Skip to content
This repository has been archived by the owner on Jun 6, 2022. It is now read-only.

Home

Jump to bottom
DcR-NL edited this page Mar 21, 2017 · 7 revisions

First the usual notice: USE AT YOUR OWN RISK. Also - especially for the people coming from search engines - please read this Synology forum disclaimer.

Script flow (simplified)

  1. Check if tunnel up (always)
    1. Is tun0 present with hw-address 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00?
      1. If not present, assume VPN down, reconnect VPN (END OF SCRIPT)
      2. If present, assume OK, and continue
  2. Check IP (if variable domain present)
    1. Request current remote IP by querying ipinfo.io/ip (the IP of outbound requests, should be my VPN IP)
    2. Request real remote IP by querying the domain that points to my NAS (my domain points to my real remote IP, thanks to my dynamic dns)
    3. Check if both received IPs are valid IPs
      1. If one IP isn't a valid IP format, assume connection/VPN failure, reconnect VPN (END OF SCRIPT)
      2. If both IPs parse fine, assume OK, continue script
    4. Compare IPs
      1. If the IPs are the same, assume VPN down, reconnect VPN (END OF SCRIPT)
      2. If the IPs are different, assume OK, continue script
  3. HTTP status (if variable http_status_check_urls > 0)
    1. Perform http request(s) (URLs declared in the http_status_check_urls array)
      1. If at least one of the http status codes equal to the codes defined in the http_status_check_accepted_codes array, assume VPN is running fine (END OF SCRIPT)
      2. If all of the http status codes aren't equal to any of the defined status codes, assume VPN is down, reconnect VPN (END OF SCRIPT)

Installation

  1. Copy or download the script from this repository (vpn.sh).
  2. Place script on your nas (for example /volume1/other/vpn.sh) and add execution rights to user with sudo rights (admin by default).
  3. Replace these variables inside the script:
    • domain - OPTIONAL - enter your domain. Or leave empty if you don't own one (skip this test).
    • syn_conf_id - VALUE REQUIRED - enter your VPN id. You can find the value here:
      • For OpenVPN, SSH to here: /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf
      • For L2TP, SSH to here: /usr/syno/etc/synovpnclient/l2tp/l2tpclient.conf (NOT TESTED!)
    • syn_conf_name - VALUE REQUIRED - enter your VPN conf name (see previous variable, these files contain the value)
    • syn_protocol - VALUE REQUIRED - enter the protocol (see syn_conf_id variable, these files contain the value)
    • timeout_seconds - VALUE REQUIRED - limit the amount of time to perform web requests
    • http_status_check_urls - MAY BE EMPTY OR DEFAULT - array containing http request URLs which should return a status code defined in the array below (indication the VPN is still working fine). Please define multiple URLs; respect the hosts. Or to skip this check, leave empty like this: http_status_check_urls=()
    • http_status_check_accepted_codes - MAY BE EMPTY OR DEFAULT - array containing accepted http status codes (see: Wiki HTTP codes)
    • log_to_file - VALUE REQUIRED - enabled by default (set to false to not log to a file)
    • log_filename - VALUE REQUIRED IF log_to_file=true - filename of the log
    • log_size_limit_bytes - VALUE REQUIRED IF log_to_file=true - log filesize limit in bytes (500KB by default)
    • test_run - VALUE REQUIRED - disabled by default (set to true if you want to run/test the script without really killing and reconnecting the VPN)
  4. (Optional) Test the scrip manually, to verify it's running fine.
    • One time while being connected to the VPN
    • And one time without being connected to the VPN.
  5. Create a new Scheduled Task (Task Scheduler inside the DSM settings)
    • Under General; select the 'root' user.
    • Under Schedule; select 'Daily and 'Every 30 minutes'.
    • Under Task settings; enter the path to the script (for example /volume1/other/vpn.sh)

Changelog

Version 0.9.2.1:

  • [Notice] Updated header to point to this repository

Version 0.9.2:

  • [Bug] Will prompt for sudo password when running without elevation (instead of first failing to create the log file and not recovering)

Version 0.9.1:

  • [Improvement] Better handling of resolving current script location for the purpose of logging to a file (introduced in the previous version)

Version 0.9.0:

  • [New] Ability to log output to a file. Enabled by default; file will be purged when size grows past 500KB. Please consider the new variables (log_to_file, log_filename and log_size_limit_bytes) when updating
  • [New] Ability to test run the script. When enabled, the script won't really touch the current VPN connection (kill, connect etc). Disabled by default. New variable: test_run

Version 0.8.1:

  • [New] Check if current user is allowed to use temporary privilege elevation (sudo)

Version 0.8:

  • [New] Randomise the order of the HTTP status code URLS on every run
  • [New] Skip IP check if domain variable missing/empty
  • [New] Skip HTTP status code check if there are no URLs defined
  • [Improvement] Improved the logging a little bit (WARN and INFO separation)
  • [Improvement] Little code refactoring (hopefully I haven't broken anything this time around :))

Version 0.7:

  • [New] It's now possible to define multiple http status codes to check against. See array http_status_check_accepted_codes; assumes status 200 if non provided variable missing/empty
  • [Notice] The variable http_code_check_urls has been renamed to http_status_check_urls

Version 0.6.1:

  • [Bug] Fixed not reconnecting the VPN when all the URLs return something different than 200

Version 0.6:

  • [New] Stops checking the HTTP status codes if one 200 is detected (no unnecessary spamming if using many URLs)
  • [New] Echo date-time at the start of the script
  • [Improvement] Script uses exit status code of the reconnect command, if a reconnect is triggered
  • [Improvement] Checks declared in their own function
  • [Improvement] Little code refactoring

Version 0.5.1:

  • [Improvement] Some typos

Version 0.5:

  • [New] It's now possible to declare multiple URLs to check for HTTP status 200. If one returns 200, the script will assume OK. No more VPN down assumptions because a single (external) host is down.
  • [Improvement] Little code refactoring

Version 0.4:

  • [Bug] Fixed creating new tun(x) interface every time we reconnect the VPN.
  • [Bug] Fixed HTTP status code parsing in curl statement

Version 0.3:

  • [New] IP check now also validates received IP
  • [Improvement] Tun0 check before IP check
  • [Improvement] Code refactoring

Version 0.2:

  • [New] Added configuration variables
Clone this wiki locally