Restart OpenVPN from the CLI or a script or the SES button!

Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1446
Location: Appalachian mountains, USA

PostPosted: Thu Aug 08, 2019 20:03    Post subject: Restart OpenVPN from the CLI or a script or the SES button! Reply with quote
Minor Sept 2019 edit in italics

Occasionally a thread appears in which people seek a way to restart openvpn from the CLI or from a script, because the vpn connection has broken, has hung, or one needs to move the connection to a new server (using remote-random and multiple remote... commands in GUI>Services>VPN>OpenVPNclient's Additional Config block).

Typically the proposed methods involve killing and restarting the openvpn process or using stopservice and startservice commands. Extra scripts are often involved to take down and set up routes. In my own experimenting with those recommendations, I never got them to work. And in any case, it turns out it's simpler than that.

In the CLI or a script just do: killall -HUP openvpn

That's it. Running the route-up and -down scripts is done by the openvpn process. In fact, if you do ps | grep openvpn in the CLI (in a wide enough terminal window), you can see that the names of those scripts were provided to openvpn when the process was started. To really convince yourself, in the CLI do ip route show and ip route show table 10 to see the primary and vpn route tables before and after you do the restart. The tables are the same.

In addition to all that, you can go further and set up the SES button to run this command. On my WRT1900ACSv2 the SES button is on the back, on the side opposite the power switch, it's blue, and it's labeled with two snakes chasing each other. Of course the Reset Button must be enabled in GUI>Administration>Management. To use it for an openvpn restart, in GUI>Services>USB you'll need to have "Use SES Button to remove drives" disabled. (You'll need automount selected to even see the button.) And also in GUI>Services>Services>SES... you must have "Turning off radio" disabled.

The tools from which we can put together a simple little script are the gpio command to work the LEDs as documented at https://wiki.dd-wrt.com/wiki/index.php/Linksys_WRT1900AC#LEDs_and_GPIO_pins and dd-wrt's capacity to run a script when the button is pushed as documented at [url]See https://wiki.dd-wrt.com/wiki/index.php/Script_Execution[/url]. The LED part of the code below is specific to the Linksys WRT... router line and would need to be tweaked for other routers. Those URLs are quite old, so if these things worked way back then and still work for me in BS release 40009, they'll likely work in whatever release you are on as well, at least if the amber light is indeed at gpio 10 as in the WRT1900... routers.

All we need to do is put this little code block into the Startup Commands in GUI>Administration>Commands. (See the last paragraph below before you take this step, however!) When the router boots it creates the needed script in the required directory and with the required filename suffix.
Code:
#Push/hold SES button until blinking starts (few sec) to restart OpenVPN.
mkdir  -p  /tmp/etc/config
cat  <<'EOF'  >/tmp/etc/config/restartOpenVPN.sesbutton
#!/bin/sh
    AMB=10
    killall  -HUP  openvpn
    for  i  in 1  2  3 ;  do
        gpio  enable  $AMB
        sleep  1
        gpio  disable  $AMB
        sleep  1
    done
EOF
chmod  700  /tmp/etc/config/restartOpenVPN.sesbutton

You can see that the key action is in the one killall... line. The rest of the script just blinks the amber light on the right side of the front panel three times in five seconds. Some such user feedback is essential, as if you don't depress the button long enough, nothing happens. It needs several seconds of holding it in the pushed position to get noticed. So you just hold it until you see the blinking start.

Of course before you add anything to the Startup commands, you should try it out in the CLI to make sure it doesn't do anything horrible like make your router hang. A hang from the CLI is fixable with the power switch. A hang in Startup that kills the GUI and CLI may take a dd-wrt reinstall to solve. So be disciplined and paste that code into the CLI, verify that it creates the desired executable file, and run that file to verify that it restarts openvpn and blinks the lights and emits no error messages. If there are issues, solve them at the CLI level before you add it to Startup.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Sponsor
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1446
Location: Appalachian mountains, USA

PostPosted: Mon Nov 18, 2019 0:52    Post subject: Reply with quote
Here's an updated version of the above startup code. It now checks to see whether the openvpn client process is running and starts it if necessary. This is useful because the process does occasionally (weeks to months) crash and exit.
Code:
#Push/hold SES button until blinking starts (few sec) to restart OpenVPN.
#Reset Button must be enabled in GUI>Administration>Management.
#SES button option in USB support (there when automount on)
#and "Turning off radio" in Services>Services>SES... must be off.
#See https://wiki.dd-wrt.com/wiki/index.php/Script_Execution
mkdir -p /tmp/etc/config
cat <<'EOF' >/tmp/etc/config/restartOpenVPN.sesbutton
#!/bin/sh
AMB=10
if OVPN=$(pidof openvpn); then
  kill -s HUP $OVPN
else
  openvpn --daemon --config /tmp/openvpncl/openvpn.conf \
    --route-up /tmp/openvpncl/route-up.sh \
    --route-pre-down /tmp/openvpncl/route-down.sh
fi
for i in 1 2 3 ; do
  gpio enable $AMB
  sleep 1
  gpio disable $AMB
  sleep 1
done
EOF
chmod 700 /tmp/etc/config/restartOpenVPN.sesbutton
I'm embarassed to see that I neglected to mention above that the gpio commands here are, as far as I know, specific to the Linksys/Marvell WRT routers (see https://wiki.dd-wrt.com/wiki/index.php/Linksys_WRT1900AC#LEDs_and_GPIO_pins), so the for loop may have to be modified or removed for other routers. My experience using the button is that it has to be held down for several seconds before the lights flash.
_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1446
Location: Appalachian mountains, USA

PostPosted: Mon Jan 13, 2020 18:59    Post subject: Reply with quote
iOS 13's "shortcut" app now has a "Run script over SSH" action that you can use to create an iPhone shortcut to ssh to the router and execute this chunk of the above code:
Code:
if OVPN=$(pidof openvpn); then
  kill -s HUP $OVPN
else
  openvpn --daemon --config /tmp/openvpncl/openvpn.conf \
    --route-up /tmp/openvpncl/route-up.sh \
    --route-pre-down /tmp/openvpncl/route-down.sh
fi

Set it up to log in as root (the grayed out "root" intially in that box is a suggestion, not a default value, so fill it in). I doubt dd-wrt will recognize the default iOS key type, but if you select RSA and 2048 bits and generate a new key, that will work fine. The only challenge is getting the public key into the router. I "shared" it to an actual computer using Signal's "note to self" feature and then copied it into the GUI from there. Maybe you can find a better way.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum