Page 2 of 4
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 7:22
by Chris12
@waaren, thanks for the new version of the script. I replaced the old script (and activated the script)
Code: Select all
2021-03-25 07:15:00.146 Status: dzVents: Info: SSH_0.20210324: ------ Start internal script: VPN Status:, trigger: "every minute"
2021-03-25 07:15:00.157 Status: dzVents: Debug: SSH_0.20210324: Processing device-adapter for VPN Status ON/OFF: Switch device adapter
2021-03-25 07:15:00.158 Status: dzVents: Debug: SSH_0.20210324: Executing Command: sudo ssh -p 2211 192.168.1.1 ' /usr/local/ashscripts/nvram get vpn_client1_state ;'
2021-03-25 07:15:00.407 Status: dzVents: Debug: SSH_0.20210324: Error ==>> Host key verification failed.
2021-03-25 07:15:00.407 Status: dzVents: Debug: SSH_0.20210324: Host key verification failed.
2021-03-25 07:15:00.407 ::ERROR::
2021-03-25 07:15:00.407
2021-03-25 07:15:00.407 Status: dzVents: Debug: SSH_0.20210324: Constructed timed-command: Off
2021-03-25 07:15:00.407 Status: dzVents: Debug: SSH_0.20210324: Executing Command: sudo ssh -p 2211 192.168.1.1 'service stop_vpnclient1 ; service start_vpnclient1 ;'
2021-03-25 07:15:00.636 Status: dzVents: Debug: SSH_0.20210324: Error ==>> Host key verification failed.
2021-03-25 07:15:00.636 Status: dzVents: Info: SSH_0.20210324: ------ Finished VPN Status
2021-03-25 07:15:00.641 Status: LUA: BuienRadar module
2021-03-25 07:15:00.694 Status: Notification: SSH_0.20210324
2021-03-25 07:15:00.407 Error: dzVents: Error: (3.0.18) SSH_0.20210324: Result: Host key verification failed.
2021-03-25 07:15:00.407 ::ERROR::
2021-03-25 07:15:00.407 : OpenVPN not connected. Check it out
2021-03-25 07:15:01.814 Notification sent (email) => Success
When I check this by using putty from my Synology NAS to the ASUS router, there is no issue or password asked.
Domoticz runs on this same NAS as a package
Code: Select all
Chris@DS415:~$ ssh [email protected] -p 2211
ASUSWRT-Merlin RT-AC86U 386.1_2 Fri Feb 12 22:48:22 UTC 2021
Admin@RT-AC86U-6B08:/tmp/home/root#
Via what user is the ssh command in the script done to the router?
Maybe if possible the user should be a variable too in the script.
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 8:58
by waaren
Chris12 wrote: ↑Thursday 25 March 2021 7:22
Via what user is the ssh command in the script done to the router?
The user executing the domoticz binary
Maybe if possible the user should be a variable too in the script.
Something like below?
Code: Select all
local scriptVersion = '0.20210325_01'
local scriptVar = 'SSH_' .. scriptVersion
--[[
This dzVents script is used to monitor open VPN state of a ASUS RT-AC86U router loaded with asuswrt-merlin firmware
The script use io.popen to trigger a nvram and when required do a service restart command on a remote system via ssh
(the router must be accessible by the user that is running the domoticz service, via password-less
SSH (with public / private key setup)
Before activating the script:
Read the GETTING STARTED section of the dzVents wiki.
Change the values in the script to reflect your setup
]]--
return
{
on =
{
timer =
{
'every minute', -- change to required frequency
},
},
logging =
{
level = domoticz.LOG_DEBUG, -- set to LOG_ERROR when tested and OK
marker = scriptVar,
},
execute = function(dz, item)
local remoteHost = '192.168.192.1' -- change to router IP
local message = 'OpenVPN not connected. Check it out'
local remoteUser = 'Admin'
local port = 2211
local VPNStatus = dz.devices(1155)
-- =======================================================================
-- NO changes required below this line
-- =======================================================================
--commands to execute remote
local commands =
{
status = ' /usr/local/ashscripts/nvram get vpn_client1_state ',
stop = 'service stop_vpnclient1 ',
start = 'service start_vpnclient1 ',
}
commands.restart = commands.stop .. '; ' .. commands.start
local function osCommand(cmd)
dz.log('Executing Command: ' .. cmd,dz.LOG_DEBUG)
local fileHandle = assert(io.popen(cmd .. ' 2>&1 || echo ::ERROR::', 'r'))
local commandOutput = assert(fileHandle:read('*a'))
local returnTable = {fileHandle:close()}
if commandOutput:find '::ERROR::' then -- something went wrong
dz.log('Error ==>> ' .. tostring(commandOutput:match('^(.*)%s+::ERROR::') or ' ... but no error message ' ) ,dz.LOG_DEBUG)
else -- all is fine!!
