PIA BIND Interface on QVPN Reconnect

Joe · 14 Maj 2019

The local network changes on every PIA reconnect via QVPN. Once the VPN reconnects which can happen a couple times per day the new local network/IP is different. This requires a restart on the rtorrent app which will re-populate the dropdown box in settings. Which as far as i can tell will rebind to the default adapter. Until this change is made once again.

I would like to know if there is anything currently built-in to help with this behavior or if this behavior can be changed? Furthermore if not can you please give me a brief description of the order of events and what script changes the gateway and where the watchdog script is located. I would like to see if i can modify.

I will do the work myself but I am not 100% sure of where to look. As of now I see that in the startup sh script it pulls the interfaces and writes to a test file. I am not sure but I believe the text file is used to populate the dropdown in settings. When the settings are saved I believe it relaunches the daemon with the correct gateway.

What I propose to do is within the watchdog, determine and save local public IP and current private IP on the tunnel along with the adapter. While checking the service, determine if the local tun ip has changed. If so correct the IP file, and also restart daemon with new private IP of new tunnel. Also i would like to make it so the daemon has a blacklist which will never allow binding to certain ips/adapters.

Firmware version: 4.3.6 Build 20190923
Model name: QNAP TS-1677X

Silas Mariusz · 14 Maj 2019

Let me understand... all you want is to change WAN IP reported to the tracker once its changed by VPN provider yeah?
There is no need to change internal VPN IP i guess right?

Joe · 15 Maj 2019

The external VPN IP changes but so does the internal, this is a very big problem because the internal IP changes the bound address is no good. So this is what i am thinking.

1. Have a blacklist of internal IP/Adapters which will never be bound including default route. This way there is no leakage if the vpn is either off or the internal IP is changed which forces the bound adapter to default back to "default".
2. Once rtorrent is started or dropdown is changed via settings log IP address & adapter name.
3. While watchdog is checking for daemon, check to see the the internal tunnel IP still exists.
4. If the tunnel is down or missing stop rtorrent and send alert message.
5. If the tunnel ip has changed log new IP and rebind to new internal ip.
6. This should be able to be done without restarting the app, it will also keep the dropdown in settings having all the correct IP's.

Other Thoughts,

In settings, maybe you don't show IP address' but instead use Interface names. You will still need to test for IP changes but this way it's a bit more explanatory. Maybe checkboxes that will allow you to choose which adapters are allowed to be bound to, and possibly order?

If you can explain how you capture ip/adapter, how the settings page works and what you call when the settings page is submitted/saved i can take a look into the logic? Also let me know where the watchdog script is and how it is called and I can help with this feature.

Silas Mariusz · 15 Maj 2019

Joe napisał:
The external VPN IP changes but so does the internal, this is a very big problem because the internal IP changes the bound address is no good. So this is what i am thinking.

Does this mean internal/tunel IP is changing too?

Joe · 15 Maj 2019

Yes, Exactly

Silas Mariusz · 16 Maj 2019

One thing more...
Please type:

Bash:

ifconfig

and please confirm me the name of VPN interface which has bonded this IP.
In short: whats the interface name of VPN tunnel?
Is it: tun* yes?

Does this interface name also change after change IP?

Joe · 16 Maj 2019

right now its "tun2002", i have a couple vpn clients setup in qvpn. Its my second one, i tested moving back and forth between my first and second and it seems they are respectively tun2001 & tun2002. It seems that when the connection drops and reconnects the tun adapter does "not" change names just public and private ips. If i do change between profiles it will change adapter name, but that is not something i do regularly.

it also seems like all tunnels are tun#### and multiple can be active together. In my opinion if you would like it, its best for a list box or checkboxes which display Adapter Name(Current IP). And allow checking or choosing one or multiple, possibly even ordering them. I know i am getting complicated, just looking for future proofing. Also while i am going on testing for internet via the adapter?

Please let me know if you have any further questions, if you would like you can pm me or add me to a external chat if you have questions.

Silas Mariusz · 16 Maj 2019

I have really few solutions for this issue but we need to findout if this interface name is changing or not.

Joe · 16 Maj 2019

It seems to me it "TUN20XX" XX or even "TUN2XXX" XXX is qvpn profile index.
Not sure if you see how download station works, but if you click on the down arrow in the app center, it has a menu item which says connect to -> and lists all physical interfaces, and any setup qvpn interfaces. You can take a look at that.

