Issues with external VPN as network interface

sasquash471@feddit.de · 1 year ago

Issues with external VPN as network interface

seemebreakthis@lemm.ee · edit-2 1 year ago

My script writing skills are pretty bad. So while this has worked for me, if you are up for it feel free to modify it any way you want.

First save this script somewhere in your home folder (or any folder of your choice). Name it vpn_watchdog.sh:

#!/bin/sh

LOGFILE="/volume1/homes/xxxxx/VPN_watchdog.log"
CURRENT_IP=`timeout -k 1 -s 0 5 curl icanhazip.com`
WATCHTIME=30
ALTERNATE_VPN=1

vpn_restart () {

        LAST=`ifconfig | grep "tun0"`

        while [ ! -z "$LAST" ]; do

                echo $(date)" - tun0 exists, killing vpn client..." >> $LOGFILE
                synovpnc kill_client
                sleep 5
                LAST=`ifconfig | grep "tun0"`

        done

        if [[ $ALTERNATE_VPN -eq 1 ]];then

#       2022-07-02 confined to one VPN only for now

#               ALTERNATE_VPN=2
                ALTERNATE_VPN=1

                cat >/usr/syno/etc/synovpnclient/vpnc_connecting <<END
conf_id=o1663422808
conf_name=Surfshark_HK
proto=openvpn
END


                echo $(date)" - Establishing VPN connection..." >> $LOGFILE

                synovpnc connect --id=o1663422808

        elif [[ $ALTERNATE_VPN -eq 2 ]];then

#       2022-07-02 confined to one VPN only for now

#               ALTERNATE_VPN=1

                cat >/usr/syno/etc/synovpnclient/vpnc_connecting <<END
conf_id=o1642598846
conf_name=Surfshark_TW
proto=openvpn
END

                echo $(date)" - Establishing alternate VPN connection..." >> $LOGFILE

                synovpnc connect --id=o1642598846

        fi

        sleep 20

        CONNECTION_TEST=`cat /usr/syno/etc/synovpnclient/vpnc_last_connect | grep server_ip0 | awk -F= 'NF==2 {print $2}'`
        CURRENT_IP=`timeout -k 1 -s 0 5 curl icanhazip.com`
        echo $(date)" - Completed command to start VPN.  IP used for connection test = "$CONNECTION_TEST", current IP = "$CURRENT_IP >> $LOGFILE

}

case $1 in

        start)

                echo $(date)" - Started, IP used for connection test = "$CONNECTION_TEST", current IP = "$CURRENT_IP >> $LOGFILE

                while true; do

                        sleep 30

                        LAST=`ping -I tun0 -c 5 -W 2 -q "$CONNECTION_TEST"`
                        OUTCOME=$?
                        LAST=`echo $LAST | grep "0 received"`

                        if [[ ! -z "$LAST" || $OUTCOME -eq 2 ]];then

                                echo $(date)" - Ping to "$CONNECTION_TEST" via TUN0 failed" >> $LOGFILE
                                vpn_restart

                        fi

                        LAST=`ping -c 5 -W 2 -q "$CONNECTION_TEST"`
                        OUTCOME=$?
                        LAST=`echo $LAST | grep "0 received"`

                        if [[ ! -z "$LAST" || $OUTCOME -eq 2 ]];then

                                echo $(date)" - Ping to "$CONNECTION_TEST" via general connection failed" >> $LOGFILE
                                vpn_restart

                        fi

                        LAST=`ifconfig | grep "tun0"`

                        if [ -z "$LAST" ];then

                                echo $(date)" - TUN0 down" >> $LOGFILE
                                vpn_restart

                        fi

                done
                ;;

        stop)

                echo $(date)" - Shutting down" >> $LOGFILE
                pkill -9 -f vpn_watchdog
                ;;

esac

You will then need to change something in the script:

LOGFILE -> change the ‘xxxxx’ to your home folder
o1663422808 and Surfshark_HK -> change according to the following instructions (info sourced from https://blog.benoitblanchon.fr/synology-auto-connect-vpn-at-startup/ ):

Quoting the relevant info from this site: The DSM comes with a command line tool to manage the VPN connection. As you’ll see the ergonomy is debatable, but it allows to initiate the connection from the shell. This tool is synovpnc, but before we can use it, we need the following file: /usr/syno/etc/synovpnclient/vpnc_connecting This is a temporary file that lives only a few seconds after you click “Connect” in the VPN configuration GUI. Your mission is to click on “Connect” and cat this file so you can see the configuration. It should be something among those lines: conf_id=o1481981647 conf_name=MyVpnConnection proto=openvpn The conf_id and conf_name is what we are after.

Once found, just change o1663422808 and Surfshark_HK with the names you found following the above instructions.

(Edit: Note - there are multiple occurrences of o1663422808 (and possibly Surfshark_HK) in the script, so change all occurrences) Now that we have created the script, 2 additional steps are needed:

Uncheck the ‘Reconnect when the VPN connection is lost’ checkbox. This script takes over the monitoring / restarting.
We need a way to run the script at system startup. Either you can figure out how to utilize ‘task scheduler’ to do this, or do what I did:

cd to /usr/local/etc/rc.d , then create a ‘startup.sh’ with the following content:

#!/bin/sh

# Start everything up in background.
# My experience shows Synology may start these process one by one, and only if one has finished will it start the next one.
# So for script with forever loops, it potentially will block other scripts from running
# Therefore I need to use one single script to start other scripts in the background.

case $1 in

        start)

               /bin/sh /volume1/homes/xxxxx/vpn_watchdog.sh stop

               /bin/sh /volume1/homes/xxxxx/vpn_watchdog.sh start &

                ;;

        stop)

               /bin/sh /volume1/homes/xxxxx/vpn_watchdog.sh stop &

                ;;

esac

Again, change xxxxx with your home folder (or whatever folder you placed the watchdog script in).

Also, remember to ‘chmod +x’ the scripts so they become executable.

That’s all I can think of. Good luck !