dz.log('ReturnCode: ' .. returnTable[3] .. '\ncommandOutput:\n' .. commandOutput, dz.LOG_DEBUG)
end
return commandOutput,returnTable[3] -- rc[3] contains returnCode
end
local function buildSSHCommand(cmd)
local sshBOL = "sudo ssh -p " .. port .. ' ' .. remoteUser .. '@' .. remoteHost .. " \'"
local sshEOL = ";\'"
local cmd = sshBOL .. cmd .. sshEOL
return cmd
end
-- Main
local result, rc = osCommand(buildSSHCommand(commands.status))
dz.log(result,dz.LOG_DEBUG)
if tonumber(result) ~= 2 then
dz.log('Result: ' .. result .. ': ' .. message, dz.LOG_ERROR)
dz.notify(scriptVar, message, dz.PRIORITY_HIGH)
VPNStatus.switchOff().checkFirst()
osCommand(buildSSHCommand(commands.restart))
else
dz.log('openVPN connected', dz.LOG_DEBUG)
VPNStatus.switchOn().checkFirst()
end
end
}
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 9:43
by Chris12
Hi @waaren,
with the new script I see this in the logging:
Code: Select all
2021-03-25 09:35:00.257 Status: dzVents: Info: SSH_0.20210325_01: ------ Start internal script: VPN Status:, trigger: "every minute"
2021-03-25 09:35:00.269 Status: dzVents: Debug: SSH_0.20210325_01: Processing device-adapter for VPN Status ON/OFF: Switch device adapter
2021-03-25 09:35:00.269 Status: dzVents: Debug: SSH_0.20210325_01: Executing Command: sudo ssh -p 2211 [email protected] ' /usr/local/ashscripts/nvram get vpn_client1_state ;'
2021-03-25 09:35:00.501 Status: dzVents: Debug: SSH_0.20210325_01: Error ==>> Host key verification failed.
2021-03-25 09:35:00.501 Status: dzVents: Debug: SSH_0.20210325_01: Host key verification failed.
2021-03-25 09:35:00.501 ::ERROR::
2021-03-25 09:35:00.501
2021-03-25 09:35:00.501 Status: dzVents: Debug: SSH_0.20210325_01: Constructed timed-command: Off
2021-03-25 09:35:00.501 Status: dzVents: Debug: SSH_0.20210325_01: Executing Command: sudo ssh -p 2211 [email protected] 'service stop_vpnclient1 ; service start_vpnclient1 ;'
2021-03-25 09:35:00.732 Status: dzVents: Debug: SSH_0.20210325_01: Error ==>> Host key verification failed.
2021-03-25 09:35:00.732 Status: dzVents: Info: SSH_0.20210325_01: ------ Finished VPN Status
2021-03-25 09:35:00.738 Status: LUA: BuienRadar module
2021-03-25 09:35:00.776 Status: Notification: SSH_0.20210325_01
2021-03-25 09:35:00.501 Error: dzVents: Error: (3.0.18) SSH_0.20210325_01: Result: Host key verification failed.
2021-03-25 09:35:00.501 ::ERROR::
2021-03-25 09:35:00.501 : OpenVPN not connected. Check it out
2021-03-25 09:35:01.973 Notification sent (email) => Success
Looking at this part:
Why is there:
/usr/local/ashscripts/ nvram get vpn_client1_state
And is the syntax of the command OK? because when using the cli I can succesfully do this: ssh
[email protected] -p 2211 (with the port part after the IP)
Chris@DS415:~$ sudo ssh -p 2211
[email protected]
The authenticity of host '[192.168.1.1]:2211 ([192.168.1.1]:2211)' can't be established.
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 9:53
by waaren
Chris12 wrote: ↑Thursday 25 March 2021 9:43
And is the syntax of the command OK? because when using the cli I can succesfully do this: ssh
[email protected] -p 2211 (with the port part after the IP)
The location of the -p parm should not matter. Changed it in below version. The ash is my test location you can just take it out.
Code: Select all
local scriptVersion = '0.20210325_03'
local scriptVar = 'SSH_' .. scriptVersion
--[[
This dzVents script is used to monitor open VPN state of a ASUS RT-AC86U router loaded with asuswrt-merlin firmware
The script use io.popen to trigger a nvram and when required do a service restart command on a remote system via ssh
(the router must be accessible by the user that is running the domoticz service, via password-less
SSH (with public / private key setup)
Before activating the script:
Read the GETTING STARTED section of the dzVents wiki.
