• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] How to restart OpenVPN in a script?

Scheduled Pinned Locked Moved OpenVPN
25 Posts 9 Posters 23.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    guardian Rebel Alliance @jsphgttgns
    last edited by Jun 3, 2018, 7:54 PM

    @jsphgttgns said in How to restart OpenVPN in a script?:

    I am using all kinds of OpenVPN connections and I never have to restart them manually. They typically run for months and automatically reconnect after a couple of seconds for all kinds of interruptions. There are OpenVPN settings related to that, but you haven't published your settings.

    It may also make sense to increase the verbosity level and check whether there are any entries related to your problem.

    Thanks for the reply. I've uploaded the settings that I used. The problem that I'm having is with Private Internet Access. I added some "Custom Settings" that I found in a forum that "more or less solved the problem" (drops occasionally - once every few weeks).

    0_1528055386238_OpenVPN_Clients_Settings.png

    If you have any idea as to what settings I should change, that would be most appreciated. Thankfully the connection doesn't drop very often, so it will no doubt take quite some time to know if I have been successful in finding the correct answer.

    If you find my post useful, please give it a thumbs up!
    pfSense 2.7.2-RELEASE

    1 Reply Last reply Reply Quote 0
    • J
      jsphgttgns
      last edited by Jun 4, 2018, 4:34 PM

      I think your "Custom options" are mostly superfluous. Just set up a test tunnel without the parameters and export the settings to study the default options.

      auth-nocache is more or less cosmetics and reneg-sec 0 may also not do a lot as the server might enforce the renogatiation.

      I'd setup a default tunnel without extra options and evaluate the log file. I also don't see why you need net30.

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by Jun 4, 2018, 5:53 PM

        playback svc restart openvpn client 1
        
        0) Logout (SSH only)                  9) pfTop
         1) Assign Interfaces                 10) Filter Logs
         2) Set interface(s) IP address       11) Restart webConfigurator
         3) Reset webConfigurator password    12) PHP shell + pfSense tools
         4) Reset to factory defaults         13) Update from console
         5) Reboot system                     14) Disable Secure Shell (sshd)
         6) Halt system                       15) Restore recent configuration
         7) Ping host                         16) Restart PHP-FPM
         8) Shell
          
        
        Enter an option: 12
        
        
        Starting the pfSense developer shell....
        
        Welcome to the pfSense developer shell
        
        Type "help" to show common usage scenarios.
        
        Available playback commands:
             changepassword checkopenvpn_status disablecarp disablecarpmaint disabledhcpd disablereferercheck enableallowallwan enablecarp enablecarpmaint enablesshd externalconfiglocator generateguicert gitsync installpkg listpkg removepkgconfig removeshaper resetwebgui restartdhcpd restartipsec svc tmp2 uninstallpkg 
        
        pfSense shell: playback svc restart openvpn client 1
        
        Playback of file svc started.
        
        Attempting to issue restart to openvpn service...
        
        openvpn has been restarted.
        pfSense shell: 
        
        
        G 1 Reply Last reply Jun 5, 2018, 7:17 PM Reply Quote 1
        • G
          guardian Rebel Alliance @heper
          last edited by guardian Jun 5, 2018, 7:23 PM Jun 5, 2018, 7:17 PM

          @heper said in How to restart OpenVPN in a script?:

          playback svc restart openvpn client 1
          
          0) Logout (SSH only)                  9) pfTop
           1) Assign Interfaces                 10) Filter Logs
           2) Set interface(s) IP address       11) Restart webConfigurator
           3) Reset webConfigurator password    12) PHP shell + pfSense tools
           4) Reset to factory defaults         13) Update from console
           5) Reboot system                     14) Disable Secure Shell (sshd)
           6) Halt system                       15) Restore recent configuration
           7) Ping host                         16) Restart PHP-FPM
           8) Shell
            
          
          Enter an option: 12
          
          
          Starting the pfSense developer shell....
          
          Welcome to the pfSense developer shell
          
          Type "help" to show common usage scenarios.
          
          Available playback commands:
               changepassword checkopenvpn_status disablecarp disablecarpmaint disabledhcpd disablereferercheck enableallowallwan enablecarp enablecarpmaint enablesshd externalconfiglocator generateguicert gitsync installpkg listpkg removepkgconfig removeshaper resetwebgui restartdhcpd restartipsec svc tmp2 uninstallpkg 
          
          pfSense shell: playback svc restart openvpn client 1
          
          Playback of file svc started.
          
