Date and Time incorrect Vero 4K +

Tom_Doyle · 17 November 2021 21:49

Hi,

Should be ok to ignore that message, but if we can get using pia’s dns servers. It won’t be required.

If PIA have disabled their public dns servers, then it will be hard to make it work as before.

Talking about DNS, apologies I took us down the wrong path with dhcp-option DNS 10.0.0.243. But I’ve done some testing this and got things working again. Please remove and restore:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

And set the the dns servers in MyOSMC to cloudflare and then restart openvpn. Please now check the name servers in use by issuing: cat /etc/resolv.conf

output should be something like:

nameserver 10.0.0.243

As long as its a 10 address, that its working and there can’t be any leaks as its a private address. If not please provide the output of: sudo systemctl status openvpn

Also I think I’ve fixed the watchdog. Any chance can you please try and test this:

Create the following file: /usr/local/sbin/watchdog.sh:

#!/bin/bash
GW=$(ip route show 0.0.0.0/1 dev tun0 | cut -d\  -f3)
ping -c1 $GW > /dev/null
if [ $? -eq 0 ]
  then 
    echo ok 
    exit 0
  else
    systemctl restart openvpn	  
fi

Edit: issue: chmod u+x /usr/local/sbin/watchdog.sh

~~Update /etc/systemd/system/openvpn-watchdog.timer to:~~

~~[Unit] Description=OpenVPN Watchdog timer [Timer] OnCalendar=*:0/15 [Install] WantedBy=timers.target~~

Update: /etc/systemd/system/openvpn-watchdog.service:

[Unit]
Description=OpenVPN Watchdog service

[Service]
ExecStart=/usr/local/sbin/watchdog.sh

[Install]
WantedBy=multi-user.target

Please issue the following commands:

sudo systemctl daemon-reload
sudo systemctl restart openvpn-watchdog.timer

Thanks Tom.

MarchHare · 17 November 2021 22:14

If you are sure the file is safe I will install it to check if it leaks once everything is up and running.

I think they did, I can’t find anything about it but with the Next Gen servers I assume they shut it down.

I set the first DNS in MyOSMC to 1.1.1.1 the second is still the backup PIA DNS.

I had to restart my openvpn because it was leaking the 2 DNS resolvers, but after adding the 3 lines

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

and removing the dhcp line this is the output of cat /etc/resolv.conf

cat /etc/resolv.conf
# Generated by resolvconf
nameserver 10.0.0.243

Unfortunately not the one with MACE but I think this one has streaming too.

I will provide the output of sudo systemctl status openvpn too so you know what it says

sudo systemctl status openvpn
* openvpn.service - OpenVPN service
   Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset:
   Active: active (exited) since Wed 2021-11-17 23:01:10 CET; 5min ago
  Process: 9370 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 9370 (code=exited, status=0/SUCCESS)

Nov 17 23:01:10 osmc systemd[1]: Starting OpenVPN service...
Nov 17 23:01:10 osmc systemd[1]: Started OpenVPN service.

I already had a watchdog set up from you in the past? Wont’ this interfere?

I created this

sudo nano /usr/local/sbin/watchdog.sh

#!/bin/bash
GW=$(ip route show 0.0.0.0/1 dev tun0 | cut -d\  -f3)
ping -c1 $GW > /dev/null
if [ $? -eq 0 ]
  then
    echo ok
    exit 0
  else
    systemctl restart openvpn
fi

Shouldn’t this be sudo systemctl restart openvpn?

and already had this one you created, if that is still correct?

 sudo nano /etc/systemd/system/openvpn-watchdog.timer

[Unit]
Description=OpenVPN Watchdog timer

[Timer]
OnCalendar=*:0/15

[Install]
WantedBy=timers.target

sudo systemctl daemon-reload
sudo systemctl restart openvpn-watchdog.timer both went through without errors.

Is there anything else I should do? And is it not leaking anymore now? Even when the VPN shuts off?

Tom_Doyle · 17 November 2021 22:25

Hi,

So all working again then?

Yeah, this is replacing that one.

No the script is going to run as root, so the sudo isn’t required.

This won’t prevent leaks if openvpn drops, it will just restart it after 15 min; making leaks less likely. You can try increasing the frequency the watchdog runs if you want. Just update 0/15. Then reissue:

sudo systemctl daemon-reload
sudo systemctl restart openvpn-watchdog.timer

Regards Tom.