Change the values in the script to reflect your setup
]]--
return
{
on =
{
timer =
{
'every minute', -- change to required frequency
},
},
logging =
{
level = domoticz.LOG_DEBUG, -- set to LOG_ERROR when tested and OK
marker = scriptVar,
},
execute = function(dz, item)
local remoteHost = '192.168.1.1' -- change to router IP
local message = 'OpenVPN not connected. Check it out'
local remoteUser = 'Admin'
local port = 2211
local VPNStatus = dz.devices(1155)
-- =======================================================================
-- NO changes required below this line
-- =======================================================================
--commands to execute remote
local commands =
{
status = ' nvram get vpn_client1_state ',
stop = 'service stop_vpnclient1 ',
start = 'service start_vpnclient1 ',
}
commands.restart = commands.stop .. '; ' .. commands.start
local function osCommand(cmd)
dz.log('Executing Command: ' .. cmd,dz.LOG_DEBUG)
local fileHandle = assert(io.popen(cmd .. ' 2>&1 || echo ::ERROR::', 'r'))
local commandOutput = assert(fileHandle:read('*a'))
local returnTable = {fileHandle:close()}
if commandOutput:find '::ERROR::' then -- something went wrong
dz.log('Error ==>> ' .. tostring(commandOutput:match('^(.*)%s+::ERROR::') or ' ... but no error message ' ) ,dz.LOG_DEBUG)
else -- all is fine!!
dz.log('ReturnCode: ' .. returnTable[3] .. '\ncommandOutput:\n' .. commandOutput, dz.LOG_DEBUG)
end
return commandOutput,returnTable[3] -- rc[3] contains returnCode
end
local function buildSSHCommand(cmd)
local sshBOL = "sudo ssh " .. remoteUser .. "@" .. remoteHost .. " -p " .. remotePort .. " \'"
local sshEOL = ";\'"
local cmd = sshBOL .. cmd .. sshEOL
return cmd
end
-- Main
local result, rc = osCommand(buildSSHCommand(commands.status))
dz.log(result,dz.LOG_DEBUG)
if tonumber(result) ~= 2 then
dz.log('Result: ' .. result .. ': ' .. message, dz.LOG_ERROR)
dz.notify(scriptVar, message, dz.PRIORITY_HIGH)
VPNStatus.switchOff().checkFirst()
osCommand(buildSSHCommand(commands.restart))
else
dz.log('openVPN connected', dz.LOG_DEBUG)
VPNStatus.switchOn().checkFirst()
end
end
}
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 10:19
by Chris12
Ok, loaded the new script and saved it succesfully:
Code: Select all
2021-03-25 10:01:00.570 Error: dzVents: Error: (3.0.18) SSH_0.20210325_03: An error occurred when calling event handler VPN Status
2021-03-25 10:01:00.570 Error: dzVents: Error: (3.0.18) SSH_0.20210325_03: ...icz/var/scripts/dzVents/generated_scripts/VPN Status.lua:70: attempt to concatenate a nil value (global 'remotePort')
Found that the defined port parameter name should be remotePort instead, changed that.
The logfile now:
Code: Select all
2021-03-25 10:04:00.180 Status: dzVents: Info: SSH_0.20210325_03: ------ Start internal script: VPN Status:, trigger: "every minute"
2021-03-25 10:04:00.181 Status: dzVents: Debug: SSH_0.20210325_03: Processing device-adapter for VPN Status ON/OFF: Switch device adapter
2021-03-25 10:04:00.181 Status: dzVents: Debug: SSH_0.20210325_03: Executing Command: sudo ssh [email protected] -p 2211 'nvram get vpn_client1_state ;'
2021-03-25 10:04:00.409 Status: dzVents: Debug: SSH_0.20210325_03: Error ==>> Host key verification failed.
2021-03-25 10:04:00.409 Status: dzVents: Debug: SSH_0.20210325_03: Host key verification failed.
2021-03-25 10:04:00.409 ::ERROR::
2021-03-25 10:04:00.409
2021-03-25 10:04:00.409 Status: dzVents: Debug: SSH_0.20210325_03: Constructed timed-command: Off
2021-03-25 10:04:00.409 Status: dzVents: Debug: SSH_0.20210325_03: Executing Command: sudo ssh [email protected] -p 2211 'service stop_vpnclient1 ; service start_vpnclient1 ;'
2021-03-25 10:04:00.409 Error: dzVents: Error: (3.0.18) SSH_0.20210325_03: Result: Host key verification failed.
