometimes get WiFi drops and reconnects. VPNManager starts at boot, and typically my routing table is good

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.8.3.1        128.0.0.0       UG    0      0        0 tun0
default         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
8.8.8.8         192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0
10.8.3.0        *               255.255.255.0   U     0      0        0 tun0
128.0.0.0       10.8.3.1        128.0.0.0       UG    0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 wlan0
192.168.1.1     *               255.255.255.255 UH    0      0        0 wlan0
217.138.xxx.xxx 192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0

When the connection drops and reconnection occurs, I see that the routing table is recreated but the VPN IP address is not in it:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.8.3.1        128.0.0.0       UG    0      0        0 tun0
default         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
8.8.8.8         192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0
10.8.3.0        *               255.255.255.0   U     0      0        0 tun0
128.0.0.0       10.8.3.1        128.0.0.0       UG    0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 wlan0
192.168.1.1     *               255.255.255.255 UH    0      0        0 wlan0

Of course, no internet access is possible this way, but openvpn is still running. Only after a very long time (around 9 minutes) openvpn understands there is a problem and then the routing table is updated.

This is what happens when there is a reconnection of the WiFi:

May 08 11:10:26 LibreELEC connmand[531]: wlan0 {del} address 192.168.1.143/24 label wlan0
May 08 11:10:26 LibreELEC connmand[531]: wlan0 {del} route 192.168.1.0 gw 0.0.0.0 scope 253 <LINK>
...
May 08 11:10:33 LibreELEC connmand[531]: wlan0 {add} address 192.168.1.143/24 label wlan0 family 2
May 08 11:10:33 LibreELEC connmand[531]: wlan0 {add} route 192.168.1.0 gw 0.0.0.0 scope 253 <LINK>
May 08 11:10:33 LibreELEC connmand[531]: wlan0 {add} route 192.168.1.1 gw 0.0.0.0 scope 253 <LINK>
May 08 11:10:33 LibreELEC connmand[531]: wlan0 {add} route 8.8.8.8 gw 192.168.1.1 scope 0 <UNIVERSE>
May 08 11:10:33 LibreELEC connmand[531]: wlan0 {add} route 0.0.0.0 gw 192.168.1.1 scope 0 <UNIVERSE>

and this is what I see around 9 minutes afterwards:

May 08 11:19:08 LibreELEC openvpn[820]: [xxxxxx.nordvpn.com] Inactivity timeout (--ping-restart), restarting
May 08 11:19:08 LibreELEC openvpn[820]: SIGTERM received, sending exit notification to peer
May 08 11:19:09 LibreELEC openvpn[820]: /sbin/ip route del 217.138.xxx.xxx/32
May 08 11:19:09 LibreELEC openvpn[820]: ERROR: Linux route delete command failed: external program exited with error status: 2
May 08 11:19:09 LibreELEC openvpn[820]: /sbin/ip route del 0.0.0.0/1
May 08 11:19:09 LibreELEC connmand[531]: tun0 {del} route 0.0.0.0 gw 10.8.3.1 scope 0 <UNIVERSE>
May 08 11:19:09 LibreELEC openvpn[820]: /sbin/ip route del 128.0.0.0/1
May 08 11:19:09 LibreELEC connmand[531]: tun0 {del} route 128.0.0.0 gw 10.8.3.1 scope 0 <UNIVERSE>
May 08 11:19:09 LibreELEC openvpn[820]: Closing TUN/TAP interface
May 08 11:19:09 LibreELEC openvpn[820]: /sbin/ip addr del dev tun0 10.8.3.10/24
May 08 11:19:09 LibreELEC connmand[531]: tun0 {del} address 10.8.3.10/24 label tun0
May 08 11:19:09 LibreELEC connmand[531]: tun0 {del} route 10.8.3.0 gw 0.0.0.0 scope 253 <LINK>
May 08 11:19:09 LibreELEC systemd[1]: openvpn.service: Deactivated successfully.
May 08 11:19:59 LibreELEC connmand[531]: tun0 {add} address 10.8.3.5/24 label tun0 family 2
May 08 11:19:59 LibreELEC connmand[531]: tun0 {add} route 10.8.3.0 gw 0.0.0.0 scope 253 <LINK>
May 08 11:19:59 LibreELEC connmand[531]: wlan0 {add} route 37.120.201.187 gw 192.168.1.1 scope 0 <UNIVERSE>
May 08 11:19:59 LibreELEC connmand[531]: tun0 {add} route 0.0.0.0 gw 10.8.3.1 scope 0 <UNIVERSE>
May 08 11:19:59 LibreELEC connmand[531]: tun0 {add} route 128.0.0.0 gw 10.8.3.1 scope 0 <UNIVERSE>
May 08 11:19:59 LibreELEC connmand[531]: wlan0 {add} route 37.120.xxx.xxx gw 192.168.1.1 scope 0 <UNIVERSE>

