[SOLVED] How to restart OpenVPN in a script?

salvadordalisdad

Hi Guys,

Sorry this is an old thread, but it's still a live subject for me...

I used to have a script on a separate server which monitored the OVPN client connections & when the Privado one failed again it would ssh into it & restart it exactly as above.

Since upgrading to 2.5.2 that has stopped working.
I couldn't be bothered to fix it because so much had changed that ssh login with publickey had also failed, and I'm fundamentally lazy when it comes to something I want!
However, I've now fixed it all, but the "svc restart ovpn client N" has stopped working completely. (N=1 or 2)
The script now works as before, the ssh login works again, but regardless of all that it's the phpshell bit which no longer works (from an ssh session as admin user).
I'm stumped. I have chedked & there don't seem to be any packages to load, and the phpshell works - at least it says it does. "openvpn has been restarted." it claims...
However, I just tested from the console & it works.
So it must be some kind of user privilege, but I already assinged shell account access to that user. I've added the three suggested ones User - System: Copy files (scp) / User - System: Shell account access / System - HA node sync

Any suggestions anyone? I'm obvs missing something, wouldn't be the first time!
Thanks in advance

salvadordalisdad

@salvadordalisdad

Have implemented the cron jobs above.
Hoping that will resolve the issue of not being able to restart ovpn clients through SSH session
Ideally they should still, so one day I'd like to fix that...

Only time will tell if that cron job (every 5 mins) fixes the privado problem.
TIA
;-)

AK_4_Life

Why not just use the Service Watchdog from the package manager?

salvadordalisdad

@salvadordalisdad

Sadly time told. Didn't work.

Finally the privado VPN failed again & the cron job didn't do the trick.

if ! /sbin/ping -c 10 4.2.2.1; then /usr/local/sbin/pfSsh.php playback svc restart openvpn server 1; fi

The cron job is running as "root" user. (should it be another user?)

So while the VPN was in a failed state, I dug a bit deeper & tried running it in an SSH session.
The native SSH session wasn't actually a 'normal' shell, so I started a "sh" shell so it could at least run that cron command.
The command ran OK, the ping was lost as it should be, but the "playback restart openvpn" bit didn't.

It responded with "Attempting to issue restart to openvpn service...openvpn has been restarted." but it didn't actually restart the service. It lied!

I manually restarted the service in the GUI, and that fixed it as it always has.

Anyone any idea why the "playback restart" bit didn't work please?

Thanks in advance.

salvadordalisdad

@salvadordalisdad

EDIT-
Just tried the same thing from the console, entering option 12 (php) and entering the sub-line above "playback....server 1" and it also gave the successful message as above, but did NOT restart the service as it claimed. Needed to check given previous experience.

salvadordalisdad

@salvadordalisdad

Update.

Disabled the cron job above & tied the watchdog service as suggested.

Based on the description of the watchdog service function, ("restarts service if the service gets stopped"), I wasn't expecting it to work, and I wasn't disappointed.

It didn't fix it.
VPN failed (again) and the watchdog service did not restart the VPN service. Well that's not what it said it would do, so I'm not going to complain about that.

Just need to make the PHP script to restart the ovpn client work like it used to in 2.4.x

;-)

guardian

@jsphgttgns said in How to restart OpenVPN in a script?:

I am using all kinds of OpenVPN connections and I never have to restart them manually. They typically run for months and automatically reconnect after a couple of seconds for all kinds of interruptions. There are OpenVPN settings related to that, but you haven't published your settings.

It may also make sense to increase the verbosity level and check whether there are any entries related to your problem.

I've placed my complete script in the original post -- it has been working great for many months.

salvadordalisdad

@guardian
Hi Guardian,

Thanks very much for the nudge, very much appreciated.
I will certainly give it a try.
I see that at the heart of your script is the "PHP playback service..." mechanism, which simply doesn't work on my instance.