          Attempting to issue restart to openvpn service...
          
          openvpn has been restarted.
          pfSense shell: 
          
          

          Thanks very much for this! That's what I want to accomplish.

          I'm a bit of a noob, so I need a bit of context. How can I wrap that command for use on a bash shell?

          I'm assuming I need a small php script or is it possible to run the built in shell from the command line and pipe this command to it?

          If you find my post useful, please give it a thumbs up!
          pfSense 2.7.2-RELEASE

          H 1 Reply Last reply Jun 5, 2018, 7:25 PM Reply Quote 0
          • H
            heper @guardian
            last edited by heper Jun 5, 2018, 9:06 PM Jun 5, 2018, 7:25 PM

            @guardian
            More info here:https://doc.pfsense.org/index.php/Using_the_PHP_pfSense_Shell

            Not at pc atm, so can't provide a ready to use example

            [root@pfsense.lan]/root: pfSsh.php playback svc restart openvpn client 1
            
            Starting the pfSense developer shell....
            
            Attempting to issue restart to openvpn service...
            
            openvpn has been restarted.
            [root@pfsense.lan]/root: 
            
            
            G 1 Reply Last reply Jun 5, 2018, 9:37 PM Reply Quote 1
            • G
              guardian Rebel Alliance @heper
              last edited by Jun 5, 2018, 9:37 PM

              @heper said in How to restart OpenVPN in a script?:

              @guardian
              More info here:https://doc.pfsense.org/index.php/Using_the_PHP_pfSense_Shell

              Not at pc atm, so can't provide a ready to use example

              [root@pfsense.lan]/root: pfSsh.php playback svc restart openvpn client 1
              
              Starting the pfSense developer shell....
              
              Attempting to issue restart to openvpn service...
              
              openvpn has been restarted.
              [root@pfsense.lan]/root: 
              
              

              The problem with a lot of documentation is often lack of context. If you sort of know, but just need a reminder it's great, but if you don't know and don't have a lot of background it can be very frustrating.

              Thanks so much for going the extra mile on this, that's exactly what I need. I really appreciate it.

              If you find my post useful, please give it a thumbs up!
              pfSense 2.7.2-RELEASE

              1 Reply Last reply Reply Quote 0
              • N
                nivz
                last edited by Dec 26, 2018, 2:30 AM

                I know this is an old post, but it helped me a lot as I was looking to do the same with auto restarting openvpn due to private internet access going down randomly.

                What I ended up doing was putting the following in a script and running it via cron.

                #!/bin/sh
                WAN_IP=`/sbin/ifconfig vmx0 | /usr/bin/grep inet | /usr/bin/grep -v inet6 | /usr/bin/awk '{print $2}'`
                PUBLIC_IP=$(/usr/local/bin/curl -s https://api.ipify.org)
                if [ "$WAN_IP" = "$PUBLIC_IP" ]
                then
                /usr/local/sbin/pfSsh.php playback svc restart openvpn client 1
                fi
                

                (Change vmx0 to your actual WAN interface name)
                Hopefully someone else might find this helpful.

                G 1 Reply Last reply Dec 28, 2018, 6:49 AM Reply Quote 0
                • G
                  guardian Rebel Alliance @nivz
                  last edited by Dec 28, 2018, 6:49 AM

                  @nivz said in How to restart OpenVPN in a script?:

                  I know this is an old post, but it helped me a lot as I was looking to do the same with auto restarting openvpn due to private internet access going down randomly.

                  What I ended up doing was putting the following in a script and running it via cron.

                  #!/bin/sh
                  WAN_IP=`/sbin/ifconfig vmx0 | /usr/bin/grep inet | /usr/bin/grep -v inet6 | /usr/bin/awk '{print $2}'`
                  PUBLIC_IP=$(/usr/local/bin/curl -s https://api.ipify.org)
                  if [ "$WAN_IP" = "$PUBLIC_IP" ]
                  then
                  /usr/local/sbin/pfSsh.php playback svc restart openvpn client 1
                  fi
                  

                  (Change vmx0 to your actual WAN interface name)
                  Hopefully someone else might find this helpful.

                  Thanks for the reply... there is some useful code there (how to restart openvpn client). I'm assuming that this setup pipes all traffic over the VPN, and if the VPN goes down all traffic goes directly out?

                  I wouldn't be very happy if my VPN traffic went out unencrypted - I'd want everything blocked. In my case I let a lot of traffic go out normally, and then have another VLAN for my VPN traffic. VPN goes down, traffic on that VPN doesn't go out.

                  Any idea how to direct
                  PUBLIC_IP=$(/usr/local/bin/curl -s https://api.ipify.org)
                  out a specific interface?