Of course, waiting for 9 minutes is rather tedious. Is there a way to improve this time? Or maybe a way to change the settings somewhere? The only number I can change is the connection validation frequency which is set to 60 seconds.

Settings are (I removed the configuration part)

<settings version="2">
    <setting id="vpn_reconnect">true</setting>
    <setting id="vpn_reconnect_while_playing">true</setting>
    <setting id="vpn_reconnect_while_streaming">true</setting>
    <setting id="vpn_stop_media">true</setting>
    <setting id="vpn_stream_ids" default="true">http: !http://192.168 https: !https://192.168</setting>
    <setting id="vpn_force_reconnect_after_wake" default="true">false</setting>
    <setting id="vpn_reconnect_freq">60</setting>
    <setting id="vpn_connectivity_test">true</setting>
    <setting id="vpn_reconnect_next" default="true">false</setting>
    <setting id="vpn_reconnect_reboot">true</setting>
    <setting id="vpn_reconnect_filtering">true</setting>
    <setting id="allow_cycle_reconnect">true</setting>
    <setting id="auto_reconnect_vpn" default="true">0</setting>
    <setting id="allow_cycle_disconnect">true</setting>
    <setting id="vpn_excluded_addons" default="true" />
    <setting id="1_vpn_addons" default="true" />
    <setting id="2_vpn_addons" default="true" />
    <setting id="3_vpn_addons" default="true" />
    <setting id="4_vpn_addons" default="true" />
    <setting id="5_vpn_addons" default="true" />
    <setting id="6_vpn_addons" default="true" />
    <setting id="7_vpn_addons" default="true" />
    <setting id="8_vpn_addons" default="true" />
    <setting id="9_vpn_addons" default="true" />
    <setting id="10_vpn_addons" default="true" />
    <setting id="display_window_id" default="true">false</setting>
    <setting id="vpn_excluded_windows" default="true" />
    <setting id="1_vpn_windows" default="true" />
    <setting id="2_vpn_windows" default="true" />
    <setting id="3_vpn_windows" default="true" />
    <setting id="4_vpn_windows" default="true" />
    <setting id="5_vpn_windows" default="true" />
    <setting id="6_vpn_windows" default="true" />
    <setting id="7_vpn_windows" default="true" />
    <setting id="8_vpn_windows" default="true" />
    <setting id="9_vpn_windows" default="true" />
    <setting id="10_vpn_windows" default="true" />
    <setting id="vpn_custom_3" default="true" />
    <setting id="allow_vpn_generation" default="true">false</setting>
    <setting id="reboot_day" default="true" />
    <setting id="reboot_time">02:00</setting>
    <setting id="reboot_file_enabled" default="true">false</setting>
    <setting id="reboot_file" default="true" />
    <setting id="last_boot_text">Last restart was at 2023-05-08 10:57:26, unscheduled</setting>
    <setting id="vpn_enable_debug" default="true">false</setting>
    <setting id="vpn_enable_http" default="true">false</setting>
    <setting id="vpn_enable_json" default="true">false</setting>
    <setting id="vpn_wizard_enabled">false</setting>
    <setting id="openvpn_verb">3</setting>
    <setting id="platform">2</setting>
    <setting id="block_outside_dns">true</setting>
    <setting id="openvpn_sudo">Platform default</setting>
    <setting id="openvpn_no_path" default="true">false</setting>
    <setting id="openvpn_path">/usr/sbin/</setting>
    <setting id="killall_path" default="true" />
    <setting id="pidof_path" default="true" />
    <setting id="openvpn_killall">true</setting>
    <setting id="alt_pid_check" default="true">false</setting>
    <setting id="label136" default="true" />
    <setting id="up_down_script">true</setting>
    <setting id="use_default_up_down" default="true">false</setting>
    <setting id="force_ping">true</setting>
    <setting id="network_drop" default="true">SIGTERM</setting>
    <setting id="openvpn_log_location" default="true">false</setting>
    <setting id="fix_system_time">true</setting>
    <setting id="vpn_system_menu_item" default="true">false</setting>
    <setting id="vpn_server_info" default="true">false</setting>
    <setting id="table_display_type">Validated connections</setting>
    <setting id="display_location_on_connect" default="true">false</setting>
    <setting id="ip_info_source" default="true">Auto select</setting>
    <setting id="vpn_provider_validated">NordVPN</setting>
    <setting id="vpn_locations_list" default="true" />
    <setting id="version_number">7.0.3</setting>
    <setting id="checked_openvpn">true</setting>
    <setting id="ran_openvpn">true</setting>
    <setting id="monitor_paused" default="true">false</setting>
    <setting id="boot_time">2023-05-08 10:57:26</setting>
    <setting id="boot_reason" default="true">unscheduled</setting>
    <setting id="last_boot_reason" default="true">unscheduled</setting>
    <setting id="ip_service_values">53,1,0</setting>
    <setting id="ip_service_errors">0,64,64</setting>
    <setting id="ip_service_last_vpn">NordVPN</setting>
    <setting id="location_server_view" default="true">false</setting>
    <setting id="alternative_message_token" default="true" />
    <setting id="alternative_message_time" default="true">1</setting>
    <setting id="last_connect_time">1683537600</setting>
    <setting id="vpn_provider_update_ignore" default="true">false</setting>
    <setting id="vpn_short" default="true">VPN Manager</setting>
    <setting id="vpn_very" default="true">VPN Mgr</setting>
</settings>

