Koozali.org formerly Contribs.org

OpenVPN : Monitoring

OpenVPN : Monitoring
« on: April 30, 2011, 01:11:36 AM »
Any tips on Monitoring OpenVPN connections and restarting if the link drops
.:DB:.

Offline Daniel B.

  • *
  • 1,693
    • Firewall Services, la sécurité des réseaux
Re: OpenVPN : Monitoring
« Reply #1 on: May 05, 2011, 10:59:33 AM »
I'm not sure which OpenVPN contrib you're talking about, but you shouldn't have to do anything. OpenVPN monitor the link itself, and will reconnecte as soon as the Internet link is available again.
C'est la fin du monde !!! :lol:

Re: OpenVPN : Monitoring
« Reply #2 on: May 10, 2011, 11:39:06 PM »
This is the OpenVPN SiteToSite Contrib

It's very good, but it does drop

I've been monitoring it by a ping every 3 minutes and restarting it if necessary, and this is not too bad, but it's not perfect

I'm using this;

Code: [Select]
#!/bin/bash
res=`ping -c 1 192.168.70.5 -w 5 | grep received | awk '{ print $4;}'`

if [ "$res" == "0" ]; then
    /usr/bin/logger "VPN Down: Attempting Restart .."
    /etc/init.d/openvpn-s2s stop
    sleep 5;killall openvpn
    sleep 5;/etc/rc.d/init.d/openvpn-s2s start

    /usr/bin/logger "VPN Down: Attempted Restart .."
#else
#    /usr/bin/logger "VPN Ok: $res"
fi
.:DB:.

Offline Daniel B.

  • *
  • 1,693
    • Firewall Services, la sécurité des réseaux
Re: OpenVPN : Monitoring
« Reply #3 on: May 11, 2011, 09:29:46 AM »
It should be re-connecting automatically, can you check the logs (/var/log/openvpn-s2s/) when OpenVPN is down ?
C'est la fin du monde !!! :lol:

Re: OpenVPN : Monitoring
« Reply #4 on: May 17, 2011, 12:40:55 AM »
Hi this took a while had to disable the checking and wait for an issue, but I get this

Thu May  5 11:45:47 2011 RESOLVE: Cannot resolve host address: thetarget.com: [TRY_AGAIN] A temporary error occurred on an authoritative name server.

This started coming through every .. twice a minute, 3 x a minute sometimes. I'm probably thinking the internet was down for a while; but it didn't come up by itself. I ran the monitor script manually and it came up.
.:DB:.

Offline Daniel B.

  • *
  • 1,693
    • Firewall Services, la sécurité des réseaux
Re: OpenVPN : Monitoring
« Reply #5 on: May 19, 2011, 09:41:08 AM »
This looks like a DNS resolution problem. It's very strange that restarting OpenVPN fixes the issue. If the remote peer has a fixed IP, you could use the IP directly.

Regards, Daniel
C'est la fin du monde !!! :lol:

Re: OpenVPN : Monitoring
« Reply #6 on: May 19, 2011, 09:58:46 AM »
Done that (fixed IP)...

This seem like the standard error you get when the link is not up;
The command
Quote

 host thetarget.com


resolves ok

Other techniques for checking work ok e.g.:
Quote

 telnet thetarget.com 25


And it's the same on a couple of installs (I've seen it during setup when the other end isn't up to receiving)

.:DB:.

Re: OpenVPN : Monitoring
« Reply #7 on: May 23, 2011, 02:20:34 AM »
Hi Have a live error at the moment
... The host has been down -likely 10 -12 hours, and is now up, the client has not, the message is in the logs, in order to reconnect I have to restart, the monitoring script will fix it when I run it .. and did ...

Ok, question - can I restart just one vpn (this client connects to two servers). My script restarts the whole server ...
.:DB:.

Offline Gert

  • ****
  • 208
    • http://www.huge.co.za
Re: OpenVPN : Monitoring
« Reply #8 on: June 08, 2012, 09:33:18 AM »
Thank you Brave Dave, your solution saved my life.