2021-03-25 10:04:00.409 ::ERROR::
2021-03-25 10:04:00.409 : OpenVPN not connected. Check it out
2021-03-25 10:04:01.797 Notification sent (email) => Success
When I manually run the command on the cli:
sudo ssh
[email protected] -p 2211 'nvram get vpn_client1_state'
Code: Select all
Chris@DS415:~$ sudo ssh [email protected] -p 2211 'nvram get vpn_client1_state'
The authenticity of host '[192.168.1.1]:2211 ([192.168.1.1]:2211)' can't be established.
without 'sudo' it goes fine:
So I removed the sudo part out of the script:
Code: Select all
2021-03-25 10:11:00.176 Status: dzVents: Info: SSH_0.20210325_03: ------ Start internal script: VPN Status:, trigger: "every minute"
2021-03-25 10:11:00.190 Status: dzVents: Debug: SSH_0.20210325_03: Processing device-adapter for VPN Status ON/OFF: Switch device adapter
2021-03-25 10:11:00.190 Status: dzVents: Debug: SSH_0.20210325_03: Executing Command: ssh [email protected] -p 2211 'nvram get vpn_client1_state ;'
2021-03-25 10:11:00.278 Status: dzVents: Debug: SSH_0.20210325_03: Error ==>> Host key verification failed.
2021-03-25 10:11:00.278 Status: dzVents: Debug: SSH_0.20210325_03: Host key verification failed.
2021-03-25 10:11:00.278 ::ERROR::
2021-03-25 10:11:00.278
2021-03-25 10:11:00.278 Status: dzVents: Debug: SSH_0.20210325_03: Constructed timed-command: Off
2021-03-25 10:11:00.279 Status: dzVents: Debug: SSH_0.20210325_03: Executing Command: ssh [email protected] -p 2211 'service stop_vpnclient1 ; service start_vpnclient1 ;'
2021-03-25 10:11:00.369 Status: dzVents: Debug: SSH_0.20210325_03: Error ==>> Host key verification failed.
2021-03-25 10:11:00.369 Status: dzVents: Info: SSH_0.20210325_03: ------ Finished VPN Status
2021-03-25 10:11:00.562 Status: Notification: SSH_0.20210325_03
2021-03-25 10:11:00.278 Error: dzVents: Error: (3.0.18) SSH_0.20210325_03: Result: Host key verification failed.
2021-03-25 10:11:00.278 ::ERROR::
2021-03-25 10:11:00.278 : OpenVPN not connected. Check it out
2021-03-25 10:11:01.577 Notification sent (email) => Success
I can also see a ';' behind the command, maybe that is causing the issue?
I removed the ';' in the script at the sshEOL part.
But still the hostkey verification failed:
Code: Select all
2021-03-25 10:14:00.232 Status: dzVents: Info: monit: ------ Finished Monit-status-data
2021-03-25 10:14:00.233 Status: dzVents: Info: SSH_0.20210325_03: ------ Start internal script: VPN Status:, trigger: "every minute"
2021-03-25 10:14:00.233 Status: dzVents: Debug: SSH_0.20210325_03: Processing device-adapter for VPN Status ON/OFF: Switch device adapter
2021-03-25 10:14:00.233 Status: dzVents: Debug: SSH_0.20210325_03: Executing Command: ssh [email protected] -p 2211 'nvram get vpn_client1_state '
2021-03-25 10:14:00.330 Status: dzVents: Debug: SSH_0.20210325_03: Error ==>> Host key verification failed.
2021-03-25 10:14:00.330 Status: dzVents: Debug: SSH_0.20210325_03: Host key verification failed.
2021-03-25 10:14:00.330 ::ERROR::
2021-03-25 10:14:00.330
2021-03-25 10:14:00.330 Status: dzVents: Debug: SSH_0.20210325_03: Constructed timed-command: Off
2021-03-25 10:14:00.331 Status: dzVents: Debug: SSH_0.20210325_03: Executing Command: ssh [email protected] -p 2211 'service stop_vpnclient1 ; service start_vpnclient1 '
2021-03-25 10:14:00.419 Status: dzVents: Debug: SSH_0.20210325_03: Error ==>> Host key verification failed.
2021-03-25 10:14:00.419 Status: dzVents: Info: SSH_0.20210325_03: ------ Finished VPN Status
2021-03-25 10:14:00.504 Status: Notification: SSH_0.20210325_03
2021-03-25 10:14:00.330 Error: dzVents: Error: (3.0.18) SSH_0.20210325_03: Result: Host key verification failed.
