Comments (15)
fixed by https://github.com/coolhva/usg-kpn-ftth/blob/e3c851eb2b121de2ed3106ca486d2e9ee5ed8c46/setvpn.sh , please test :)
from usg-kpn-ftth.
so the logic is as follows:
setvpn.sh is started after a reboot (or manually through SSH) and will check if the post-commit hook file is present, if not it will create it.
This post-commit hook will run when a configuration change is committed. This post-commit hook will, if the VPN configuration is reverted back to what the controller is sending, create a file in the crontab folder which contains instruction to run the setvpn.sh script in the next minute.
the setvpn.sh script will, after validating that the post-commit hook exists check if the crontab file exists and delete it so it will not execute the next minute.
Then setvpn.sh checks if the configuration needs an update and if so it will update the configuration.
So a three step solution all contained in setvpn.sh ;-) I hope you guys enjoy using your VPN now, knowing that with every configuration change it will set the VPN parameters correct again.
from usg-kpn-ftth.
I recognize this problem, I have a USG-3P with firmcode 4.4.52.5363511. After a reboot VPN doesn't work, I have to SSH into it and execute the command you mention and than VPN works again.
Would be nice to get this fixed..
from usg-kpn-ftth.
I have the same problem.
Took a while to figure that out, just as I was installing it for the very first time...
Just re-run the .sh script(s) with sudo in your /config/scripts/post-config.d/ folder for the time being.
from usg-kpn-ftth.
I have the same problem.
Took a while to figure that out, just as I was installing it for the very first time...
Just re-run the .sh script(s) with sudo in your /config/scripts/post-config.d/ folder for the time being.
For me it also took some time to figure out why the VPN wasn't working anymore, but for now the workaround is to execute the script manually by SSH into the USG and command to run it. Would be nice if we can find a fix to run the script automatically again after a reboot/rep-provisioning :)
from usg-kpn-ftth.
I'm working trying to understand why it does not execute (or maybe it fails).
from usg-kpn-ftth.
Observations so far:
When rebooting the USG the config is applied correctly and my VPN works. Before rebooting my VPN did not work so something is changing the configuration but I do not know what and when. I added config revisions to see if that helps finding who is changing what:
Added to config.gateway.json
"system": {
"config-management": {
"commit-revisions": "20"
}
$ show system commit
0 2021-03-06 14:20:17 by unifiadmin via cli
commit
1 2021-03-06 14:12:01 by unifiadmin via cli
commit
2 2021-03-06 14:11:22 by root via init
commit
$ show system commit diff 0
[edit vpn ipsec ipsec-interfaces]
-interface eth0
>interface pppoe2
also added logging to the setvpn script:
$ cat setvpn.sh
#!/bin/vbash
readonly logFile="/var/log/postprovisionvpn.log"
source /opt/vyatta/etc/functions/script-template
echo "setvpn.sh exeuted at $(date)" >> ${logFile}
configure >> ${logFile}
echo "Setting ipsec-interface to pppoe2" >> ${logFile}
set vpn ipsec ipsec-interfaces interface pppoe2 >> ${logFile}
echo "Deleting dhcp interface" >> ${logFile}
delete vpn l2tp remote-access dhcp-interface eth0 >> ${logFile}
echo "Setting outside-address to 0.0.0.0" >> ${logFile}
set vpn l2tp remote-access outside-address 0.0.0.0 >> ${logFile}
echo "Commiting" >> ${logFile}
commit
exit
Interesting is that the configuration was already good before executing the setvpn.sh because it cannot find the dhcp interface to delete
$ cat /var/log/postprovisionvpn.log
setvpn.sh exeuted at Sat Mar 6 14:05:56 CET 2021
Setting ipsec-interface to pppoe2
The specified configuration node already exists
Deleting dhcp interface
Nothing to delete (the specified value does not exist)
Setting outside-address to 0.0.0.0
The specified configuration node already exists
Commiting
after a force provision I see that the config is changed back and VPN stops working
$ show system commit
0 2021-03-06 14:33:51 by root via other
commit
1 2021-03-06 14:20:17 by unifiadmin via cli
commit
...
