This repository has been archived by the owner on Jun 6, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Home
DcR-NL edited this page Mar 21, 2017
·
7 revisions
First the usual notice: USE AT YOUR OWN RISK. Also - especially for the people coming from search engines - please read this Synology forum disclaimer.
- Check if tunnel up (always)
- Is tun0 present with hw-address 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00?
- If not present, assume VPN down, reconnect VPN (END OF SCRIPT)
- If present, assume OK, and continue
- Is tun0 present with hw-address 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00?
- Check IP (if variable domain present)
- Request current remote IP by querying ipinfo.io/ip (the IP of outbound requests, should be my VPN IP)
- Request real remote IP by querying the domain that points to my NAS (my domain points to my real remote IP, thanks to my dynamic dns)
- Check if both received IPs are valid IPs
- If one IP isn't a valid IP format, assume connection/VPN failure, reconnect VPN (END OF SCRIPT)
- If both IPs parse fine, assume OK, continue script
- Compare IPs
- If the IPs are the same, assume VPN down, reconnect VPN (END OF SCRIPT)
- If the IPs are different, assume OK, continue script
- HTTP status (if variable http_status_check_urls > 0)
- Perform http request(s) (URLs declared in the http_status_check_urls array)
- If at least one of the http status codes equal to the codes defined in the http_status_check_accepted_codes array, assume VPN is running fine (END OF SCRIPT)
- If all of the http status codes aren't equal to any of the defined status codes, assume VPN is down, reconnect VPN (END OF SCRIPT)
- Perform http request(s) (URLs declared in the http_status_check_urls array)
- Copy or download the script from this repository (vpn.sh).
- Place script on your nas (for example /volume1/other/vpn.sh) and add execution rights to user with sudo rights (admin by default).
- Replace these variables inside the script:
- domain - OPTIONAL - enter your domain. Or leave empty if you don't own one (skip this test).
-
syn_conf_id - VALUE REQUIRED - enter your VPN id. You can find the value here:
- For OpenVPN, SSH to here: /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf
- For L2TP, SSH to here: /usr/syno/etc/synovpnclient/l2tp/l2tpclient.conf (NOT TESTED!)
- syn_conf_name - VALUE REQUIRED - enter your VPN conf name (see previous variable, these files contain the value)
- syn_protocol - VALUE REQUIRED - enter the protocol (see syn_conf_id variable, these files contain the value)
- timeout_seconds - VALUE REQUIRED - limit the amount of time to perform web requests
- http_status_check_urls - MAY BE EMPTY OR DEFAULT - array containing http request URLs which should return a status code defined in the array below (indication the VPN is still working fine). Please define multiple URLs; respect the hosts. Or to skip this check, leave empty like this: http_status_check_urls=()
- http_status_check_accepted_codes - MAY BE EMPTY OR DEFAULT - array containing accepted http status codes (see: Wiki HTTP codes)
- log_to_file - VALUE REQUIRED - enabled by default (set to false to not log to a file)
- log_filename - VALUE REQUIRED IF log_to_file=true - filename of the log
- log_size_limit_bytes - VALUE REQUIRED IF log_to_file=true - log filesize limit in bytes (500KB by default)
- test_run - VALUE REQUIRED - disabled by default (set to true if you want to run/test the script without really killing and reconnecting the VPN)
- (Optional) Test the scrip manually, to verify it's running fine.
- One time while being connected to the VPN
- And one time without being connected to the VPN.
- Create a new Scheduled Task (Task Scheduler inside the DSM settings)
- Under General; select the 'root' user.
- Under Schedule; select 'Daily and 'Every 30 minutes'.
- Under Task settings; enter the path to the script (for example /volume1/other/vpn.sh)
- [Notice] Updated header to point to this repository
- [Bug] Will prompt for sudo password when running without elevation (instead of first failing to create the log file and not recovering)
- [Improvement] Better handling of resolving current script location for the purpose of logging to a file (introduced in the previous version)
- [New] Ability to log output to a file. Enabled by default; file will be purged when size grows past 500KB. Please consider the new variables (log_to_file, log_filename and log_size_limit_bytes) when updating
- [New] Ability to test run the script. When enabled, the script won't really touch the current VPN connection (kill, connect etc). Disabled by default. New variable: test_run
- [New] Check if current user is allowed to use temporary privilege elevation (sudo)
- [New] Randomise the order of the HTTP status code URLS on every run
- [New] Skip IP check if domain variable missing/empty
- [New] Skip HTTP status code check if there are no URLs defined
- [Improvement] Improved the logging a little bit (WARN and INFO separation)
- [Improvement] Little code refactoring (hopefully I haven't broken anything this time around :))
- [New] It's now possible to define multiple http status codes to check against. See array http_status_check_accepted_codes; assumes status 200 if non provided variable missing/empty
- [Notice] The variable http_code_check_urls has been renamed to http_status_check_urls
- [Bug] Fixed not reconnecting the VPN when all the URLs return something different than 200
- [New] Stops checking the HTTP status codes if one 200 is detected (no unnecessary spamming if using many URLs)
- [New] Echo date-time at the start of the script
- [Improvement] Script uses exit status code of the reconnect command, if a reconnect is triggered
- [Improvement] Checks declared in their own function
- [Improvement] Little code refactoring
- [Improvement] Some typos
- [New] It's now possible to declare multiple URLs to check for HTTP status 200. If one returns 200, the script will assume OK. No more VPN down assumptions because a single (external) host is down.
- [Improvement] Little code refactoring
- [Bug] Fixed creating new tun(x) interface every time we reconnect the VPN.
- [Bug] Fixed HTTP status code parsing in curl statement
- [New] IP check now also validates received IP
- [Improvement] Tun0 check before IP check
- [Improvement] Code refactoring
- [New] Added configuration variables