Silas Mariusz · 16 Maj 2019

But its important to know if interface name is changing or its static name assigned to QVPN Client Profile.

Joe · 16 Maj 2019

I am almost certain, unless i delete profile and recreate it or add a new one, the tunnel interface does not change. I have tested quite a few times up and down and switching and the tunnel interface name does not change.

Silas Mariusz · 16 Maj 2019

I have to ask you for one last thing. What happens with rtorrent exactly once internal ip is changing? Is it crashing because of listening IP lost?

Joe · 24 Maj 2019

It does not appear to crash. Web interface still runs, just not more uploading or downloading probably because the route is gone. I do have to jump onto the command line to restart rtorrent, i use rtorrent.sh restart command. This behavior as far as i can tell is only to refresh the ip address in the /setup in the browser. Once the restart has completed, i refresh the web page and it defaults back to the default route. I have to then change the to the new IP that shows in bottom of list and click save, i also believe this triggers some sort of restart of the rtorrent service. Once that happens the torrents start dl/ul fairly quickly.
Did you have any luck with this?

Silas Mariusz · 6 Czerwiec 2019

You made me a lot of additional work....
Yeap I found a way to refresh this IP automatically for ya.

It's not so easy to apply that changes into the whole program, but I can give you a easy mod for now.

1) edit: /usr/bin/rtorrent/etc/rtorrent.conf.tpl
Replace:

Kod:

[[server_bind_line]]

To this:

Kod:

# Lets bind correct IP address for the listening socket and outgoing connections.
# To do this we have to figure out an name of interface with IPv4 address to bind to: [qvs0|bond0|eth0|tun0]
method.insert = cfg.interface.bind, simple|private, \
    "execute.capture_nothrow=sh,-c,\"$cat=\\\"bindif=`getcfg rtorrent bind_interface_name -f /etc/config/qpkg.conf` \
                                              || bindif=`route | grep '^default' | grep -o '[^ ]*$'` ; \
                                              ifconfig 2>/dev/null | grep -q $bindif 2>/dev/null \
                                                  && echo -n $bindif \
                                                  || echo -n $(route | grep '^default' | grep -o '[^ ]*$')  \\\"\""
print = (cat, "Iface  : Default network interface : ", (cfg.interface.bind))
# Get IPv4 address of a given interface
method.insert = get_interface_ipv4_address, simple|private, \
    "execute.capture=sh,-c,\"$cat=\\\"echo -n \$(ip -o -4 addr show \\\",$argument.0=,\\\" | grep -Po 'inet \\\\\\\\\\K[\\\\\\\\\\d.]+')\\\"\""
# The IP address the listening socket and outgoing connections is bound to. (bind)
# (Refresh every 10 seconds)
schedule2 = set_bind_address, 0, 10, \
    "branch=((cfg.interface.bind)), \
            ((network.bind_address.set,(get_interface_ipv4_address,(cfg.interface.bind))))"
#print = (cat, "Bind IP: Get def interface IPv4addr: ", (get_interface_ipv4_address,(cfg.interface.bind)))
print = (cat, "Bind IP: Current interface IPv4addr: ", (network.bind_address))
schedule2 = print_bind_address, 0, 0, "print = (cat, \"Bind IP: Current interface IPv4addr: \", (network.bind_address))"


# The ip address reported to the tracker
# Get public IP address without the need of having dynamic DNS service, also works from behind NAT, through tunnel
method.insert = get_public_ip_address, simple|private, \
    "execute.capture_nothrow=sh,-c,\"$cat=\\\"echo -n \$(\
    curl -sL --connect-timeout 10 --interface \\\", (cfg.interface.bind), \\\" http://ipinfo.io/ip || \
    curl -sL --connect-timeout 15 --interface \\\", (cfg.interface.bind), \\\" http://icanhazip.com || \
    curl -sL --connect-timeout 20 --interface \\\", (cfg.interface.bind), \\\"  http://obj.qnapclub.pl/app/net/ip.php || \
    echo -n 127.0.0.1)\\\"\""
# The IP address reported to the tracker. (ip) This handles dynamic IP's as well. Fallback to localhost for safety reasons.
# (Refresh your outgoing IP every (10*3)+(10+15+20)+5 extra seconds)
schedule2 = ip_tick, 0, 80, "network.local_address.set=(get_public_ip_address);print = (cat, \"New Public IP address: \", (network.local_address))"

WOT - yeah I know

2. find your vpn tunel interface name in ifconfig list:

Bash:

ifconfig | grep tun

you said it was tun2002 previously
make sure. because...