2021-03-25 10:14:00.330 ::ERROR::
2021-03-25 10:14:00.330 : OpenVPN not connected. Check it out
2021-03-25 10:14:01.447 Notification sent (email) => Success
I'm thinking it is still an issue with the user running the specific command, becuase when I log in on my NAS cli with user 'admin' the command does not run OK:
Code: Select all
admin@DS415:~$ ssh [email protected] -p 2211 'nvram get vpn_client1_state '
The authenticity of host '[192.168.1.1]:2211 ([192.168.1.1]:2211)' can't be established.
with the user 'Chris' logged in to the NAS cli it works fine:
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 10:31
by waaren
Chris12 wrote: ↑Thursday 25 March 2021 10:19
with the user 'Chris' logged in to the NAS cli it works fine:
You defined passwordless access for user Chris but you should do the same for the user executing domoticz.
The sudo should not cause a problem.
The ; is just a separator between commands.
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 10:43
by Chris12
waaren wrote: ↑Thursday 25 March 2021 10:31
Chris12 wrote: ↑Thursday 25 March 2021 10:19
with the user 'Chris' logged in to the NAS cli it works fine:
You defined passwordless access for user Chris but you should do the same for the user executing domoticz.
The sudo should not cause a problem.
The ; is just a separator between commands.
Ok, that user is the user defined in domoticz settings for 'webste protection' ?
In my case that user is named 'domoticz'.
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 10:52
by waaren
Chris12 wrote: ↑Thursday 25 March 2021 10:43
Ok, that user is the user defined in domoticz settings for 'webste protection' ?
In my case that user is named 'domoticz'.
The user executing domoticz can be found using the command
from the CLI
it will show something like
Code: Select all
root 18496 1 0 Mar11 ? 01:52:39 /usr/local/domoticz/bin/domoticz -www 8084 -wwwroot /usr/local/domoticz/www/ -sslcert /usr/local/domoticz/server_cert.pem -approot /usr/local/domoticz/ -userdata /usr/local/domoticz/var/ -dbase /usr/local/domoticz/var/domoticz.db -log /usr/local/domoticz/var/domoticz.log
The user can be found by looking at the first column of the output. (Here it is root)
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 11:24
by Chris12
thanks @waaren, it now works as expected! repeated the procedure for password-less SSH for the root user as well.
Code: Select all
2021-03-25 11:10:00.363 Status: dzVents: Info: SSH_0.20210325_03: ------ Start internal script: VPN Status:, trigger: "every minute"
2021-03-25 11:10:00.364 Status: dzVents: Debug: SSH_0.20210325_03: Processing device-adapter for VPN Status ON/OFF: Switch device adapter
2021-03-25 11:10:00.364 Status: dzVents: Debug: SSH_0.20210325_03: Executing Command: ssh [email protected] -p 2211 'nvram get vpn_client1_state '
2021-03-25 11:10:00.534 Status: dzVents: Debug: SSH_0.20210325_03: ReturnCode: 0
2021-03-25 11:10:00.534 commandOutput:
2021-03-25 11:10:00.534 2
2021-03-25 11:10:00.534
2021-03-25 11:10:00.534 Status: dzVents: Debug: SSH_0.20210325_03: 2
2021-03-25 11:10:00.534
2021-03-25 11:10:00.534 Status: dzVents: Debug: SSH_0.20210325_03: openVPN connected
2021-03-25 11:10:00.534 Status: dzVents: Debug: SSH_0.20210325_03: Constructed timed-command: On
2021-03-25 11:10:00.534 Status: dzVents: Info: SSH_0.20210325_03: ------ Finished VPN Status
The device in domoticz shows the 'on' value as well.
Tested it by manually in the router turning OFF the VPN service.
It is noticed by the VPN script, a message sent to my email, and the VPN service is started again within seconds!
Code: Select all
2021-03-25 11:12:00.383 Status: dzVents: Info: SSH_0.20210325_03: ------ Start internal script: VPN Status:, trigger: "every minute"
2021-03-25 11:12:00.384 Status: dzVents: Debug: SSH_0.20210325_03: Processing device-adapter for VPN Status ON/OFF: Switch device adapter
2021-03-25 11:12:00.384 Status: dzVents: Debug: SSH_0.20210325_03: Executing Command: ssh [email protected] -p 2211 'nvram get vpn_client1_state '
2021-03-25 11:12:00.552 Status: dzVents: Debug: SSH_0.20210325_03: ReturnCode: 0
2021-03-25 11:12:00.552 commandOutput:
2021-03-25 11:12:00.552 0
2021-03-25 11:12:00.552
2021-03-25 11:12:00.552 Status: dzVents: Debug: SSH_0.20210325_03: 0
2021-03-25 11:12:00.552
2021-03-25 11:12:00.553 Status: dzVents: Debug: SSH_0.20210325_03: Constructed timed-command: Off
2021-03-25 11:12:00.553 Status: dzVents: Debug: SSH_0.20210325_03: Constructed timed-command: Off
2021-03-25 11:12:00.553 Status: dzVents: Debug: SSH_0.20210325_03: Executing Command: ssh [email protected] -p 2211 'service stop_vpnclient1 ; service start_vpnclient1 '
2021-03-25 11:12:00.553 Error: dzVents: Error: (3.0.18) SSH_0.20210325_03: Result: 0
2021-03-25 11:12:00.553 : OpenVPN not connected. Check it out
2021-03-25 11:12:01.832 Notification sent (browser) => Success
2021-03-25 11:12:01.834 (VPN Status ON/OFF) Light/Switch (VPN Status ON/OFF)
2021-03-25 11:12:01.748 Status: dzVents: Debug: SSH_0.20210325_03: ReturnCode: 0
2021-03-25 11:12:01.748 commandOutput:
2021-03-25 11:12:01.748
2021-03-25 11:12:01.748 Done.
