Closed Manfred73 closed 3 years ago
michaelherger
commented
3 years ago My experience is pretty much the same: the client seems to think it was connected, but no data would be transferred. I believe it would think it did send data, but doesn't receive. I usually have to go to the machine's DSM, and stop/restart the VPN manually. Luckily enough for me this only happens every few weeks.
GamerGun
commented
3 years ago I had the same, that's why i modified the script. https://gist.github.com/GamerGun/0c82142f434178867c1de0cbd29622a4 https://community.synology.com/enu/forum/17/post/53791?reply=202006 But i am now using my router instead for handling vpn traffic. Much faster and more reliable
ianharrier
commented
3 years ago Have you tried setting VPN_CHECK_METHOD=gateway_ping in version 1.1.x? I created that option because I also had similar issues, where DSM would think the VPN connection was live but wouldn't pass any traffic over the link. To preserve compatibility for people upgrading from an older version of the script, I didn't make VPN_CHECK_METHOD=gateway_ping the default option, as it may not work in all cases, especially if the gateway doesn't respond to ping.
Manfred73
commented
3 years ago I had the same, that's why i modified the script. https://gist.github.com/GamerGun/0c82142f434178867c1de0cbd29622a4 https://community.synology.com/enu/forum/17/post/53791?reply=202006 But i am now using my router instead for handling vpn traffic. Much faster and more reliable
I just got a new Wifi6 router from ASUS this week, so maybe I should setup VPN on the router instead, although for me I only want my Synology to go through the VPN, not all my other devices in the LAN network.
Manfred73
commented
3 years ago VPN_CHECK_METHOD
Ah, I didn't see that option. I've set it to gateway_ping now. Manually disconnected, then run script from ssh shell. In DSM I see "Connecting" but in the end, connection still fails and in DSM: Could not establish a network connection. I'm using Private Internet Access (with strong encryption RSA 4096).
GamerGun
commented
3 years ago I had the same, that's why i modified the script. https://gist.github.com/GamerGun/0c82142f434178867c1de0cbd29622a4 https://community.synology.com/enu/forum/17/post/53791?reply=202006 But i am now using my router instead for handling vpn traffic. Much faster and more reliable
I just got a new Wifi6 router from ASUS this week, so maybe I should setup VPN on the router instead, although for me I only want my Synology to go through the VPN, not all my other devices in the LAN network.
You can with Asus, i know for sure with the Merlin firmware. Even has a kill switch
ianharrier
commented
3 years ago VPN_CHECK_METHOD
Ah, I didn't see that option. I've set it to gateway_ping now. Manually disconnected, then run script from ssh shell. In DSM I see "Connecting" but in the end, connection still fails and in DSM: Could not establish a network connection. I'm using Private Internet Access (with strong encryption RSA 4096).
When you run from the shell, is it running as root?
Manfred73
commented
3 years ago VPN_CHECK_METHOD
Ah, I didn't see that option. I've set it to gateway_ping now. Manually disconnected, then run script from ssh shell. In DSM I see "Connecting" but in the end, connection still fails and in DSM: Could not establish a network connection. I'm using Private Internet Access (with strong encryption RSA 4096).
When you run from the shell, is it running as root?
Yes, I'm running the script under root, but owner of the script is my own user.
Manfred73
commented
3 years ago You can with Asus, i know for sure with the Merlin firmware. Even has a kill switch
Hm, Merlin firmware looks interesting.
GamerGun
commented
3 years ago You can with Asus, i know for sure with the Merlin firmware. Even has a kill switch
Hm, Merlin firmware looks interesting.
Sure does, and plenty of support on snbforums
Manfred73
commented
3 years ago Yes, I'm running the script under root, but owner of the script is my own user.
Well, some progress. Changing ownership of the script to root:root does the trick.
melbnz
commented
3 years ago Hi Ian, unsure if you'll see this as its closed. I've finally got round to loading your great script and i'd already selected the ping method as i get the 'sleeping VPN' connection. However i'm wondering if it's working pinging the gateway as i dont see any output from the script? As i'm a NOOB can you advise if when i look at 'view result' in task scheduler it should show something?