Thanks!

Zomboided commented 1 year ago

You can enable the ping settings https://github.com/Zomboided/service.vpn.manager/wiki/07.-Advanced-Options#check-connection-with-ping to force openvpn to validate the connection if it's not being used. If openvpn is in a loop retrying the connection, then you can consider https://github.com/Zomboided/service.vpn.manager/wiki/07.-Advanced-Options#network-down

VPN Mgr is not validating that your connection is good, it's checking that openvpn is running. You need to 'fix' openvpn to address the fact that it's taking ~9 minutes to die. Increasing the checking frequency won't help you and will just cause a bunch of check PIDs to run which, depending on your platform, maybe undesireable.

On Mon, May 8, 2023 at 11:44 AM lmarceg @.***> wrote:

Hi, I am using the latest LE (11.0.1) but this problem occurs since a while, so I don't think it's really LE dependent. I use an Rpi4 and WiFi, and I sometimes get WiFi drops and reconnects. VPNManager starts at boot, and typically my routing table is good

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.8.3.1 128.0.0.0 UG 0 0 0 tun0 default 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 8.8.8.8 192.168.1.1 255.255.255.255 UGH 0 0 0 wlan0 10.8.3.0 255.255.255.0 U 0 0 0 tun0 128.0.0.0 10.8.3.1 128.0.0.0 UG 0 0 0 tun0 192.168.1.0 255.255.255.0 U 0 0 0 wlan0 192.168.1.1 * 255.255.255.255 UH 0 0 0 wlan0 217.138.xxx.xxx 192.168.1.1 255.255.255.255 UGH 0 0 0 wlan0

