search

harleylg / autoddvpn

Automatically exported from code.google.com/p/autoddvpn
0 stars 0 forks source link

測試run-nokill-wait.sh這個rc_firewall腳本 #11

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
我目前跟Stephen在測試這個新腳本,主要改變是:

1) 等待PPTP撥號的時候能夠更智慧地判斷等待, 
如果等太久沒有播上就會kill掉某個PPTP 
process,這樣可以幫助某些ddwrt更容易播上PPTP
2) 目前這個腳本關閉了cron功能,但是仍會下載check.sh, 
這是為了簡化整個自動化的架構,如果必要的話可以sh 
check.sh執行手動修復。

rc_firewall內容如下:

cd /tmp;wget http://autoddvpn.googlecode.com/svn/trunk/run-nokill-wait.sh  && 
/bin/sh run-nokill-wait.sh || touch failed

Original issue reported on code.google.com by pahud...@gmail.com on 18 Jul 2010 at 3:49

GoogleCodeExporter commented 9 years ago 
請大家踴躍測試回報問題上來,謝謝

Original comment by pahud...@gmail.com on 18 Jul 2010 at 6:52

GoogleCodeExporter commented 9 years ago 
嗯,我这边的问题是这样,每次reboot之后
vpn会拨通一下(用ifconfig看到ppp1存在)
然后应该是你的脚本开始执行了
但vpn又会断开……然后导致静态路由添加了
但是最后的default GW会是ppp0的
之后过一会儿vpn又拨上去了,
但是用route查看发现最后的default GW并没有变成ppp1的
于是还是得手动执行vpndown.sh,vpnup.sh

另一方面,目前的情况,如果default GW是ppp1的
在vpn掉线的情况下,连DNS都会失效,导致任何网站都打不开

我没有仔细看源码,但是我建议是否可以考虑做如下的功能��
�
将静态路由的添加删除和vpn的up、down分离
(就是说写一遍以后不再删除)
而通过频繁的定时检测ppp1(vpn)是否存在来修改default GW
以便起到如果vpn拨通,则会自动走vpn;如果vpn掉线,也可以��
�常上国内网的效果

不知道表达得够不够清楚……

Original comment by Specter...@gmail.com on 18 Jul 2010 at 7:45

GoogleCodeExporter commented 9 years ago 
@Specter.Hi

你的說明我了解了。VPN播上之後可能會有各種原因造成VPN斷��
�假設環境是這樣

ppp0 ADSL
ppp1 PPTP

autoddvpn會在路由器開起來之後一直檢查是否PPTP播上了,如果�
��上之後會開始調整路由表,包括google DNS 
8.8.8.8也會強迫走VPN出去,避免被劫持。

但是這時候如果PPTP 
VPN斷線了,這會造成所有對國外的路由全部癱瘓,因為autoddvp
n並不會把路由表改回來。目前有提供vpndown.sh沒錯,但是autodd
vpn並不會去執行,這個目前還是只提供debug過程使用。

不切回來的原因是:
1) 
一旦切回來,但是VPN又播上了,這樣反復切換路由表可能會��
�更大的麻煩
2) 
一旦切回來,意味著DNS劫持風險出現,ddwrt下面所有電腦全部
可能被dns污染

因此autoddvpn這樣的配置有個前提是PPTP 
VPN要夠穩,不能經常短線才行。

好,如果還是偶爾會VPN斷線怎麼辦?

/tmp/check.sh 
這支程序會幫你檢查是否PPTP又連上了,如果連上會做必要的�
��復,之前我們設置在CRON裡面定期檢查,但是發現CRON如果時�
��設的太密集的話可能會有一些麻煩的結果,所以目前 
run-nokill-wait.sh 
裡面我把CRON給關掉了,目前這個實驗版本如果發現PPTP斷了則
需要手動執行sh check.sh來修復,修復log會放在 /tmp/last_check.log

Original comment by pahud...@gmail.com on 18 Jul 2010 at 7:56

GoogleCodeExporter commented 9 years ago 
check.sh 做的事情很簡單。

1) 檢查PPTP VPN是否連上
2) 檢查default gw是不是PPTP VPN gw, 
如果不是的話,執行vpndown.sh清空路由表,然後再vpnup.sh來重��
�載入路由表
3) 最後再檢查一次是否正常

