Discussion:
[Openvpn-users] routing table gets corrupted
Jannis Ohms
2017-05-30 10:56:03 UTC
Permalink
Hi

I use openvpn to connect to a remote network and to tunnel all my traffic

but my gateway forgets a certin route from time to time

my VPN Server runs on 141.41.40.30

default 10.8.0.9 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0
141.41.38.0 * 255.255.255.0 U 0 0 0 eth0
141.41.40.30 141.41.38.1 255.255.255.255 UGH 0 0 0 eth0
192.168.3.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.3.81 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.3.82 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1

the Upeer routing table is fine because he is able to reach te server
via the gateway 141.41.38.1


default 10.8.0.9 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0
141.41.38.0 * 255.255.255.0 U 0 0 0 eth0
192.168.3.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.3.81 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.3.82 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1

But from time to time the routes to the server are removed.

This breaks my setup.

Is this a documented bug? Are there tools to track changes on my routing
table
David Sommerseth
2017-05-30 11:31:06 UTC
Permalink
Post by Jannis Ohms
Hi
I use openvpn to connect to a remote network and to tunnel all my traffic
but my gateway forgets a certin route from time to time
my VPN Server runs on 141.41.40.30
default 10.8.0.9 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0
141.41.38.0 * 255.255.255.0 U 0 0 0 eth0
141.41.40.30 141.41.38.1 255.255.255.255 UGH 0 0 0 eth0
192.168.3.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.3.81 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.3.82 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
the Upeer routing table is fine because he is able to reach te server
via the gateway 141.41.38.1
default 10.8.0.9 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0
141.41.38.0 * 255.255.255.0 U 0 0 0 eth0
192.168.3.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.3.81 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.3.82 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
But from time to time the routes to the server are removed.
This breaks my setup.
Is this a documented bug? Are there tools to track changes on my routing
table
This looks like Linux routing output. How do you start the tunnel?


--
kind regards,

David Sommerseth
Jannis Ohms
2017-05-30 11:50:51 UTC
Permalink
I use /etc/default/openvpn
Post by David Sommerseth
Post by Jannis Ohms
Hi
I use openvpn to connect to a remote network and to tunnel all my traffic
but my gateway forgets a certin route from time to time
my VPN Server runs on 141.41.40.30
default 10.8.0.9 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0
141.41.38.0 * 255.255.255.0 U 0 0 0 eth0
141.41.40.30 141.41.38.1 255.255.255.255 UGH 0 0 0 eth0
192.168.3.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.3.81 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.3.82 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
the Upeer routing table is fine because he is able to reach te server
via the gateway 141.41.38.1
default 10.8.0.9 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0
141.41.38.0 * 255.255.255.0 U 0 0 0 eth0
192.168.3.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.3.81 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.3.82 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
But from time to time the routes to the server are removed.
This breaks my setup.
Is this a documented bug? Are there tools to track changes on my routing
table
This looks like Linux routing output. How do you start the tunnel?
--
kind regards,
David Sommerseth
Jannis Ohms
2017-05-30 16:06:55 UTC
Permalink
one of my syscalls seems to get interrupted

May 30 15:41:34 raspberrypi ovpn-client[620]: event_wait : Interrupted
system call (code=4)
May 30 15:41:34 raspberrypi ovpn-client[620]: /sbin/ip route del 10.8.0.1/32
May 30 15:41:34 raspberrypi ovpn-client[620]: /sbin/ip route del
192.168.3.0/24
May 30 15:41:35 raspberrypi ovpn-client[620]: /sbin/ip route del
192.168.3.81/32
May 30 15:41:35 raspberrypi ovpn-client[620]: /sbin/ip route del
192.168.3.82/32
May 30 15:41:35 raspberrypi ovpn-client[620]: /sbin/ip route del
141.41.40.30/32
May 30 15:41:35 raspberrypi ovpn-client[620]: /sbin/ip route del 0.0.0.0/0
May 30 15:41:35 raspberrypi ovpn-client[620]: /sbin/ip route add
0.0.0.0/0 via 141.41.39.1
May 30 15:41:35 raspberrypi ovpn-client[620]: Closing TUN/TAP interface
May 30 15:41:35 raspberrypi ovpn-client[620]: /sbin/ip addr del dev tun0
local 10.8.0.10 peer 10.8.0.9
May 30 15:41:35 raspberrypi ovpn-client[620]: SIGTERM[hard,] received,
process exiting
Post by Jannis Ohms
I use /etc/default/openvpn
Post by David Sommerseth
Post by Jannis Ohms
Hi
I use openvpn to connect to a remote network and to tunnel all my traffic
but my gateway forgets a certin route from time to time
my VPN Server runs on 141.41.40.30
default 10.8.0.9 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0
141.41.38.0 * 255.255.255.0 U 0 0 0 eth0
141.41.40.30 141.41.38.1 255.255.255.255 UGH 0 0 0 eth0
192.168.3.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.3.81 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.3.82 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
the Upeer routing table is fine because he is able to reach te server
via the gateway 141.41.38.1
default 10.8.0.9 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0
141.41.38.0 * 255.255.255.0 U 0 0 0 eth0
192.168.3.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.3.81 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.3.82 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
But from time to time the routes to the server are removed.
This breaks my setup.
Is this a documented bug? Are there tools to track changes on my routing
table
This looks like Linux routing output. How do you start the tunnel?
--
kind regards,
David Sommerseth
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Jannis Ohms
2017-05-31 13:43:16 UTC
Permalink
hi

how can i configure openvpn to restart after the service crashes ?
iam running on raspbian
Joe Patterson
2017-05-31 14:08:23 UTC
Permalink
If openvpn crashing is a regular problem, that's very interesting in its
own right, and I'm sure we'd like to know more, and there's nothing much
you can do *within* openvpn to respond when openvpn crashes.