2021-03-25 11:12:01.748
2021-03-25 11:12:01.748 Done.
2021-03-25 11:12:01.748
2021-03-25 11:12:01.748 Status: dzVents: Info: SSH_0.20210325_03: ------ Finished VPN Status
2021-03-25 11:12:01.749 Status: EventSystem: Script event triggered: /usr/local/domoticz/dzVents/runtime/dzVents.lua
Maybe one little adaption can be made to the script, that whenever the VPN is down an email message is now sent every 1 minute.
Can this be changed to sending (whenever the VPN stays down for a reason) messages every 5/10/15/30min, or every 1/4/8/12/24h (if possible a parameter in the script, so it can be configured to whatever you like). Otherwise the emailbox can be flooded with hundreds of messages, when for example you're a day away with no access.
Re: Detection VPN connection ASUS Merlin Router [Solved]
Posted: Thursday 25 March 2021 11:43
by waaren
Chris12 wrote: ↑Thursday 25 March 2021 11:24
It now works as expected.
Maybe one little adaption can be made to the script, that whenever the VPN is down an email message is now sent every 1 minute.
Can this be changed to sending (whenever the VPN stays down for a reason) messages every 5/10/15/30min, or every 1/4/8/12/24h (if possible a parameter in the script, so it can be configured to whatever you like).
Something like this ?
Code: Select all
local scriptVersion = '0.20210325_04'
local scriptVar = 'SSH_' .. scriptVersion
--[[
This dzVents script is used to monitor open VPN state of a ASUS RT-AC86U router loaded with asuswrt-merlin firmware
The script use io.popen to trigger a nvram and when required do a service restart command on a remote system via ssh
(the router must be accessible by the user that is running the domoticz service, via password-less
SSH (with public / private key setup)
Before activating the script:
Read the GETTING STARTED section of the dzVents wiki.
Change the values in the script to reflect your setup
]]--
return
{
on =
{
timer =
{
'every minute', -- change to required frequency
},
},
logging =
{
level = domoticz.LOG_DEBUG, -- set to LOG_ERROR when tested and OK
marker = scriptVar,
},
execute = function(dz, item)
local remoteHost = '192.168.1.1' -- change to router IP
local notConnectedMessage = 'OpenVPN not connected. Check it out'
local reconnectedMessage = 'OpenVPN (re)connected'
local remoteUser = 'Admin'
local remotePort = 2211
local VPNStatus = dz.devices(1155)
local notifyFrequency = 60 -- frequency in minutes
-- =======================================================================
-- NO changes required below this line
-- =======================================================================
--commands to execute remote
local commands =
{
status = ' nvram get vpn_client1_state ',
stop = 'service stop_vpnclient1 ',
start = 'service start_vpnclient1 ',
}
commands.restart = commands.stop .. '; ' .. commands.start
local function osCommand(cmd)
dz.log('Executing Command: ' .. cmd,dz.LOG_DEBUG)
local fileHandle = assert(io.popen(cmd .. ' 2>&1 || echo ::ERROR::', 'r'))
local commandOutput = assert(fileHandle:read('*a'))
local returnTable = {fileHandle:close()}
if commandOutput:find '::ERROR::' then -- something went wrong
dz.log('Error ==>> ' .. tostring(commandOutput:match('^(.*)%s+::ERROR::') or ' ... but no error message ' ) ,dz.LOG_DEBUG)
else -- all is fine!!