                  BTW, you can ditch the second grep by doing this: /usr/bin/grep 'inet '

                  If you find my post useful, please give it a thumbs up!
                  pfSense 2.7.2-RELEASE

                  1 Reply Last reply Reply Quote 0
                  • R
                    rschossler
                    last edited by rschossler Oct 1, 2019, 7:48 PM Oct 1, 2019, 4:40 PM

                    Eu tive problemas onde o tunel VPN permanecia conectado, porém por algum motivo as rotas dos túneis eram perdidas. Sem sucesso na leitura dos logs, resolvi da seguinte maneira:

                    Instalado pacote Cron;
                    Criada tarefa na cron do pfSense (5 em 5 minutos, como root):

                    if ! /sbin/ping -c 10 10.0.30.201; then /usr/local/sbin/pfSsh.php playback svc restart openvpn server 9; fi
                    

                    img02.PNG

                    Para descobrir o ID da VPN, execute "ps uxaww | grep openvpn" (Diagnostics / Command Prompt / Execute Shell Command) e verifique os arquivos de configurações das VPNs (Exemplo: /var/etc/openvpn/server9.conf).

                    ps uxaww | grep openvpn
                    

                    img01.PNG

                    OBSERVAÇÃO: No IP remoto, utilize um IP estático diferente do servidor que completa o tunel VPN, para garantir que a VPN realmente está com problemas.

                    Escolhi essa opção de reinicialização do OpenVPN, direto na Cron, devido a mesma ficar salva no backup do pfSense, evitando criar scripts paralelos dentro do servidor e facilitando a restauração em caso de problemas.

                    Capturar.PNG

                    1 Reply Last reply Reply Quote 0
                    • T
                      TV
                      last edited by Jul 13, 2021, 9:32 PM

                      To further annoy the "old thread" folks, my slightly modified version of the script provided by @nivz

                      (Goal being to reduce the likelihood of a OVRC WattBox watchdog power-cycling this pfsense box in an "all traffic thru the tunnel or nothing" scenario for some remote office locations)

                      #!/bin/sh
                      #
                      VPN_IF=$1
                      if [ "$VPN_IF" = "" ]; then
                        VPN_IF=6
                      fi
                      VPN_IP=`/sbin/ifconfig ovpnc$VPN_IF | /usr/bin/grep 'inet ' | /usr/bin/awk '{print $2}'`
                      VPN_GW=`/sbin/ifconfig ovpnc$VPN_IF | /usr/bin/grep 'inet ' | /usr/bin/awk '{print $4}'`
                      echo "VPN Interface  = $VPN_IF"
                      echo "VPN IP Address = $VPN_IP"
                      echo "VPN Gateway    = $VPN_GW"
                      if [ "$VPN_IP" != "" ] && [ "$VPN_GW" != "" ]
                      then
                        # If ovpn interface has an IP and a gateway, test further
                        /sbin/ping -c 3 -S $VPN_IP $VPN_GW > /dev/null
                        if [ "$?" = "0" ]
                        then
                          echo "Success pinging gateway"
                        else
                          # Failed pinging first-hop, ping something public
                          echo "Failed pinging gateway"
                          /sbin/ping -c 3 -S $VPN_IP 8.8.8.8 > /dev/null
                          if [ "$?" = "0" ]
                          then
                            echo "Success pinging public IP"
                          else
                      	  # Failed both ping checks, restart ovpn service
                      	  echo "Failed pinging public IP"
                            /usr/local/sbin/pfSsh.php playback svc restart openvpn client $VPN_IF
                      	 fi
                        fi
                      else
                        # ovpn interface failed IP and/or gateway value check, restart service
                        /usr/local/sbin/pfSsh.php playback svc restart openvpn client $VPN_IF
                      fi
                      
                      1 Reply Last reply Reply Quote 0
                      • werterW werter referenced this topic on Nov 21, 2021, 9:35 AM
                      • werterW werter referenced this topic on Nov 21, 2021, 9:37 AM
                      • werterW werter referenced this topic on Nov 28, 2021, 2:07 PM
                      • werterW werter referenced this topic on Nov 28, 2021, 2:45 PM
                      • werterW werter referenced this topic on Dec 5, 2021, 10:19 AM
                      • werterW werter referenced this topic on Dec 8, 2021, 8:27 AM
                      • werterW werter referenced this topic on Dec 10, 2021, 12:31 PM
                      • werterW werter referenced this topic on Dec 11, 2021, 4:20 PM
                      • werterW werter referenced this topic on Dec 11, 2021, 4:22 PM
                      • werterW werter referenced this topic on Dec 19, 2021, 3:25 PM
                      • S
                        salvadordalisdad
                        last edited by Dec 28, 2021, 2:47 AM

                        Hi Guys,

                        Sorry this is an old thread, but it's still a live subject for me...