I'm using 2.5.2 (there have been no updates since), and when I run it (either from cron or SSH/CLI or console) it says "yup done that" but it simply hasn't - weird.

I am pretty sure it used to work on some 2.4.x version I ran a while ago, but I'm getting forgetful so maybe I imagined it ;-)

It's a fresh install of 2.5.2 on a vmware esxi 6.7 platform, and everything else works, so I'm pretty stumped to be quite honest.

Are you using 2.5.2 or the earlier stable 2.4.x release?
Thanks

guardian

@salvadordalisdad said in [SOLVED] How to restart OpenVPN in a script?:

@guardian
Hi Guardian,

Thanks very much for the nudge, very much appreciated.
I will certainly give it a try.
I see that at the heart of your script is the "PHP playback service..." mechanism, which simply doesn't work on my instance.

I'm using 2.5.2 (there have been no updates since), and when I run it (either from cron or SSH/CLI or console) it says "yup done that" but it simply hasn't - weird.

I am pretty sure it used to work on some 2.4.x version I ran a while ago, but I'm getting forgetful so maybe I imagined it ;-)

It's a fresh install of 2.5.2 on a vmware esxi 6.7 platform, and everything else works, so I'm pretty stumped to be quite honest.

Are you using 2.5.2 or the earlier stable 2.4.x release?
Thanks

I'm running 2.5.2, and the script is working perfectly. My ISP was having some "issues" for about a week in December and this script did it's job very well... when the ISP connectivity issue killed the VPN connection, the script restarted everything and got it running again.

I see that at the heart of your script is the "PHP playback service..." mechanism, which simply doesn't work on my instance.
Do you know why it isn't working? I suspect that would lead you to the real trouble source.

salvadordalisdad

@guardian

Thanks that's incredibly helpful.

So I added a simple cron job for today which just ran the "playback" bit regardless of whether it needed to or no. Didn't happen. VPNs start time was last week sometime.

I think it just confirms I need a fresh install again.

I will update once I've done so, ;-)

guardian

@salvadordalisdad said in [SOLVED] How to restart OpenVPN in a script?:

@guardian

Thanks that's incredibly helpful.

So I added a simple cron job for today which just ran the "playback" bit regardless of whether it needed to or no. Didn't happen. VPNs start time was last week sometime.

I think it just confirms I need a fresh install again.

I will update once I've done so, ;-)

Might I suggest logging into the shell and running the commands manually. Create the restart statement, run it and make sure it's working. Then test your script manually to make sure that it is working. It took me several tries to get the syntax of the php statement correct, and debug the shell script. Nothing wrong with a fresh install, but you may not need it.

zz00mm

@guardian
I run the following in cron nightly. mainly so the exit node is a different city every day (LOL).

/usr/local/sbin/pfSsh.php playback svc restart openvpn client 1

I have 9 entries defined within the openvpn client with a random selection to the dns entry. The 1 after client equals the ovpnc<x>

I'm about to create a 2nd openvpn client with locations outside my country so the cron job for this client will be

/usr/local/sbin/pfSsh.php playback svc restart openvpn client 2

salvadordalisdad

@zz00mm

Oh good grief!

Thank you very much for the extra nudge which got me across the line...

You are right - I don't need to re-install, it works fine "when you get the syntax right".

In this case the "syntax" was collected from a post above in this thread, which appears to do the wrong thing.

This works:
/usr/local/sbin/pfSsh.php playback svc restart openvpn client 1

The syntax in the post above uses the keyword SERVER which may restart the server, but doesn't restart the client!

So I was also right when I remembered that it used to work previously - because I had the syntax right then, but I copied the wrong advice....what a muppet!

So now we have a mechanism to restart the OVPN client on demand, and the cron jobs in place to check & restart as required.

I do like your technique of changing locations daily - very sneaky 10/10.

I consider this issue closed, don't expect to add any updates as it will almost certainly be fine now.

Thanks.
"Permission to engage smug mode sir?" (Kryton)