maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Applications (https://talk.maemo.org/forumdisplay.php?f=41)
-   -   how to sustain openvpn even when changing wifi connection (https://talk.maemo.org/showthread.php?t=52316)

niv 2010-05-10 14:26
how to sustain openvpn even when changing wifi connection
 
Did anyone managed to have openvpn stay connected even after changing wifi access points?
did anyone managed to sustain openvpn after switching to 3G connection?
Niv

Joorin 2010-05-10 14:31
Re: how to sustain openvpn even when changing wifi connection
 
Take some time and think about what OpenVPN is doing and I think it will be hard to make this work if you change WiFi connection or switch to 3G.

The interface that is the endpoint on your device is a virtual one that sends its traffic through your real one, the wlan0 interface. If the wlan0 interface is reconfigured the remote end will not be able to send data to the same IP address and this is the base for the tunnel that is created.

Perhaps there is some way to restart the lower levels of the OpenVPN connection without disturbing established TCP/IP connections, but I doubt it.

ysss 2010-05-10 14:34
Re: how to sustain openvpn even when changing wifi connection
 
But as long as the clients are running sessions that are attached to the virtual interface, a vpn reconnection shouldn't reset their connection, no?

Joorin 2010-05-10 14:57
Re: how to sustain openvpn even when changing wifi connection
 
Quote:
Originally Posted by ysss (Post 651879)
But as long as the clients are running sessions that are attached to the virtual interface, a vpn reconnection shouldn't reset their connection, no?
Define "session".

As far as I know, applications running on the client machine that access services on the inside via VPN can't pick a special interface. This is done via the kernel routing table that after the creation of the VPN connection gets a new entry pointing at the virtual interface for all traffic in that subnet.

When it comes to established TCP/IP connections, any packet that's sent over the VPN connection has to be encrypted and sent to the receiver (client or server) using the normal connection. If this mapping were to break, I'd guess all established TCP/IP connections would be orphaned and removed by the connection tracking in the TCP/IP stack, possibly after some timeout.

If you only look at new connections, like clicking a new link in your browser, it might work even if you just reconnected the lower levels of the VPN system. But, to me, this is of limited use since that's not saving established connections.

niv 2010-05-10 15:06
Re: how to sustain openvpn even when changing wifi connection
 
I was basicly looking for script that will restart the openvpn service , whenever it senses that a new connection was established. just like my sip account registers again whenever I switch access point connection.
Niv

TA-t3 2010-05-10 15:11
Re: how to sustain openvpn even when changing wifi connection
 
Technically there shouldn't really be any problem. Just as the openvpn connection itself can go down and get re-established, and the only thing you would notice would be a pause in your remote access. But this doesn't mean that there's actual support for moving sessions between different physical layers. I haven't done any experiments on this.

Joorin 2010-05-10 15:12
Re: how to sustain openvpn even when changing wifi connection
 
That's something else, I'd say. And much easier, if I were to guess.

I'm sure there are dbus messages sent when a new connection is established. If you register to listen for them, you can (re)start the VPN connection when you want to.

niv 2010-05-10 15:23
Re: how to sustain openvpn even when changing wifi connection
 
Quote:
Originally Posted by Joorin (Post 651937)
That's something else, I'd say. And much easier, if I were to guess.

I'm sure there are dbus messages sent when a new connection is established. If you register to listen for them, you can (re)start the VPN connection when you want to.
yes I tried using dbus-scripts for this. but if I move from 3G to wifi I first get a msg about connecting to the wifi then I get an idle from 3G. so according to the last msg I close the openvpn service.
how can I know if there is actually still a connection to the WAN?

Joorin 2010-05-10 15:27
Re: how to sustain openvpn even when changing wifi connection
 
Quote:
Originally Posted by niv (Post 651957)
yes I tried using dbus-scripts for this. but if I move from 3G to wifi I first get a msg about connecting to the wifi then I get an idle from 3G. so according to the last msg I close the openvpn service.
how can I know if there is actually still a connection to the WAN?
Eh? That's a state machine with two states: connected and not connected. The connected state has one attribute: what am I connected to?