                        I used to have a script on a separate server which monitored the OVPN client connections & when the Privado one failed again it would ssh into it & restart it exactly as above.

                        Since upgrading to 2.5.2 that has stopped working.
                        I couldn't be bothered to fix it because so much had changed that ssh login with publickey had also failed, and I'm fundamentally lazy when it comes to something I want!
                        However, I've now fixed it all, but the "svc restart ovpn client N" has stopped working completely. (N=1 or 2)
                        The script now works as before, the ssh login works again, but regardless of all that it's the phpshell bit which no longer works (from an ssh session as admin user).
                        I'm stumped. I have chedked & there don't seem to be any packages to load, and the phpshell works - at least it says it does. "openvpn has been restarted." it claims...
                        However, I just tested from the console & it works.
                        So it must be some kind of user privilege, but I already assinged shell account access to that user. I've added the three suggested ones User - System: Copy files (scp) / User - System: Shell account access / System - HA node sync

                        Any suggestions anyone? I'm obvs missing something, wouldn't be the first time!
                        Thanks in advance

                        S 1 Reply Last reply Dec 29, 2021, 4:44 PM Reply Quote 0
                        • S
                          salvadordalisdad @salvadordalisdad
                          last edited by Dec 29, 2021, 4:44 PM

                          @salvadordalisdad

                          Have implemented the cron jobs above.
                          Hoping that will resolve the issue of not being able to restart ovpn clients through SSH session
                          Ideally they should still, so one day I'd like to fix that...

                          Only time will tell if that cron job (every 5 mins) fixes the privado problem.
                          TIA
                          ;-)

                          A S 2 Replies Last reply Dec 31, 2021, 1:12 PM Reply Quote 0
                          • A
                            AK_4_Life @salvadordalisdad
                            last edited by Dec 31, 2021, 1:12 PM

                            Why not just use the Service Watchdog from the package manager?

                            1 Reply Last reply Reply Quote 1
                            • werterW werter referenced this topic on Jan 2, 2022, 9:04 AM
                            • werterW werter referenced this topic on Jan 8, 2022, 8:43 AM
                            • werterW werter referenced this topic on Jan 8, 2022, 8:45 AM
                            • werterW werter referenced this topic on Jan 8, 2022, 8:46 AM
                            • werterW werter referenced this topic on Jan 8, 2022, 8:48 AM
                            • S
                              salvadordalisdad @salvadordalisdad
                              last edited by Jan 22, 2022, 10:37 PM

                              @salvadordalisdad

                              Sadly time told. Didn't work.

                              Finally the privado VPN failed again & the cron job didn't do the trick.

                              if ! /sbin/ping -c 10 4.2.2.1; then /usr/local/sbin/pfSsh.php playback svc restart openvpn server 1; fi
                              

                              The cron job is running as "root" user. (should it be another user?)

                              So while the VPN was in a failed state, I dug a bit deeper & tried running it in an SSH session.
                              The native SSH session wasn't actually a 'normal' shell, so I started a "sh" shell so it could at least run that cron command.
                              The command ran OK, the ping was lost as it should be, but the "playback restart openvpn" bit didn't.

                              It responded with "Attempting to issue restart to openvpn service...openvpn has been restarted." but it didn't actually restart the service. It lied!

                              I manually restarted the service in the GUI, and that fixed it as it always has.

                              Anyone any idea why the "playback restart" bit didn't work please?

                              Thanks in advance.

                              S 1 Reply Last reply Jan 23, 2022, 1:43 PM Reply Quote 0
                              • S
                                salvadordalisdad @salvadordalisdad
                                last edited by Jan 23, 2022, 1:43 PM

                                @salvadordalisdad

                                EDIT-
                                Just tried the same thing from the console, entering option 12 (php) and entering the sub-line above "playback....server 1" and it also gave the successful message as above, but did NOT restart the service as it claimed. Needed to check given previous experience.

                                S 1 Reply Last reply Jan 24, 2022, 7:54 AM Reply Quote 0
                                • S
                                  salvadordalisdad @salvadordalisdad
                                  last edited by Jan 24, 2022, 7:54 AM

                                  @salvadordalisdad

                                  Update.

                                  Disabled the cron job above & tied the watchdog service as suggested.

