[Solved]running scripts when VPN is "down"

[pia_user]

Hi,

short version for the hasty reader:

What would be the right option to specify a script that OpenVPN should run when the VPN was detected to have timed out or be otherwise unavailable? --down [cmd] does not work for timeouts.

Longer explanation of the background:

I have a server ("HomeServer") that routes certain traffic (i.e. specific ports, e.g. outgoing mail) through a VPN (to another server of mine ("RemoteServer), which then routes it to the Internet, so that the HomeServer uses the RemoteServer's IP for certain traffic), while the rest of the traffic goes to my ISP. That works. (Yay!)

Unfortunately, the VPN at times has timeouts. In order to be able to continue sending traffic to the world, I have configured on the OPVN-client (HomeServer):

Code: Select all

script-security 2
up "/usr/local/bin/VPN_routing on"
down "/usr/local/bin/VPN_routing off"

That work to the extent that these scripts are called when OpenVPN starts and stops. Today, I had a few timeouts, and noticed that up and down scripts are not invoked for timeouts.

I found the up-restart option in the manual, which might help for the up part (would it?). But I could not find a down-restart option (which would be as important to ensure that traffic goes through my regular ISP altogether when the VPN is down.

How can I have OpenVPN run a script when there is a timeout of the VPN is otherwise detected by OpenVPN not to be working?

Thanks!

[Traffic]

I found the up-restart option in the manual, which might help for the up part (would it?). But I could not find a down-restart option

--up-restart

• Enable the --up and --down scripts to be called for restarts as well as initial program start. This option is described more fully above in the --up option documentation

Having not tried it myself, I presume the order of script execution for a restart would be --down followed by (after successful connection) --up ..

[pia_user]

I have configured "up" and "down". Unfortunately "down" is not run after a timeout-reconnect. I.e. when there is a timeout and while OpenVPN is trying to reconnect, my server keeps on trying the invalid route rather than the standard ISP path.

I can, of course, run a script every minute that tests if the VPN is available and adjusts the routing accordingly. I just thought that, as OpenVPN is offering these scripts, there might be an option to run a script every time the VPN goes away, or to tweak when "down" kicks in...?

[Traffic]

Unfortunately "down" is not run after a timeout-reconnect

Have you specified --persist-tun and --persist-key ?

[pia_user]

Have you specified --persist-tun and --persist-key ?

Yes. This is the entire client config:

Code: Select all

client
dev tun1
proto tcp
remote <my-ip> 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client_keys/ca.crt
cert /etc/openvpn/client_keys/clientA.crt
key /etc/openvpn/client_keys/clientA.key
ns-cert-type server
comp-lzo
verb 3
mute 20
script-security 2
up "/usr/local/bin/VPN_routing on"
down "/usr/local/bin/VPN_routing off"

[Traffic]

Try without these:

user nobody
group nogroup
persist-key
persist-tun

[pia_user]

Yes, that works, thanks!