I scroll back through them ans both script and Std Output/error are empty even for the job when i had manually disconnected VPN and your srcipt then re-connected VPN - i can see this in the logs and did receive an email. Thanks
BTW - is there any 'terminal' in synology where i can run your script from the GUI to see output?
Thanks in advance
ianharrier
commented
3 years ago Hi Ian, unsure if you'll see this as its closed. I've finally got round to loading your great script and i'd already selected the ping method as i get the 'sleeping VPN' connection. However i'm wondering if it's working pinging the gateway as i dont see any output from the script? As i'm a NOOB can you advise if when i look at 'view result' in task scheduler it should show something? I scroll back through them ans both script and Std Output/error are empty even for the job when i had manually disconnected VPN and your srcipt then re-connected VPN - i can see this in the logs. Thanks BTW - is there any 'terminal' in synology where i can run your script from the GUI to see output?
Thanks in advance
The script should log one of the following when the ping option is enabled:
[I] The gateway IP $GATEWAY_IP responded to ping.
[W] The gateway IP $GATEWAY_IP did not respond to ping.If you're not seeing that, you might have a formatting error when setting the variable. It must appear exactly as VPN_CHECK_METHOD=gateway_ping (no spaces, case sensitive).
I think DSM will only show you the log via the web GUI if you configure a save location for the logs at Task Scheduler > Settings. Alternatively, you could disable the "Send run details only when the script terminates abnormally" option on the task, which would send emails to you every time the script runs.
To my knowledge, there is not a web-based terminal in DSM. You'd need to enable SSH instead.
melbnz
commented
3 years ago Hi Ian, unsure if you'll see this as its closed. I've finally got round to loading your great script and i'd already selected the ping method as i get the 'sleeping VPN' connection. However i'm wondering if it's working pinging the gateway as i dont see any output from the script? As i'm a NOOB can you advise if when i look at 'view result' in task scheduler it should show something? I scroll back through them ans both script and Std Output/error are empty even for the job when i had manually disconnected VPN and your srcipt then re-connected VPN - i can see this in the logs. Thanks BTW - is there any 'terminal' in synology where i can run your script from the GUI to see output? Thanks in advance
The script should log one of the following when the ping option is enabled:
[I] The gateway IP $GATEWAY_IP responded to ping. [W] The gateway IP $GATEWAY_IP did not respond to ping.If you're not seeing that, you might have a formatting error when setting the variable. It must appear exactly as
VPN_CHECK_METHOD=gateway_ping(no spaces, case sensitive).I think DSM will only show you the log via the web GUI if you configure a save location for the logs at Task Scheduler > Settings. Alternatively, you could disable the "Send run details only when the script terminates abnormally" option on the task, which would send emails to you every time the script runs.
To my knowledge, there is not a web-based terminal in DSM. You'd need to enable SSH instead.
Appreciate the swift response :-) I had formatted correctly, and now i have turned on email for each run and run manually and email states ping is successful - so this is most excellent - thanks again have a good day/night wherever you are.
Manfred73
commented
3 years ago What I did in taskscheduler, is redirect all output to a logfile, so I can always check that via WinScp or SSH (or even through Filestation):
/bin/sh /volume1/homes/username/scripts/reconnect-vpn.sh >>/volume1/homes/username/scripts/reconnect-vpn.log 2>&1
Hi,
For years now Synology has not been able to implement a proper solution for this so I've used your reconnect script before to reconnect my opvenVPN connection when it's down.
But I've noticed it's no longer working. When I manually disconnect, and then run your latest version 1.1.1 I always get an error VPN failed to reconnect, but when I establish the connection manually from DSM it works. I'm running DSM 6.2.3-25426 Update 3.
I've also regularly noticed that in DSM, the vpn stats says connected, but in fact the connection is not working (all outbound access is blocked, because I blocked all outgoing traffic from my NAS in my router, except for the openVPN port so all traffic should go through the VPN connection).
Any ideas why the script can no longer reconnect?