So, if you've moved from "not connected" to "connected" with the attribute set to "wifi", and get a message from the 3G module, you can just ignore that.

Or am I missing something here?

niv 2010-05-11 14:15
Re: how to sustain openvpn even when changing wifi connection
 
Quote:
Originally Posted by Joorin (Post 651962)
Eh? That's a state machine with two states: connected and not connected. The connected state has one attribute: what am I connected to?

So, if you've moved from "not connected" to "connected" with the attribute set to "wifi", and get a message from the 3G module, you can just ignore that.

Or am I missing something here?
will this satisfy your suggestion:
Code:
#! /bin/sh
# /etc/openvpn/dbus.openvpn
# This script is invoked by dbus-scripts when connection changes
# state.
LOG=/var/log/dbus.openvpn.log
STATUS_FILE=/var/log/dbus.openvpn-status
DAEMON="/etc/init.d/openvpn"
NAME="dbusScriptsOpenvpn"
DESC="Sipn openvpn deam up and down by dbus-scripts"
CONN_STATE=/etc/openvpn/connected
# Connection serial in saved connection database
CONN_ID=$5
#$6 is GPRS or WLAN_INFRA or WLAN_ADHOC
TYPE=$6
STATUS=$7

        Count=0                                       
        for arg ; do                                 
                Count=$(( $Count + 1 ))               
                echo "Parameter $Count = '$arg'" >>$LOG
        done                                         
        test -f $DAEMON || exit 0                     

#current connection state is "connected"
if test -f $CONN_STATE ; then
        if test "x$STATUS" = "xCONNECTED" ; then
                if test $CONN_ID = '78967400-a235-4a4e-91d2-9ca80c250247' ; then
                        echo "Home lan sensed. killing openvpn"  >>$LOG
                        $DAEMON stop >>$LOG
                        rm -r $CONN_STATE
                elif ! grep -q $TYPE $CON_FLAG ; then
                        $DAEMON restart >>$LOG
                        echo $TYPE > $CONN_STATE
                else
                        $DAEMON restart >>$LOG
                fi
        elif test "x$STATUS" = "xIDLE" ; then
                if grep -q $TYPE $CON_FLAG ; then
                        echo "current connection went idle , killing openvpn"
                        $DAEMON stop >>$LOG
                        rm -r $CONN_STATE
                fi
        else
                echo "Error: got this status: $STATUS while being connected" >>$LOG
        fi
#current connection state is "not connected"
elif test "x$STATUS" = "xCONNECTED" ; then
                        #if connected to home access point dont run openvpn
        if test $CONN_ID = '78967400-a235-4a4e-91d2-9ca80c250247' ; then
                echo "Home lan sensed. leaving not connected"  >>$LOG
        else
                echo "Starting $DESC:" >>$LOG
                $DAEMON start >>$LOG
                if [ "$?" -ne 0 ];then
                        echo $TYPE > $CONN_STATE
                fi
        fi
elif test "x$STATUS" = "xSCAN_START" -o "x$STATUS" = "xSCAN_STOP" ; then
        echo .
elif test "x$STATUS" = "xCONNECTING" -o "x$STATUS" = "xDISCONNECTING" ; then
        echo .
else
        echo "Error in calling /etc/openvpn/dbus.openvpn" >>$LOG
fi