MarchHare · 17 November 2021 22:31

I think so, I have to install the add-on to check for leaks.

I mean the one I copy and pasted was the one I already had. Is it still ok?

That’s unfortunate, I hope there will be a way to prevent leaks completely one day.
What do I have to do to change it? and what would be ok to do? 3 minutes? 1 minute? I don’t think this uses a lot of memory or breaks your system? If I put it to 1 minute there is almost no chance it will ever leak any DNS request.

Tom_Doyle · 17 November 2021 22:38

Hi,

Sorry should have provided an updated service file /etc/systemd/system/openvpn-watchdog.service:

[Unit]
Description=OpenVPN Watchdog service

[Service]
ExecStart=/usr/local/sbin/watchdog.sh

[Install]
WantedBy=multi-user.target

I’ll update my previous post for future reference

If you want to set it to a minute change /etc/systemd/system/openvpn-watchdog.timer:

[Unit]
Description=OpenVPN Watchdog timer

[Timer]
OnCalendar=*:0/1

[Install]
WantedBy=timers.target

Thanks Tom.

MarchHare · 17 November 2021 22:57

I created a new file by accident because there was none /etc/systemd/system/openvpn-watchdog.service: (note the : ) and added this code

[Unit]
Description=OpenVPN Watchdog service

[Service]
ExecStart=/usr/local/sbin/watchdog.sh

[Install]
WantedBy=multi-user.target

can I remove it? and how do I remove it because there is a service name openvpn-watchdog.service: because I copied your text now.

My old sudo nano /etc/systemd/system/openvpn-watchdog.service was

 
[Unit]
Description=OpenVPN Watchdog service
ConditionPathExists=!/proc/sys/net/ipv4/conf/tun0

[Service]
ExecStart=/bin/systemctl restart openvpn@US

[Install]
WantedBy=multi-user.target

Should I edit this to the new one? does the watchdog.sh already exist?

I edited the file and it looks like this now

[Unit]
Description=OpenVPN Watchdog timer

[Timer]
OnCalendar=*:0/1

[Install]
WantedBy=timers.target

I installed the addon, DNS is not leaking.

Tom_Doyle · 17 November 2021 23:09

Please provide the output of: cat /etc/systemd/system/openvpn-watchdog.service

Cool.

Thanks Tom.

MarchHare · 17 November 2021 23:12

cat /etc/systemd/system/openvpn-watchdog.service
[Unit]
Description=OpenVPN Watchdog service
ConditionPathExists=!/proc/sys/net/ipv4/conf/tun0

[Service]
ExecStart=/bin/systemctl restart openvpn@US

[Install]
WantedBy=multi-user.target

I also accidentally created a service named openvpn-watchdog.service: I don’t know how to delete that.

Tom_Doyle · 17 November 2021 23:17

Hi,

Please issue:

sudo rm `/etc/systemd/system/openvpn-watchdog.service
sudo nano /etc/systemd/system/openvpn-watchdog.service

(add the contents of the service file posted above)

sudo systemctl daemon-reload
sudo systemctl restart openvpn-watchdog.timer
rm `openvpn-watchdog.service`

MarchHare · 17 November 2021 23:18

I did sudo rm /etc/systemd/system/openvpn-watchdog.service: so that is gone.

I changed the above into this

cat /etc/systemd/system/openvpn-watchdog.service
[Unit]
Description=OpenVPN Watchdog service

[Service]
ExecStart=/usr/local/sbin/watchdog.sh

[Install]
WantedBy=multi-user.target

This is what the last commands did

sudo systemctl daemon-reload
osmc@osmc:~$ sudo systemctl restart openvpn-watchdog.timer
osmc@osmc:~$ rm `openvpn-watchdog.service`
-bash: openvpn-watchdog.service: command not found
rm: missing operand
Try 'rm --help' for more information.

Tom_Doyle · 17 November 2021 23:42

Hi,

Ok that all looks good, you can check its working with:

systemctl status openvpn-watchdog

As for the errors:

Sorry try: rm openvpn-watchdog.service instead.

Regards Tom.

