Joined: 04 Aug 2018
Location: Appalachian mountains, USA
|Posted: Thu Aug 08, 2019 20:03 Post subject: Restart OpenVPN from the CLI or a script or the SES button!
|Minor Sept 2019 edit in italics
Occasionally a thread appears in which people seek a way to restart openvpn from the CLI or from a script, because the vpn connection has broken, has hung, or one needs to move the connection to a new server (using remote-random and multiple remote... commands in GUI>Services>VPN>OpenVPNclient's Additional Config block).
Typically the proposed methods involve killing and restarting the openvpn process or using stopservice and startservice commands. Extra scripts are often involved to take down and set up routes. In my own experimenting with those recommendations, I never got them to work. And in any case, it turns out it's simpler than that.
In the CLI or a script just do: killall -HUP openvpn
That's it. Running the route-up and -down scripts is done by the openvpn process. In fact, if you do ps | grep openvpn in the CLI (in a wide enough terminal window), you can see that the names of those scripts were provided to openvpn when the process was started. To really convince yourself, in the CLI do ip route show and ip route show table 10 to see the primary and vpn route tables before and after you do the restart. The tables are the same.
In addition to all that, you can go further and set up the SES button to run this command. On my WRT1900ACSv2 the SES button is on the back, on the side opposite the power switch, it's blue, and it's labeled with two snakes chasing each other. Of course the Reset Button must be enabled in GUI>Administration>Management. To use it for an openvpn restart, in GUI>Services>USB you'll need to have "Use SES Button to remove drives" disabled. (You'll need automount selected to even see the button.) And also in GUI>Services>Services>SES... you must have "Turning off radio" disabled.
The tools from which we can put together a simple little script are the gpio command to work the LEDs as documented at https://wiki.dd-wrt.com/wiki/index.php/Linksys_WRT1900AC#LEDs_and_GPIO_pins and dd-wrt's capacity to run a script when the button is pushed as documented at [url]See https://wiki.dd-wrt.com/wiki/index.php/Script_Execution[/url]. The LED part of the code below is specific to the Linksys WRT... router line and would need to be tweaked for other routers. Those URLs are quite old, so if these things worked way back then and still work for me in BS release 40009, they'll likely work in whatever release you are on as well, at least if the amber light is indeed at gpio 10 as in the WRT1900... routers.
All we need to do is put this little code block into the Startup Commands in GUI>Administration>Commands. (See the last paragraph below before you take this step, however!) When the router boots it creates the needed script in the required directory and with the required filename suffix.
|#Push/hold SES button until blinking starts (few sec) to restart OpenVPN.
mkdir -p /tmp/etc/config
cat <<'EOF' >/tmp/etc/config/restartOpenVPN.sesbutton
killall -HUP openvpn
for i in 1 2 3 ; do
gpio enable $AMB
gpio disable $AMB
chmod 700 /tmp/etc/config/restartOpenVPN.sesbutton
You can see that the key action is in the one killall... line. The rest of the script just blinks the amber light on the right side of the front panel three times in five seconds. Some such user feedback is essential, as if you don't depress the button long enough, nothing happens. It needs several seconds of holding it in the pushed position to get noticed. So you just hold it until you see the blinking start.
Of course before you add anything to the Startup commands, you should try it out in the CLI to make sure it doesn't do anything horrible like make your router hang. A hang from the CLI is fixable with the power switch. A hang in Startup that kills the GUI and CLI may take a dd-wrt reinstall to solve. So be disciplined and paste that code into the CLI, verify that it creates the desired executable file, and run that file to verify that it restarts openvpn and blinks the lights and emits no error messages. If there are issues, solve them at the CLI level before you add it to Startup.
Six of the Linksys WRT1900ACSv2 on r38159 (solid), r39144 (very solid), r40009 (solid), and r40784 (trying out). On various:
VLANs, client-mode travel router, two DNSCrypt servers (incl Quad9), multiple VAPs, USB/NAS, QoS, OpenVPN client/PBR (random NordVPN server).