Difference between revisions of "A VPN monitoring Script"
| (15 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{{!}} class="wikitable" style="float: right; width: 322px;" border="2" | |||
{{!}}+ Proven on: | |||
{{!}}- < --="" debian="" --> | |||
{{!}} style="text-align: center; width: 60px;" {{!}} [[File:Logo Debian.png{{!}}60px{{!}}link=https://www.debian.org/{{!}}center{{!}}middle{{!}}frameless]] | |||
{{!}} style="text-align: center; width: 40px;" {{!}} 13 (trixie) | |||
{{!}} | |||
{{!}}} | |||
== OpenVPN with PIA seems to occasionally forget to act like a VPN == | == OpenVPN with PIA seems to occasionally forget to act like a VPN == | ||
When this happens, you may just want to know about it & remind them by restarting OpenVPN | When this happens, you may just want to know about it & remind them by restarting OpenVPN | ||
== Finding out if you're still protected: == | |||
Compare your public IP to that of the rest of the network | Compare your public IP to that of the rest of the network | ||
| Line 15: | Line 23: | ||
<span style="color:#9b59b6">'''NOTE:'''</span> The assumption made here is that you have configured this machine to use [[HowTo -_ssh#Make_it_easier_to_connect{{!}}passwordless SSH]] when connecting to '''othermachine'''. | <span style="color:#9b59b6">'''NOTE:'''</span> The assumption made here is that you have configured this machine to use [[HowTo -_ssh#Make_it_easier_to_connect{{!}}passwordless SSH]] when connecting to '''othermachine'''. | ||
== Here's a nifty little shell script... == | |||
#!/bin/bash | #!/bin/bash | ||
if nc -zw1 google.com 443 | if nc -zw1 google.com 443 | ||
| Line 27: | Line 35: | ||
fi | fi | ||
Local=$(wget http://ipinfo.io/ip -qO -) | Local=$(wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -) | ||
# This requires that 'ssh-copy-id user@othermachine' has been done | # This requires that 'ssh-copy-id user@othermachine' has been done | ||
Remote=$(ssh '''user'''@'''othermachine''' wget http://ipinfo.io/ip -qO -) | Remote=$(ssh '''user'''@'''othermachine''' wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -) | ||
# Required because the VPN bypasses local DNS | # Required because the VPN bypasses local DNS | ||
| Line 63: | Line 71: | ||
I have a GH mini at my desk & a node-Red flow that monitors for MQTT messages with the topic '''Scotts_Speaker_Medium''', then passes the message on through TTS to that device. | I have a GH mini at my desk & a node-Red flow that monitors for MQTT messages with the topic '''Scotts_Speaker_Medium''', then passes the message on through TTS to that device. | ||
(Of course, if you don't want the voice assistant part, just comment out the 2 mosquitto_pub lines...) | |||
*Move | === Running it periodically in the background === | ||
* | * '''As root''': configure [[HowTo -_ssh#Make_it_easier_to_connect{{!}}passwordless SSH]] to '''user@thermachine''' | ||
* Move it to /usr/local/bin | |||
** <code>sudo mv vpnchk /usr/local/bin</code> | |||
* Pair down the logging & noise so it just lets you know when there's an issue | |||
** comment out the logging and MQTT lines under "PIA is currently behaving" | |||
** change the logfile from '''vpnfix.log''' to '''/var/log/vpnfix.log''' under "PIA is mis-behaving" | |||
* Create the cron job (I chose to run it every 5 minutes...) | |||
** <code>sudo crontab -e</code> | |||
*/5 * * * * /usr/local/bin/vpnchk | |||
Latest revision as of 13:06, 21 September 2025
 |
13 (trixie) |
OpenVPN with PIA seems to occasionally forget to act like a VPN
When this happens, you may just want to know about it & remind them by restarting OpenVPN
Finding out if you're still protected:
Compare your public IP to that of the rest of the network
wget http://ipinfo.io/ip -qO -
&
ssh user@othermachine 'wget http://ipinfo.io/ip -qO -'
user & othermachine are a valid user on another machine on your LAN. One that is NOT running a VPN connection.)
NOTE: The assumption made here is that you have configured this machine to use passwordless SSH when connecting to othermachine.
Here's a nifty little shell script...
#!/bin/bash if nc -zw1 google.com 443 then echo "We have Internets..." else echo "NOPE! No Internets..." exit fi Local=$(wget http://ipinfo.io/ip -qO -) # This requires that 'ssh-copy-id user@othermachine' has been done Remote=$(ssh user@othermachine wget http://ipinfo.io/ip -qO -) # Required because the VPN bypasses local DNS Automation=192.168.9.0 echo Local: $Local echo Remote: $Remote echo Automation: $Automation if [ $Local != $Remote ] then echo "PIA is currently behaving" echo $(date) " - PIA is Just Fine!" >> vpnfix.log mosquitto_pub -h "$Automation" -t "Scotts_Speaker_Medium" -m "P I A is OK" else echo "PIA is mis-behaving" date >> vpnfix.log echo $(date) " - PIA is Buggered!" >> vpnfix.log mosquitto_pub -h "$Automation" -t "Scotts_Speaker_Medium" -m "P I A is Boogered" echo "Attempting repair..." sudo service openvpn start fi
192.168.9.0 happens to be the IP address of an MQTT broker on my LAN...
Not only does it check if PIA is doing its thing, it announces the result verbally (the mosquitto... lines) and restarts openvpn (asking for a password for sudo...). It could use a bit of improvement, but it works.
NOTE: You have to ssh into othermachine manually first so the machine knows it's ok.
NOTE: Ya kinda need to install mosquitto-clientsif you want the verbal notifications and set up a Node-Red flow to transfer the messages to your voice assistant or it ain't gonna work quite right...
I have a GH mini at my desk & a node-Red flow that monitors for MQTT messages with the topic Scotts_Speaker_Medium, then passes the message on through TTS to that device.
(Of course, if you don't want the voice assistant part, just comment out the 2 mosquitto_pub lines...)
Running it periodically in the background
- As root: configure passwordless SSH to user@thermachine
- Move it to /usr/local/bin
sudo mv vpnchk /usr/local/bin
- Pair down the logging & noise so it just lets you know when there's an issue
- comment out the logging and MQTT lines under "PIA is currently behaving"
- change the logfile from vpnfix.log to /var/log/vpnfix.log under "PIA is mis-behaving"
- Create the cron job (I chose to run it every 5 minutes...)
sudo crontab -e
*/5 * * * * /usr/local/bin/vpnchk