OPNsense Forum

English Forums => Virtual private networks => Topic started by: williamk on April 07, 2021, 07:05:24 pm

Title: Using Monit to restart openvpn server when ping fails
Post by: williamk on April 07, 2021, 07:05:24 pm
Hi,

On the latest and greatest version of OPNsense.  Have a vpn Server on OPNsense router  that a client connects to for a site to site vpn.  Anytime a router on either side reboots, or if there is a network blip, the tunnel dies, and I have to login to router and start the openvpn service.  I tried following this tutorial, but cannot get it to work.

https://forum.opnsense.org/index.php?topic=6979.0

I can create the monit service for pinging the gateway of the remote network, but am stuck at how to get monit to actually restart the openvpn server.  Can anyone give me some guidance?

 On command line I can see the service.  If I run ps aux | grep openvpn I get:
root    88677   0.0  0.4 1073220  8632  -  Ss   08:16      0:00.26 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf

Title: Re: Using Monit to restart openvpn server when ping fails
Post by: mimugmail on April 08, 2021, 06:38:43 am
https://forum.opnsense.org/index.php?topic=19240.0
 8)
Title: Re: Using Monit to restart openvpn server when ping fails
Post by: cdietz on April 26, 2021, 10:40:40 am
Hello,
From my point of view there are two commands to restart the client, it worked so far on the console:

a
  ps aux | grep openvpn
shows the running openvpn servers, in my case three, one of them is the client, number three.
This task is apparently also a start command for my client:
  /usr/local/sbin/openvpn --config /var/etc/openvpn/client3.conf
Alternatively, it also does a on the console:
  pluginctl -s openvpn start 3

Both start the openvpnclient on the console again and the connection is established, a refresh of the dashboard GUI shows the success.

I would now like to have one of the commands from Monit execute as a start and could use some help.
  pluginctl -s openvpn start 3
is not accepted as a start command in the MonitGui,
   / usr / local / sbin / openvpn --config /var/etc/openvpn/client3.conf
is apparently not executed as a start command.

I'm still testing / looking further, but would be very grateful for some help, could you solve it?

https://forum.opnsense.org/index.php?topic=22745.msg108537#msg108537
Title: Re: Using Monit to restart openvpn server when ping fails
Post by: Greelan on April 26, 2021, 11:09:30 am
Try perhaps:

Code: [Select]
/bin/sh -c '/usr/local/sbin/pluginctl -s openvpn start 3'
A guess based on a monit task I have (for dpinger)
Title: Re: Using Monit to restart openvpn server when ping fails
Post by: cdietz on April 26, 2021, 06:14:52 pm
THX thats it!

To do this, I copied a service test settings "failed ping" in the Monit Gui and selected an Execute with the path above as the action. Under Service Settings then Ping test, Type Remote Host and in Tests the Ping and the Ping with Execute selected.

In general settings, set the polling interval to 300 so that the name server can adapt.

The client will now start again automatically after a WAN interruption.
Title: Re: Using Monit to restart openvpn server when ping fails
Post by: snoopy78 on December 19, 2022, 12:50:49 pm
i've found this thread...

also i want to restart my opnvpn clients on my opnsense (22.7.9_3)

in CLI i can successfully

root@OPNsense:~ # ps aux | grep openvpn
root          95966  25.8  0.0    17928    7952  -  Ss   12:38        0:16.58 /usr/local/sbin/openvpn --config /var/etc/openvpn/client15.conf
root          23564   0.0  0.0    17928    7808  -  Ss   12:38        0:00.41 /usr/local/sbin/openvpn --config /var/etc/openvpn/client19.conf
root          60688   0.0  0.0    17928    7952  -  Ss   12:40        0:00.04 /usr/local/sbin/openvpn --config /var/etc/openvpn/client12.conf


and also then successfully

root@OPNsense:~ # pluginctl -s openvpn start 19
Service `openvpn' has been started.
root@OPNsense:~ # pluginctl -s openvpn start 15
Service `openvpn' has been started.
root@OPNsense:~ # pluginctl -s openvpn start 12
Service `openvpn' has been started.


When i follow your steps, you created a copy of "ping failed" test and changed it to executable, which i did then too..
The failed ping test copy i can save successfully, but as soon as i select it in the service settings, i get issues
i see this in cli under " cat /usr/local/etc/monitrc"

"
check host OpenVPNClientGateway address 8.8.4.4
   if failed ping then alert
   if failedpingGW then exec /bin/sh -c '/usr/local/sbin/pluginctl -s openvpn start 12'

"
so basically the ping test and the script are there, but i can't save via webgui as i always get an error..

"
Error   monit   /usr/local/etc/monitrc:32: syntax error 'failedpingGW'
"

can you help me here please?
Title: Re: Using Monit to restart openvpn server when ping fails
Post by: snoopy78 on December 19, 2022, 01:53:43 pm
i've found this thread...

also i want to restart my opnvpn clients on my opnsense (22.7.9_3)

in CLI i can successfully

root@OPNsense:~ # ps aux | grep openvpn
root          95966  25.8  0.0    17928    7952  -  Ss   12:38        0:16.58 /usr/local/sbin/openvpn --config /var/etc/openvpn/client15.conf
root          23564   0.0  0.0    17928    7808  -  Ss   12:38        0:00.41 /usr/local/sbin/openvpn --config /var/etc/openvpn/client19.conf
root          60688   0.0  0.0    17928    7952  -  Ss   12:40        0:00.04 /usr/local/sbin/openvpn --config /var/etc/openvpn/client12.conf


and also then successfully

root@OPNsense:~ # pluginctl -s openvpn start 19
Service `openvpn' has been started.
root@OPNsense:~ # pluginctl -s openvpn start 15
Service `openvpn' has been started.
root@OPNsense:~ # pluginctl -s openvpn start 12
Service `openvpn' has been started.


When i follow your steps, you created a copy of "ping failed" test and changed it to executable, which i did then too..
The failed ping test copy i can save successfully, but as soon as i select it in the service settings, i get issues
i see this in cli under " cat /usr/local/etc/monitrc"

"
check host OpenVPNClientGateway address 8.8.4.4
   if failed ping then alert
   if failedpingGW then exec /bin/sh -c '/usr/local/sbin/pluginctl -s openvpn start 12'

"
so basically the ping test and the script are there, but i can't save via webgui as i always get an error..

"
Error   monit   /usr/local/etc/monitrc:32: syntax error 'failedpingGW'
"

can you help me here please?


aarrghh...

if i use the correct command...it works..
"
check host OpenVPNClientGateway address 8.8.4.4
   if failed ping then alert
   if failed ping then exec /bin/sh -c '/usr/local/sbin/pluginctl -s openvpn start 12'
"