When the connection drops and reconnection occurs, I see that the routing table is recreated but the VPN IP address is not in it:

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.8.3.1 128.0.0.0 UG 0 0 0 tun0 default 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 8.8.8.8 192.168.1.1 255.255.255.255 UGH 0 0 0 wlan0 10.8.3.0 255.255.255.0 U 0 0 0 tun0 128.0.0.0 10.8.3.1 128.0.0.0 UG 0 0 0 tun0 192.168.1.0 255.255.255.0 U 0 0 0 wlan0 192.168.1.1 * 255.255.255.255 UH 0 0 0 wlan0

Of course, no internet access is possible this way, but openvpn is still running. Only after a very long time (around 9 minutes) openvpn understands there is a problem and then the routing table is updated.

This is what happens when there is a reconnection of the WiFi:

May 08 11:10:26 LibreELEC connmand[531]: wlan0 {del} address 192.168.1.143/24 label wlan0 May 08 11:10:26 LibreELEC connmand[531]: wlan0 {del} route 192.168.1.0 gw 0.0.0.0 scope 253 ... May 08 11:10:33 LibreELEC connmand[531]: wlan0 {add} address 192.168.1.143/24 label wlan0 family 2 May 08 11:10:33 LibreELEC connmand[531]: wlan0 {add} route 192.168.1.0 gw 0.0.0.0 scope 253 May 08 11:10:33 LibreELEC connmand[531]: wlan0 {add} route 192.168.1.1 gw 0.0.0.0 scope 253 May 08 11:10:33 LibreELEC connmand[531]: wlan0 {add} route 8.8.8.8 gw 192.168.1.1 scope 0 May 08 11:10:33 LibreELEC connmand[531]: wlan0 {add} route 0.0.0.0 gw 192.168.1.1 scope 0

and this is what I see around 9 minutes afterwards:

May 08 11:19:08 LibreELEC openvpn[820]: [xxxxxx.nordvpn.com] Inactivity timeout (--ping-restart), restarting May 08 11:19:08 LibreELEC openvpn[820]: SIGTERM received, sending exit notification to peer May 08 11:19:09 LibreELEC openvpn[820]: /sbin/ip route del 217.138.xxx.xxx/32 May 08 11:19:09 LibreELEC openvpn[820]: ERROR: Linux route delete command failed: external program exited with error status: 2 May 08 11:19:09 LibreELEC openvpn[820]: /sbin/ip route del 0.0.0.0/1 May 08 11:19:09 LibreELEC connmand[531]: tun0 {del} route 0.0.0.0 gw 10.8.3.1 scope 0 May 08 11:19:09 LibreELEC openvpn[820]: /sbin/ip route del 128.0.0.0/1 May 08 11:19:09 LibreELEC connmand[531]: tun0 {del} route 128.0.0.0 gw 10.8.3.1 scope 0 May 08 11:19:09 LibreELEC openvpn[820]: Closing TUN/TAP interface May 08 11:19:09 LibreELEC openvpn[820]: /sbin/ip addr del dev tun0 10.8.3.10/24 May 08 11:19:09 LibreELEC connmand[531]: tun0 {del} address 10.8.3.10/24 label tun0 May 08 11:19:09 LibreELEC connmand[531]: tun0 {del} route 10.8.3.0 gw 0.0.0.0 scope 253 May 08 11:19:09 LibreELEC systemd[1]: openvpn.service: Deactivated successfully. May 08 11:19:59 LibreELEC connmand[531]: tun0 {add} address 10.8.3.5/24 label tun0 family 2 May 08 11:19:59 LibreELEC connmand[531]: tun0 {add} route 10.8.3.0 gw 0.0.0.0 scope 253 May 08 11:19:59 LibreELEC connmand[531]: wlan0 {add} route 37.120.201.187 gw 192.168.1.1 scope 0 May 08 11:19:59 LibreELEC connmand[531]: tun0 {add} route 0.0.0.0 gw 10.8.3.1 scope 0 May 08 11:19:59 LibreELEC connmand[531]: tun0 {add} route 128.0.0.0 gw 10.8.3.1 scope 0 May 08 11:19:59 LibreELEC connmand[531]: wlan0 {add} route 37.120.xxx.xxx gw 192.168.1.1 scope 0

Of course, waiting for 9 minutes is rather tedious. Is there a way to improve this time? Or maybe a way to change the settings somewhere? The only number I can change is the connection validation frequency which is set to 60 seconds.

Settings are (I removed the configuration part)

true true true true http: !http://192.168 https: !https://192.168 false 60 true false true true true 0 true false false 02:00 false Last restart was at 2023-05-08 10:57:26, unscheduled false false false false 3 2 true Platform default false /usr/sbin/ true false true false true SIGTERM false true false false Validated connections false Auto select NordVPN 7.0.3 true true false 2023-05-08 10:57:26 unscheduled unscheduled 53,1,0 0,64,64 NordVPN false 1 1683537600 false VPN Manager VPN Mgr

Thanks!

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/400, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZJWE6XYEBXZKLTKCVLXFDFAVANCNFSM6AAAAAAXZYQ26I . You are receiving this because you are subscribed to this thread.Message ID: @.***>

lmarceg commented 1 year ago

Indeed, "Check Connection with PING" is on and also SIGUSR1 is remapped to SIGTERM. But I have the below in my vpn configuration

ping 15
ping-restart 0

and I have understood that if there is a ping in the configuration, the check will not work. ping-restart 0 also means I will rely on the server, which maybe sends a ping every 9 minutes. Maybe I need to remove such pings from the configuration? And how? I didn't add them...

Zomboided commented 1 year ago

The config comes from Nord, the ping parameters might get replaced, I honestly can't remember how the code works. The default is ping-exit 30 according to the wiki, which if checked in the options will be appended. You'll need to review the configuration being used (it's traced in the log when the process is killed/restarted) and see what ping and keep alive parameters are being used.

On Mon, May 8, 2023 at 4:27 PM lmarceg @.***> wrote:

Indeed, "Check Connection with PING" is on and also SIGUSR1 is remapped to SIGTERM. But I have the below in my vpn configuration

ping 15 ping-restart 0

and I have understood that if there is a ping in the configuration, the check will not work. ping-restart 0 also means I will rely on the server, which maybe sends a ping every 9 minutes. Maybe I need to remove such pings from the configuration? And how? I didn't add them...

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/400#issuecomment-1538572117, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZJJ72X3O5AUPF3T5FDXFEGGJANCNFSM6AAAAAAXZYQ26I . You are receiving this because you commented.Message ID: @.***>

lmarceg commented 1 year ago

Ah, you are right, in the log I see the values from the configurations change into

ping 60
ping-restart 180

So theoretically ping should work after 3 minutes and it's not like this, which is strange

Zomboided commented 1 year ago

Maybe restart is doing a restart without actually restarting the process...ie the point of enabling this https://github.com/Zomboided/service.vpn.manager/wiki/07.-Advanced-Options#network-down I can't remember the openvpn parameter for this and way too busy to spend time on this over the next couple days. If that's not in the ovpn file, you'll get exactly the behaviour you describe. I'm also surprised at the values you're seeing for these two ping parameters, as per https://github.com/Zomboided/service.vpn.manager/wiki/07.-Advanced-Options#check-connection-with-ping the values I think I set are different.

On Tue, May 9, 2023 at 10:26 AM lmarceg @.***> wrote:

Ah, you are right, in the log I see the values from the configurations change into

ping 60 ping-restart 180

So theoretically ping should work after 3 minutes and it's not like this, which is strange

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/400#issuecomment-1539614166, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZPZRE47KWCOWPX5CRLXFIEU5ANCNFSM6AAAAAAXZYQ26I . You are receiving this because you commented.Message ID: @.***>

lmarceg commented 1 year ago

In the meantime I am running a script that will ping an external server every X seconds and if this fails, I will kill openvpn It's the hard way but it should work. Thanks