                                  Based on the description of the watchdog service function, ("restarts service if the service gets stopped"), I wasn't expecting it to work, and I wasn't disappointed.

                                  It didn't fix it.
                                  VPN failed (again) and the watchdog service did not restart the VPN service. Well that's not what it said it would do, so I'm not going to complain about that.

                                  Just need to make the PHP script to restart the ovpn client work like it used to in 2.4.x

                                  ;-)

                                  1 Reply Last reply Reply Quote 0
                                  • G
                                    guardian Rebel Alliance @jsphgttgns
                                    last edited by Jan 30, 2022, 5:59 AM

                                    @jsphgttgns said in How to restart OpenVPN in a script?:

                                    I am using all kinds of OpenVPN connections and I never have to restart them manually. They typically run for months and automatically reconnect after a couple of seconds for all kinds of interruptions. There are OpenVPN settings related to that, but you haven't published your settings.

                                    It may also make sense to increase the verbosity level and check whether there are any entries related to your problem.

                                    I've placed my complete script in the original post -- it has been working great for many months.

                                    If you find my post useful, please give it a thumbs up!
                                    pfSense 2.7.2-RELEASE

                                    S 1 Reply Last reply Jan 30, 2022, 2:58 PM Reply Quote 0
                                    • S
                                      salvadordalisdad @guardian
                                      last edited by Jan 30, 2022, 2:58 PM

                                      @guardian
                                      Hi Guardian,

                                      Thanks very much for the nudge, very much appreciated.
                                      I will certainly give it a try.
                                      I see that at the heart of your script is the "PHP playback service..." mechanism, which simply doesn't work on my instance.

                                      I'm using 2.5.2 (there have been no updates since), and when I run it (either from cron or SSH/CLI or console) it says "yup done that" but it simply hasn't - weird.

                                      I am pretty sure it used to work on some 2.4.x version I ran a while ago, but I'm getting forgetful so maybe I imagined it ;-)

                                      It's a fresh install of 2.5.2 on a vmware esxi 6.7 platform, and everything else works, so I'm pretty stumped to be quite honest.

                                      Are you using 2.5.2 or the earlier stable 2.4.x release?
                                      Thanks

                                      G 1 Reply Last reply Jan 30, 2022, 8:49 PM Reply Quote 0
                                      • werterW werter referenced this topic on Jan 30, 2022, 3:11 PM
                                      • werterW werter referenced this topic on Jan 30, 2022, 3:14 PM
                                      • G
                                        guardian Rebel Alliance @salvadordalisdad
                                        last edited by Jan 30, 2022, 8:49 PM

                                        @salvadordalisdad said in [SOLVED] How to restart OpenVPN in a script?:

                                        @guardian
                                        Hi Guardian,

                                        Thanks very much for the nudge, very much appreciated.
                                        I will certainly give it a try.
                                        I see that at the heart of your script is the "PHP playback service..." mechanism, which simply doesn't work on my instance.

                                        I'm using 2.5.2 (there have been no updates since), and when I run it (either from cron or SSH/CLI or console) it says "yup done that" but it simply hasn't - weird.

                                        I am pretty sure it used to work on some 2.4.x version I ran a while ago, but I'm getting forgetful so maybe I imagined it ;-)

                                        It's a fresh install of 2.5.2 on a vmware esxi 6.7 platform, and everything else works, so I'm pretty stumped to be quite honest.

                                        Are you using 2.5.2 or the earlier stable 2.4.x release?
                                        Thanks

                                        I'm running 2.5.2, and the script is working perfectly. My ISP was having some "issues" for about a week in December and this script did it's job very well... when the ISP connectivity issue killed the VPN connection, the script restarted everything and got it running again.

                                        I see that at the heart of your script is the "PHP playback service..." mechanism, which simply doesn't work on my instance.
                                        Do you know why it isn't working? I suspect that would lead you to the real trouble source.

                                        If you find my post useful, please give it a thumbs up!
                                        pfSense 2.7.2-RELEASE

                                        S 1 Reply Last reply Jan 31, 2022, 12:17 AM Reply Quote 1
                                        • S
                                          salvadordalisdad @guardian
                                          last edited by Jan 31, 2022, 12:17 AM

                                          @guardian

                                          Thanks that's incredibly helpful.

                                          So I added a simple cron job for today which just ran the "playback" bit regardless of whether it needed to or no. Didn't happen. VPNs start time was last week sometime.

                                          I think it just confirms I need a fresh install again.

                                          I will update once I've done so, ;-)

                                          G 1 Reply Last reply Jan 31, 2022, 12:23 AM Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received