目前在run-nokill-wait.sh 裡面只會下載check.sh, 
不交由cron來執行。

Original comment by pahud...@gmail.com on 18 Jul 2010 at 8:00

GoogleCodeExporter commented 9 years ago 
我剛剛使用一台硅谷的VPN測試目前這個rc_firewall,  
autoddvpn.log如下,目前看起來很順利。

root@DD-WRT:/tmp# cat /tmp/autoddvpn.log 
[INFO#496] 01/Jan/1970:00:00:24 log starts
[DEBUG#496] 01/Jan/1970:00:00:25 failed to get PPTPDEV, retry in 10 seconds
[DEBUG#496] 01/Jan/1970:00:00:35 failed to get PPTPDEV, retry in 10 seconds
[DEBUG#496] 01/Jan/1970:00:00:46 failed to get PPTPDEV, retry in 10 seconds
[DEBUG#496] 01/Jan/1970:00:00:56 failed to get PPTPDEV, retry in 10 seconds
[INFO#496] 01/Jan/1970:00:01:06 got concurrent 2 running clients, just leave 
them alone :-) 1/5
[DEBUG#496] 01/Jan/1970:00:01:06 failed to get PPTPDEV, retry in 10 seconds
[INFO#496] 01/Jan/1970:00:01:16 got PPTPDEV as ppp0, set into nvram
[INFO#496] 01/Jan/1970:00:01:17 got PPTPGW as 192.168.199.1, set into nvram
[INFO#496] 01/Jan/1970:00:01:17 VPN is UP, trying to modify the routing table
[INFO#677] OLDGW is 192.168.1.254
[INFO#677] delete default gw 192.168.1.254
[INFO#677] add default gw 192.168.199.1
[INFO#677] adding the static routes, this may take a while.
[INFO#677] final check the default gw
[DEBUG#677] my current gw is 192.168.199.1
[INFO#677] static routes added
[DEBUG#496] 01/Jan/1970:00:01:42 return 0
[INFO#496] 01/Jan/1970:00:01:42 preparing the exceptional routes
[INFO#496] 01/Jan/1970:00:01:42 modifying the exceptional routes
[INFO#496] 01/Jan/1970:00:01:42 fetching exceptional routes for flickr
[INFO#496] 01/Jan/1970:00:01:44 adding 68.142.214.43 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:44 adding 69.147.90.159 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:44 adding 69.147.90.215 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:44 adding 67.195.19.66 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:44 adding 67.195.19.74 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:44 fetching exceptional routes for vimeo
[INFO#496] 01/Jan/1970:00:01:45 adding 66.235.126.128 via wan_gateway
[INFO#496] 01/Jan/1970:00:01:45 modifying custom exceptional routes if available
[INFO#496] 01/Jan/1970:00:01:45 preparing the self-fix script
[DEBUG#496] 01/Jan/1970:00:01:46 ALL DONE!

Original comment by pahud...@gmail.com on 18 Jul 2010 at 8:12

GoogleCodeExporter commented 9 years ago 
嗯,我了解你说的担心DNS污染的问题
但是如果VPN已经断了,此时反正已经无法访问那些网站了啊��
�…其实也无所谓污染与否了啊
如果不把default GW切回来的话,徒然导致任何网站都打不开

不过确实如你所言,应该使用比较稳定的VPN

Original comment by Specter...@gmail.com on 18 Jul 2010 at 10:02

GoogleCodeExporter commented 9 years ago 
@Specter.Hi

謝謝你的建議,今晚我重新思考了一下你的建議,也觀察了��
�下DDWRT的filesystem配置,重新調整了整個邏輯,目前實做了一�
��新版本在這裡,這可能是一次很大的改進,請試試看

http://code.google.com/p/autoddvpn/issues/detail?id=12

Original comment by pahud...@gmail.com on 18 Jul 2010 at 5:00

GoogleCodeExporter commented 9 years ago 
這個問題即將在這裡獲得解決
http://code.google.com/p/autoddvpn/issues/detail?id=13

Original comment by pahud...@gmail.com on 18 Jul 2010 at 8:03

GoogleCodeExporter commented 9 years ago 
JFFS方式也獲得了解決
http://code.google.com/p/autoddvpn/wiki/jffs

Original comment by pahud...@gmail.com on 19 Jul 2010 at 9:23