dz.log('ReturnCode: ' .. returnTable[3] .. '\ncommandOutput:\n' .. commandOutput, dz.LOG_DEBUG)
end
return commandOutput,returnTable[3] -- rc[3] contains returnCode
end
local function buildSSHCommand(cmd)
local sshBOL = "sudo ssh " .. remoteUser .. "@" .. remoteHost .. " -p " .. remotePort .. " \'"
local sshEOL = ";\'"
local cmd = sshBOL .. cmd .. sshEOL
return cmd
end
-- Main
local result, rc = osCommand(buildSSHCommand(commands.status))
dz.log(result,dz.LOG_DEBUG)
if tonumber(result) ~= 2 then
if VPNStatus.state == 'On' or VPNStatus.lastUpdate.minutesAgo > notifyFrequency then
dz.log('Result: ' .. result .. ': ' .. notConnectedMessage, dz.LOG_ERROR)
dz.notify(scriptVar, notConnectedMessage, dz.PRIORITY_HIGH)
VPNStatus.switchOff().checkFirst()
end
osCommand(buildSSHCommand(commands.restart))
else
if VPNStatus.state == 'Off' then
dz.log(reconnectedMessage, dz.LOG_DEBUG)
dz.notify(scriptVar, reconnectedMessage, dz.PRIORITY_LOW)
VPNStatus.switchOn().checkFirst()
end
end
end
}
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 11:56
by Chris12
Ok, difficult to test if messages wil apear every xx minutes as the script directly kicks-in whenever the VPN is down
but scripts works fine.
Maybe add a status message as well when the status is still connected (2) after the every 1min check?
Something like: 'OpenVPN still connected!!'
Code: Select all
2021-03-25 11:53:00.334 Status: dzVents: Info: SSH_0.20210325_04: ------ Start internal script: VPN Status:, trigger: "every minute"
2021-03-25 11:53:00.345 Status: dzVents: Debug: SSH_0.20210325_04: Processing device-adapter for VPN Status ON/OFF: Switch device adapter
2021-03-25 11:53:00.346 Status: dzVents: Debug: SSH_0.20210325_04: Executing Command: sudo ssh [email protected] -p 2211 'nvram get vpn_client1_state ;'
2021-03-25 11:53:00.650 Status: dzVents: Debug: SSH_0.20210325_04: ReturnCode: 0
2021-03-25 11:53:00.650 commandOutput:
2021-03-25 11:53:00.650 2
2021-03-25 11:53:00.650
2021-03-25 11:53:00.650 Status: dzVents: Debug: SSH_0.20210325_04: 2
2021-03-25 11:53:00.650
2021-03-25 11:53:00.650 Status: dzVents: Info: SSH_0.20210325_04: ------ Finished VPN Status
edit: I did change the 'port' parameter in the script, to 'remotePort' and left 'sudo' and the ';', that works fine!
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 12:11
by waaren
Chris12 wrote: ↑Thursday 25 March 2021 11:56
Maybe add a status message as well when the status is still connected (2) after the every 1min check?
With the example available in the script, you should be able to create your own messages with the frequency you want.
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 12:32
by Chris12
Ok, I also noticed that with the current script I do get an email message every 1 minute telling me 'OpenVPN reconnected'. The VPN is not down or was down at that moment (it has only been down when it manually did the test).
There only should be messages whenever the VPN connection state was down en brought back up again by the script.
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 12:39
by waaren
Chris12 wrote: ↑Thursday 25 March 2021 12:32
Ok, I also noticed that with the current script I do get an email message every 1 minute telling me 'OpenVPN reconnected'. The VPN is not down or was down at that moment (it has only been down when it manually did the test).
There only should be messages whenever the VPN connection state was down en brought back up again by the script.
I modified the last posted version. Please try and solve any remaining issues yourself. Happy to help if you run into troubles doing that but first try.
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 12:41
by Chris12
I did a quick test to see if the script looks at the correct values to determine VPN ON or OFF:
VPN ON:
VPN OFF:
So it is value 2 for ON and value 0 when OFF.
Does the script look at the correct value as I can see in the log a ReturnCode (0) and a commandOutput (2) value.
Code: Select all
2021-03-25 11:53:00.346 Status: dzVents: Debug: SSH_0.20210325_04: Executing Command: sudo ssh [email protected] -p 2211 'nvram get vpn_client1_state ;'
2021-03-25 11:53:00.650 Status: dzVents: Debug: SSH_0.20210325_04: ReturnCode: 0
2021-03-25 11:53:00.650 commandOutput:
2021-03-25 11:53:00.650 2
Re: Detection VPN connection ASUS Merlin Router
Posted: Thursday 25 March 2021 12:52
by Chris12
waaren wrote: ↑Thursday 25 March 2021 12:39
Chris12 wrote: ↑Thursday 25 March 2021 12:32
Ok, I also noticed that with the current script I do get an email message every 1 minute telling me 'OpenVPN reconnected'. The VPN is not down or was down at that moment (it has only been down when it manually did the test).
There only should be messages whenever the VPN connection state was down en brought back up again by the script.
I modified the last posted version. Please try and solve any remaining issues yourself. Happy to help if you run into troubles doing that but first try.