#        wget http://www.whatismyip.com -T 10 -O - -o /dev/null
#                if [ "$?" -ne 0 ];then
#                        $DAEMON stop >>$LOG
#                        echo "failed to access inet"  >>$LOG
#                fi       
exit 0
dbus.openvpn.log is:
Code:
Stopping virtual private network daemon:.
Starting virtual private network daemon: openvpnParameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '1c7096bb-1788-487c-8c5c-3998e7b99fde'
Parameter 6 = 'WLAN_INFRA'
Parameter 7 = 'DISCONNECTING'
Parameter 8 = 'com.nokia.icd.error.network_error'
Error: got this status: DISCONNECTING while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '1c7096bb-1788-487c-8c5c-3998e7b99fde'
Parameter 6 = 'WLAN_INFRA'
Parameter 7 = 'IDLE'
Parameter 8 = 'com.nokia.icd.error.network_error'
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'GPRS'
Parameter 7 = 'SCAN_START'
Parameter 8 = ''
Error: got this status: SCAN_START while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'WLAN_INFRA'
Parameter 7 = 'SCAN_START'
Parameter 8 = ''
Error: got this status: SCAN_START while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'WLAN_ADHOC'
Parameter 7 = 'SCAN_START'
Parameter 8 = ''
Error: got this status: SCAN_START while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'GPRS'
Parameter 7 = 'SCAN_STOP'
Parameter 8 = ''
Error: got this status: SCAN_STOP while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '7bc55dda-a470-4885-a802-c119f9ad4f88'
Parameter 6 = 'GPRS'
Parameter 7 = 'CONNECTING'
Parameter 8 = ''
Error: got this status: CONNECTING while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'WLAN_INFRA'
Parameter 7 = 'SCAN_STOP'
Parameter 8 = ''
Error: got this status: SCAN_STOP while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'WLAN_ADHOC'
Parameter 7 = 'SCAN_STOP'
Parameter 8 = ''
Error: got this status: SCAN_STOP while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '7bc55dda-a470-4885-a802-c119f9ad4f88'
Parameter 6 = 'GPRS'
Parameter 7 = 'CONNECTED'
Parameter 8 = ''
Stopping virtual private network daemon:.
Starting virtual private network daemon: openvpnParameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'WLAN_INFRA'
Parameter 7 = 'SCAN_START'
Parameter 8 = ''
Error: got this status: SCAN_START while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'WLAN_ADHOC'
Parameter 7 = 'SCAN_START'
Parameter 8 = ''
Error: got this status: SCAN_START while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'GPRS'
Parameter 7 = 'SCAN_START'
Parameter 8 = ''
Error: got this status: SCAN_START while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'GPRS'
Parameter 7 = 'SCAN_STOP'
Parameter 8 = ''
Error: got this status: SCAN_STOP while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'WLAN_INFRA'
Parameter 7 = 'SCAN_STOP'
Parameter 8 = ''
Error: got this status: SCAN_STOP while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '[SCAN]'
Parameter 6 = 'WLAN_ADHOC'
Parameter 7 = 'SCAN_STOP'
Parameter 8 = ''
Error: got this status: SCAN_STOP while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '1c7096bb-1788-487c-8c5c-3998e7b99fde'
Parameter 6 = 'WLAN_INFRA'
Parameter 7 = 'CONNECTING'
Parameter 8 = ''
Error: got this status: CONNECTING while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '7bc55dda-a470-4885-a802-c119f9ad4f88'
Parameter 6 = 'GPRS'
Parameter 7 = 'DISCONNECTING'
Parameter 8 = ''
Error: got this status: DISCONNECTING while being connected
Parameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '1c7096bb-1788-487c-8c5c-3998e7b99fde'
Parameter 6 = 'WLAN_INFRA'
Parameter 7 = 'CONNECTED'
Parameter 8 = ''
Stopping virtual private network daemon:.
Starting virtual private network daemon: openvpnParameter 1 = ':1.81'
Parameter 2 = 'null'
Parameter 3 = 'com.nokia.icd'
Parameter 4 = 'status_changed'
Parameter 5 = '7bc55dda-a470-4885-a802-c119f9ad4f88'
Parameter 6 = 'GPRS'
Parameter 7 = 'IDLE'
Parameter 8 = ''

mikkov 2010-05-11 14:19
Re: how to sustain openvpn even when changing wifi connection
 
latest openvpn-applet (0.6.1) should handle openvpn reconnection as long as your openvpn configuration doesn't drop root permissions

niv 2010-05-11 14:32
Re: how to sustain openvpn even when changing wifi connection
 
but I also need openvpn to stop when at home . so lan routing wont have loops

TA-t3 2010-05-11 15:46
Re: how to sustain openvpn even when changing wifi connection
 