$ show system commit diff 0
[edit unifi mgmt]
>cfgversion 7804895ff911ec78
[edit vpn ipsec ipsec-interfaces]
-interface pppoe2
+interface eth0
[edit vpn l2tp remote-access]
+dhcp-interface eth0
-outside-address 0.0.0.0
So besides the force commit there is also another process changing the config to bring it back in the non-working state. I'm going to see if I can run a script after commit or maybe use scheduled tasks.
from usg-kpn-ftth.
@Pillen @xHuubx @stehof2 did you find the time to test the latest setvpn.sh?
from usg-kpn-ftth.
@coolhva okay I just uploaded the new setvpn.sh to the post-config.d folder, now I need to find a time-slot to reboot the USG.. I will try to do this tonight and let you know.
from usg-kpn-ftth.
from usg-kpn-ftth.
Okay when I SSH to my USG, what command should I give it ?
I tried:
sudo /config/scripts/post-config.d/setvpn.sh
but it didn't work (command not found)
from usg-kpn-ftth.
the setvpn.sh was set to 655, I changed it to 755 and than fired the command as mentioned above
sudo /config/scripts/post-config.d/setvpn.sh
I am not sure what to see but I didn't got a error message, I tried VPN and it worked, does this conclude it works?
Or should a reboot confirm it ?
from usg-kpn-ftth.
fixed by https://github.com/coolhva/usg-kpn-ftth/blob/e3c851eb2b121de2ed3106ca486d2e9ee5ed8c46/setvpn.sh , please test :)
Thanks, that seems to do the trick on my system. Since I'm using a USG-Pro-4 I need to delete the DHCP-Interface from eth2, that's the only thing I changed in the script and this is the output in the postprovisionvpn.log after a re-provision and the VPN is working:
VPN changes reverted, adding crontab
setvpn.sh exeuted at Mon Mar 8 20:19:01 CET 2021
removing setvpn from cron
Setting ipsec-interface to pppoe2
Deleting dhcp interface
Setting outside-address to 0.0.0.0
Commiting
VPN changes were already applied
Can't reboot the system right now because my girlfriends is watching tv (and you know what will happen if I reboot now) :) but I assume that a reboot won't be an issue with this script, nice work! Will do the reboot tomorrow and leave the outcome right here.
from usg-kpn-ftth.
Needed to find some time.
setvpn.sh exeuted at Tue Mar 9 10:15:13 CET 2021
set-vpn-hook.sh does not exists, creating hook now
VPN changes reverted, adding crontab
setvpn.sh exeuted at Tue Mar 9 10:25:01 CET 2021
removing setvpn from cron
Setting ipsec-interface to pppoe2
Deleting dhcp interface
Setting outside-address to 0.0.0.0
Commiting
VPN changes were already applied
Re-provisioned the USG afterwards.
And VPN is connecting!
from usg-kpn-ftth.
Re-provisioned the USG afterwards.
And VPN is connecting!
Nice, also did a reboot of the USG today and as expected, the VPN is still working when the boot finishes, great work!
from usg-kpn-ftth.
Related Issues (20)
- Make all DNS queries redirect to local pi-hole HOT 2
- No connection HOT 7
- Question: USG provisioning failing with error "MTU must be least than or equal to parent interface" HOT 10
- Current config to config.gateway.json as backup HOT 1
- Internet connectivity is lost during provisioning HOT 8
- Using WAN2 instead of WAN1
- USG restarts or connections drops when using XS4ALL zip HOT 4
- Can not change LAN IP after provisioning with kpn.sh and config.gateway.json HOT 3
- Firstime excute issue with KPN.sh HOT 3
- IPS/IDS not working HOT 6
- Traffic overview stops working when enabling IDS/IPS HOT 1
- vlan HOT 2
- igmpproxy script somehow does not do the trick HOT 4
- No activity after kpn.sh creating lock file HOT 2
- No itv. HOT 2
- IPv6 address public HOT 4
- No public WAN IPv4 in controller HOT 1
- Weird 'runs' of kpn.sh script after migration to Cloud Key HOT 1
- Firewall rules not applied
- Support for new Cloud Gateway Ultra HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from usg-kpn-ftth.