3. set this interface name into the config:

Bash:

setcfg rtorrent bind_interface_name tun2002 -f /etc/config/qpkg.conf

PLS REMEMBER THIS NOTE:
from that moment no matter what IP interface you will select in rtorrent settings UI, from now tun2002 will be primary interface and will fallback to the system default only if it's not available anymore in the system
so when setting in the UI otther interface like network adapter 2, other tunnel... will not work
from that moment this command is your primary interface setting

4. final step, go to the rtorrent settings, dont care about selected bind IP interface (as said above) and just click "Save settings" - this is necessary to regenerate new config files from the templates you made

btw: i know replacing text to text sometimes its bit difficult so I'm attaching my .tpl files and you can replace them (these files are from upcoming rtorrent RC3.a release I cannot guarantee that will work, but try first) - repleace all files, and follow guide from step 2!

BTW: If you think its helpful, then please dont forget to support my work:
Pay using PayPal.Me
QNAP Apps Development
Buy Silas Mariusz a Coffee. ko-fi.com/silasmariusz
Patron Checkout | Patreon

AnGaeL · 22 Czerwiec 2019

I came to post a question exactly on that.
I'll try the workaround given here, but wondering 2 things:
1. Has someone tried it?
2. Is there a plan for a proper fix (that rtorrent does not lock on the IP)?

This I believe is crucial for whomever wants to send rtorrent through VPN on their NAS, without getting the whole NAS to go through that VPN

Lukasz1988 · 29 Czerwiec 2019

hi there was just wondering how i gain access to the config file on a qnap having same issue as the guy above however im unsure how to gain access to the /usr/bin/rtorrent/etc/rtorrent.conf.tpl

Silas Mariusz · 29 Czerwiec 2019

AnGaeL napisał:
2. Is there a plan for a proper fix (that rtorrent does not lock on the IP)?

Yes

Lukasz1988 napisał:
hi there was just wondering how i gain access to the config file on a qnap having same issue as the guy above however im unsure how to gain access to the /usr/bin/rtorrent/etc/rtorrent.conf.tpl

Use PuTTY or anyother SSH client to connect into terminal/shell console of your QNAP NAS.

I will recommend you to use Midnight Commander to easily switch between root system file structure.

NOTE: rtorrent-Pro is supplied with bulk Midnight Commander so there are no necessary other steps. Simply type: mc to run Midnight Commander.

NOTE 2: Once rtorrent-Pro is disabled other bundled apps with the package are disabled too.
So its good to have Midnight Commander installed from software repository package like Entware.
From QNAPclub.eu install Entware. After Entware is installed and enabled in App Center execute following:
a) to install Midnight Commander

Bash:

opkg update
opkg install mc

b) to run mc:

Bash:

mc

That's all.

Lukasz1988 · 29 Czerwiec 2019

thanks mate i ended up using winscp to access the file and changed the information as above everything is downloading and im still behind my vpn just waiting to see what happens when the vpn reconnects and issues a new ip address whether itll stll work

Silas Mariusz · 29 Czerwiec 2019

Do you know interval between IP changes? (How often PIA or other VPN providers are changing IP address?) And is this interval static and same all the time?

Lukasz1988 · 4 Lipiec 2019

to be honest im not entirely sure some times it reconnects daily sometime weekly doesnt really have a schedule

PIA BIND Interface on QVPN Reconnect

Nowy użytkownik

rm -rf /

Nowy użytkownik

rm -rf /

Nowy użytkownik

rm -rf /

Nowy użytkownik

rm -rf /

Nowy użytkownik

Załączniki

rm -rf /

Nowy użytkownik

rm -rf /

Nowy użytkownik

rm -rf /

Załączniki

Nowy użytkownik

Entry Technician

rm -rf /

Entry Technician

rm -rf /

Entry Technician

Mogą Cię zainteresować