Quote:
Originally Posted by Joorin (Post 651937)
That's something else, I'd say. And much easier, if I were to guess.
I'll have to disagree. Just to clarify - when there's an OpenVPN reconnect OpenVPN is able (as it should) to keep this hidden from the application layer (which just sees a connection through a TUN device). And if you look at the openvpn log messages (all this should be easier to monitor if you do it on a desktop computer) then you'll see that when this happens OpenVPN goes through the whole connection protocol again.

So, I believe that _technically_ it shouldn't be difficult for OpenVPN to disconnect the physical layer and re-connect through another physical layer (i.e. when you disconnect from one AP and reconnect via another): The re-connect phase should be the same. But that doesn't mean there's actual support for it.

Joorin 2010-05-11 15:53
Re: how to sustain openvpn even when changing wifi connection
 
Quote:
Originally Posted by TA-t3 (Post 653681)
I'll have to disagree. Just to clarify - when there's an OpenVPN reconnect OpenVPN is able (as it should) to keep this hidden from the application layer (which just sees a connection through a TUN device). And if you look at the openvpn log messages (all this should be easier to monitor if you do it on a desktop computer) then you'll see that when this happens OpenVPN goes through the whole connection protocol again.

So, I believe that _technically_ it shouldn't be difficult for OpenVPN to disconnect the physical layer and re-connect through another physical layer (i.e. when you disconnect from one AP and reconnect via another): The re-connect phase should be the same. But that doesn't mean there's actual support for it.
I'm suspecting a case of miscommunication here.

Initially, I interpreted OP as wanting to be able to keep his TCP/IP connections alive even if the IP address for wlan0 changed. I still think this is really hard to do.

After getting more details, OP wants the VPN to do an ordinary reconnect which is much easier to do since it's part of "normal procedures". This is what I'm commenting with "much easier".

niv 2010-05-16 08:02
Re: how to sustain openvpn even when changing wifi connection
 
as a resault of this discution I came up with this http://talk.maemo.org/showthread.php?p=658789 solution , see post 2.

I now ask this: how should I use udhcpc?
should I use it with --now, so it will quit after establishing an IP?
or should I leave it alive updating the IP while changing physical connections?

Quote:
Originally Posted by TA-t3 (Post 653681)
I'll have to disagree. Just to clarify - when there's an OpenVPN reconnect OpenVPN is able (as it should) to keep this hidden from the application layer (which just sees a connection through a TUN device). And if you look at the openvpn log messages (all this should be easier to monitor if you do it on a desktop computer) then you'll see that when this happens OpenVPN goes through the whole connection protocol again.

So, I believe that _technically_ it shouldn't be difficult for OpenVPN to disconnect the physical layer and re-connect through another physical layer (i.e. when you disconnect from one AP and reconnect via another): The re-connect phase should be the same. But that doesn't mean there's actual support for it.

bobgm 2010-08-13 17:25
Re: how to sustain openvpn even when changing wifi connection
 
So in order to maintain openvpn even when changing from 3G to wifi and back agin, I just have

Quote:
#!/bin/sh

OPENVPN=/etc/init.d/openvpn

if [ ! -x $OPENVPN ]; then
exit 0
fi

$OPENVPN restart client
in /etc/network/if-up.d/openvpn - if you have multiple vpns, you could do a loop as shown earlier in the thread - but I only have one, called 'client' and this works perfectly for me. I keep it up whilst on my home wifi, I don't have any routing loops ;-) I f you do have such issues, again an earlier post shows how you can decide which network you've just landed on and decide there.

You don't need anything in /etc/networks/if-down.d at all


All times are GMT. The time now is 12:03.

vBulletin® Version 3.8.8