MarchHare · 17 November 2021 23:55

That doesn’t work well


* openvpn-watchdog.service - OpenVPN Watchdog service
   Loaded: loaded (/etc/systemd/system/openvpn-watchdog.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2021-11-18 00:53:14 CET; 44s ago
  Process: 11716 ExecStart=/usr/local/sbin/watchdog.sh (code=exited, status=203/EXEC)
 Main PID: 11716 (code=exited, status=203/EXEC)

Nov 18 00:53:14 osmc systemd[1]: Started OpenVPN Watchdog service.
Nov 18 00:53:14 osmc systemd[11716]: openvpn-watchdog.service: Failed to execute command: Permission denied
Nov 18 00:53:14 osmc systemd[11716]: openvpn-watchdog.service: Failed at step EXEC spawning /usr/local/sbin/watchdog.sh: Permission denied
Nov 18 00:53:14 osmc systemd[1]: openvpn-watchdog.service: Main process exited, code=exited, status=203/EXEC
Nov 18 00:53:14 osmc systemd[1]: openvpn-watchdog.service: Failed with result 'exit-code'.

and the other one

rm openvpn-watchdog.service
rm: cannot remove 'openvpn-watchdog.service': No such file or directory

Tom_Doyle · 17 November 2021 23:58

Sorry my bad, also need to issue:

sudo chmod u+x /usr/local/sbin/watchdog.sh

Then leave it a minute and check the status again, all should be good.

Then I don’t know where the additional openvpn-watchdog.service, but it doesn’t look like it will affect the watchdog anyway.

Regards Tom.

MarchHare · 18 November 2021 00:06


systemctl status openvpn-watchdog
* openvpn-watchdog.service - OpenVPN Watchdog service
   Loaded: loaded (/etc/systemd/system/openvpn-watchdog.service; disabled; vendo
   Active: inactive (dead) since Thu 2021-11-18 01:05:14 CET; 1s ago
  Process: 12031 ExecStart=/usr/local/sbin/watchdog.sh (code=exited, status=0/SU
 Main PID: 12031 (code=exited, status=0/SUCCESS)

Nov 18 01:05:14 osmc systemd[1]: Started OpenVPN Watchdog service.
Nov 18 01:05:14 osmc watchdog.sh[12031]: ok
Nov 18 01:05:14 osmc systemd[1]: openvpn-watchdog.service: Succeeded.

It looks like that works!
Is there anything else I need to check?

Tom_Doyle · 18 November 2021 00:10

Hi,

No that all looks good. FYI the script determines the vpn gateway and tries to ping it, if it succeeds the script reports ok and exits; if it fails it should restart the vpn connection.

Hopefully this well work better than the last watchdog. Please let me know if it doesn’t work as expected. I’m testing here is as well, if it needs any changes I’ll let you know.

Thanks Tom.

MarchHare · 18 November 2021 00:14

Ok thank you. I just restarted and it looks like all is going well. I checked the watchdog status and it runs.
I checked cat /etc/resolv.conf and it’s the VPN IP.
The DNS Leak Test add-on says No DNS leaks.
I checked the iptables and those are still ok.
It looks like everything is up and running!
I just need to leave the DNS on 1.1.1.1 and hope it will never leak to 1.1.1.1.

MarchHare · 18 November 2021 10:23

@Tom_Doyle DNS is leaking now… It looks like the VPN restarted over the night but it’s showing 2 DNS servers, 1 in Germany and 1 in the US that aren’t connected so while the VPN is connected the DNS is leaking.

cat /etc/resolv.conf looks ok, it still says nameserver 10.0.0.243 but it’s still leaking. I don’t know what could cause this. After restarting the VPN manually the leaking stopped, but this means that it isn’t reliable, even when the VPN is connected.

Tom_Doyle · 18 November 2021 10:30

Hi,

Are you using more than one conf file? I’m trying to understand why its trying to connect to more than 1 server.

Thanks Tom.

MarchHare · 18 November 2021 10:31

No only 1 OVPN config file to connect as far as I know. The other DNS I got must be one from Cloudflare since the host didn’t look familiar to me.

Tom_Doyle · 18 November 2021 10:37

Hi,

When its reporting as leaking again, can you please issue the following commands:

ping -c 4 10.0.0.243
dig osmc.tv

Please provide the output. If the 2nd fails, dig needs installing with:

sudo apt-get install dnsutils

Also what command do you run to manually restart openvpn?

Thanks Tom.