If openvpn is exiting normally and you don't want it to, my guess is that
you could look to the "connect-retry-max" and "auth-retry" config options,
depending on why it's exiting.

And in either case you *could* if you wanted to, kluge your way around it
by wrapping openvpn in a shell script that does something like "while true;
do openvpn..." (though, if you do that, make sure you don't have the
'daemon' option in your config)

-Joe
Post by Jannis Ohms
hi
how can i configure openvpn to restart after the service crashes ?
iam running on raspbian
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Riccardo Paolo Bestetti
2017-05-31 14:01:07 UTC
Permalink
It's not OpenVPN you should configure, but your Operating System.
You should refer to its documentation or its relevant mailing list.

Best regards,
Riccardo Paolo Bestetti

-----Original Message-----
From: Jannis Ohms [mailto:***@ostfalia.de]
Sent: 31 May 2017 15:43
To: openvpn-***@lists.sourceforge.net
Subject: [Openvpn-users] automatically restart openvpn

hi

how can i configure openvpn to restart after the service crashes ?
iam running on raspbian

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________
Openvpn-users mailing list
Openvpn-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Xen
2017-05-31 15:05:31 UTC
Permalink
Post by Riccardo Paolo Bestetti
It's not OpenVPN you should configure, but your Operating System.
You should refer to its documentation or its relevant mailing list.
You can also do:

# crontab -l | { cat; echo "*/15 * * * * /bin/sh -c 'ifconfig | grep
tun0 > /dev/null || systemctl restart openvn'"; } | crontab

This will check very 15 minutes whether tun0 is up and if not will use
systemctl to restart openvpn service.

Not sure what runs on Raspbian.
David Sommerseth
2017-05-31 16:28:07 UTC
Permalink
This post might be inappropriate. Click to display it.
Xen
2017-05-31 16:50:04 UTC
Permalink
Post by David Sommerseth
Post by Xen
Post by Riccardo Paolo Bestetti
It's not OpenVPN you should configure, but your Operating System.
You should refer to its documentation or its relevant mailing list.
# crontab -l | { cat; echo "*/15 * * * * /bin/sh -c 'ifconfig | grep
tun0 > /dev/null || systemctl restart openvn'"; } | crontab
This will check very 15 minutes whether tun0 is up and if not will use
systemctl to restart openvpn service.
Not sure what runs on Raspbian.
As you use systemctl, that implies systemd. Then that hack is truly
ugly compared to what systemd provides.
So how can you get systemd to send you emails?

Can you let it run a script on restart?

Regards.
Samuli Seppänen
2017-05-31 17:10:16 UTC
Permalink
Post by Xen
Post by David Sommerseth
Post by Xen
Post by Riccardo Paolo Bestetti
It's not OpenVPN you should configure, but your Operating System.
You should refer to its documentation or its relevant mailing list.
# crontab -l | { cat; echo "*/15 * * * * /bin/sh -c 'ifconfig | grep
tun0 > /dev/null || systemctl restart openvn'"; } | crontab
This will check very 15 minutes whether tun0 is up and if not will use
systemctl to restart openvpn service.
Not sure what runs on Raspbian.
As you use systemctl, that implies systemd. Then that hack is truly
ugly compared to what systemd provides.
So how can you get systemd to send you emails?
Can you let it run a script on restart?
Hi,

A few months back I looked into exactly this issue. Back then there was
no easy way to make systemd send emails. That is why I still use monit
which has good notification capabilities:

<https://www.mmonit.com/monit/>

Monit works by polling service states periodically, so some delay is
always involved. Monit can, however, do whatever you want when a problem
is encountered and is not limited to just restarting the service.

Combining systemd instantaneous restarts with monit's notifications is a
pretty good system imho.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
Xen
2017-05-31 17:37:47 UTC
Permalink
Post by Samuli Seppänen
Hi,
A few months back I looked into exactly this issue. Back then there was
no easy way to make systemd send emails. That is why I still use monit
<https://www.mmonit.com/monit/>
Hi, yes, that sounds pretty awesome!!!

The SystemD thing that Debbie sent me involves making service files that
then get referenced by other unit files and that get a parameter that
you can use to customize the script or output of your program.

I have been polling stuff too and I think it is a good system but then I
am usually not running as a daemon.

Monit sounds like a very good solution.

I'll have a look some time, thank you.
Post by Samuli Seppänen
Monit works by polling service states periodically, so some delay is
always involved. Monit can, however, do whatever you want when a problem
is encountered and is not limited to just restarting the service.
Combining systemd instantaneous restarts with monit's notifications is a
pretty good system imho.
Xen
2017-06-04 08:26:19 UTC
Permalink
Post by David Sommerseth
As you use systemctl, that implies systemd. Then that hack is truly
ugly compared to what systemd provides.
You know David,

I just tried to use a simple Path file for something and then a simple
Unit file (Service file) with systemd to send an email when that
happened.

Fine, I didn't use any built-in email facility.

I used:

/bin/sh -c 'echo | /usr/bin/mail -s subject root'

And that simply didn't work.
The command worked from the shell, and the command works from a cron
job.
But the command doesn't work from systemd.

It's systemd that's really ugly.
David Sommerseth
2017-06-04 23:04:32 UTC
Permalink
This post might be inappropriate. Click to display it.
Continue reading on narkive:
Loading...