With the latest version I do not have the email message issue anymore!
Re: Detection VPN connection ASUS Merlin Router
Posted: Monday 03 May 2021 8:45
by Chris12
Hello @waaren,
Today I noticed that the VPN on my ASUS WRT router was not working anymore,
so I checked the script output in domoticz and the output of the VPN via putty:
domoticz:
Code: Select all
2021-05-03 08:29:00.304 Status: dzVents: Info: SSH_0.20210325_04: ------ Start internal script: VPN Status:, trigger: "every minute"
2021-05-03 08:29:00.316 Status: dzVents: Debug: SSH_0.20210325_04: Processing device-adapter for VPN Status ON/OFF: Switch device adapter
2021-05-03 08:29:00.316 Status: dzVents: Debug: SSH_0.20210325_04: Executing Command: sudo ssh [email protected] -p 2211 'nvram get vpn_client1_state ;'
2021-05-03 08:29:00.608 Status: dzVents: Debug: SSH_0.20210325_04: ReturnCode: 0
2021-05-03 08:30:00.612 commandOutput:
2021-05-03 08:30:00.612 2
Putty:
In my router the VPN status was showing: "OpenVPN My-VPN - Connected"
But without the statistics, which means that the VPN was not completely up.
I check the VPN client details in the router, and there the "service state" was
OFF instead of
ON (when working fine).
So there seems to be another check needed to check if the service state is actually ON/OFF, as the result of 'nvram get vpn_client1_state' gives an output of 2 in both cases (VPN completelly active, and service state OFF / service state ON)
Re: Detection VPN connection ASUS Merlin Router
Posted: Monday 03 May 2021 9:06
by Chris12
I did some searching on google, and I found that it maybe can also be the case that the number of connection attempts of OVPN are set to low (was set to 15 in my config). In case that my complete internet connection is down (provider disconnects), then OVPN will try that ammount of connections retries, if to low then it will stop I guess with connection attempts and leaves the VPN service-state to OFF and the VPN script won't detect it.
So I set the connection retry attempts to infinity (0).
Maybe you can enhance the script to check the actual WAN connection as well?
I will try to find the actual asus wrt commands to do so.
Re: Detection VPN connection ASUS Merlin Router
Posted: Monday 03 May 2021 10:56
by waaren
Chris12 wrote: ↑Monday 03 May 2021 9:06
Maybe you can enhance the script to check the actual WAN connection as well?
I will try to find the actual asus wrt commands to do so.
Does a
Code: Select all
ping 8.8.8.8 -c1 -w1 # = Google dns
work in normal circumstances? If so I could add this check to the script when VPN is up once every n minutes.
Re: Detection VPN connection ASUS Merlin Router
Posted: Monday 03 May 2021 11:11
by Chris12
Hi waaren,
Just checked:
Code: Select all
root@DS415:~# ping 8.8.8.8 -c1 -w1 # = Google dns
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=7.44 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 7.447/7.447/7.447/0.000 ms
So this works.
I expect when the connection retries are now set to infinity, that the OVPN will go up whenever het WAN is there again (15 times was the previous value, and I think thats like 15x30sec = 6min). But it always nice to have an extra check/fallback done via the script.
And maybe 1 email message as well when the wan=down detection has been done (and 1 email when up again), so I can manually check if everything is back up and running as expected after that. Detection based on missed like 5 (number configurable in script) pings?
One other question:
when looking at the domoticz log of the currect VPN script I can see this
Code: Select all
2021-05-03 11:04:00.086 Status: dzVents: Info: SSH_0.20210325_04: ------ Start internal script: VPN Status:, trigger: "every minute"
2021-05-03 11:04:00.086 Status: dzVents: Debug: SSH_0.20210325_04: Processing device-adapter for VPN Status ON/OFF: Switch device adapter
2021-05-03 11:04:00.086 Status: dzVents: Debug: SSH_0.20210325_04: Executing Command: sudo ssh [email protected] -p 2211 'nvram get vpn_client1_state ;'
2021-05-03 11:04:00.404 Status: dzVents: Debug: SSH_0.20210325_04: ReturnCode: 0
2021-05-03 11:04:00.404 commandOutput:
2021-05-03 11:04:00.404 2
2021-05-03 11:04:00.404
2021-05-03 11:04:00.404 Status: dzVents: Debug: SSH_0.20210325_04: 2
2021-05-03 11:04:00.404
2021-05-03 11:04:00.404 Status: dzVents: Info: SSH_0.20210325_04: ------ Finished VPN Status
Where in the script are the 'empty' lines defined? And can the 'commandOutput:' have the result value directly behing it, like the 'ReturnCode' has?