Jump to content
Not connected, Your IP: 3.135.212.177
tammo

Eddie with Manjaro - about 3 min no connection after standby

Recommended Posts

Hello,

I am using Eddie 2.20.0 under Manjaro KDE, downloaded it via the AUR. Username and password is entered, the VPN connection is also established correctly at first. However, if I put the PC into standby and then wake it up again, it takes about 3 minutes until Eddie has synchronized again.
But if I have a look at the display in the overview menu, Eddie shows it is still connected after standby. Only after about 3 minutes appears "disconnecting ... restart ... connecting" in quick succession and then the new connection is established again.

Under Advanced the check mark is set at "Check if the tunnel works", if that has a meaning in this context.

I tested this in two Manjaro installations, once "real" on my PC and once in VirtualBox. In both cases Eddie shows the same behavior.

If I test the openVPN data in the network manager, it recognizes almost immediately after waking up from standby that there is no connection and it must be re-established.
But then I have just no network lock!

As a test, I have also installed an MX Linux KDE, where this behavior does not appear. There it is apparently recognized directly after waking up from standby that the connection must be re-established.
But actually I don't want to use a Debian based distribution and besides there are other problems with Eddie, which I don't want to go into here, for the sake of clarity.

I don't know where else in Eddie I could change a setting to enable a faster reconnect after standby? Or is this possibly a bug in the program in context with Manjaro/Archlinux?

Share this post


Link to post
@tammo

Hello!

Eddie should immediately react when OpenVPN tells it that the connection has been lost, but in UDP OpenVPN may need one minute to decide that the other peer is no more there. Maybe network-manager-openvpn sets lower ping-restart time, or connects in TCP, and therefore the disconnection is detected immediately (UDP is connectionless).

What happens if you set the following directive in Eddie's "Preferences" > "OVPN Directives" window?
ping-restart 15

It triggers a SIGUSR1 restart after 15 seconds pass without reception of a ping or a packet from the other side.

Kind regards
 

Share this post


Link to post
14 hours ago, Staff said:
...
What happens if you set the following directive in Eddie's "Preferences" > "OVPN Directives" window?
ping-restart 15
...
Yes, great, that seems to work! :)

Now I would have one more question about Eddie, maybe I can attach this here:

I would like to be able to access my internal (LAN) network even with Network Lock enabled.
So e.g. via HTTP(S) to my router (192.168.178.1) or e.g. via SAMBA to other devices (e.g. 192.168.178.20) within this network.

At first I thought, that only the checkmark has to be set at
Settings -> Network Lock -> Allow LAN/Private
But it was already set by default and seems to have another functionality.

What does work:
Settings -> Network Lock -> IPs allowed for Outgoing/Incoming
If I write there in both fields (Outgoing and Incoming) e.g. in each case the IP of my router, I have also with Network Lock access to this. But this seems to be a bit cumbersome.

Then I discovered the following possibility:
Settings -> Routes
There I could theoretically enter a whole IP range and then choose "Outside the VPN tunnel". As an example for a correct notation is mentioned: "1.2.3.4/24".
Referring to my network, I tried the following notation:
192.168.178.1/99
But it already starts with the fact that I can't save this. Only after I changed once from "Outside the VPN tunnel" and e.g. "None" and again back to "Outside the tunnel", the saving works. Then once again saving the settings.
But then an error message comes over the Manjaro Info display:
Quote

Eddie - Message
Exception: iptables-restore v.1.8.7 (legacy): invalid mask '99' specified Error occoured at line: 45
Try -iptables-restore -h- or -iptables-restore --help- for more information.

What am I doing wrong?

Share this post


Link to post
Quote

Yes, great, that seems to work!


Hello!

We're very glad to know it.
 
Quote

What does work:
Settings -> Network Lock -> IPs allowed for Outgoing/Incoming
If I write there in both fields (Outgoing and Incoming) e.g. in each case the IP of my router, I have also with Network Lock access to this. But this seems to be a bit cumbersome.


Stop here, that's the correct solution, although we don't understand why it is not already working with the simple "Allow LAN" option when it's enabled. Probably we miss something on how the firewall rules are modified with that option and we will ask the developer.

About your last attempted solution, the critical error you get is caused by the /99 mask which is illegal. Since an IPv4 address is 32 bit long, you can't specify more than 32 bits in the CIDR prefix, which is the the count of consecutive leading 1-bits, from left to right, in the network mask. Thank you for the head up, it seems it's a bug because Eddie does not sanitize the input correctly, by accepting an illegal 99 bit value as CIDR prefix.

Kind regards



 

Share this post


Link to post

Strange, when I enter the local IP under Settings -> Network Lock -> IPs allowed for Outgoing/Incoming, it sometimes works and sometimes not.  
Somehow there is something wrong today, but the only difference to yesterday is that I now let Eddie start automatically via Autostart, and I have checked "Connect at startup" and "Activate Network Lock at startup".

I've restarted the PC 5-6 times now, sometimes I could reach my router sometimes not. So far I have not detected any pattern.
I don't know if it plays a role, but I also made sure to always exit Eddie as cleanly as possible before shutting down or restarting:
1. disconnect
2. deactivate network lock
3. exit program
Actually it does 1. and 2. automatically when you quit it (click the X in the upper right corner), but I wanted to be sure.

If I enter the IP address under Settings -> Routes and set "Outside the VPN Tunnel", it seems to work more reliable. I've done a few reboots this way now and each time I've been able to access the router directly (maybe that was a coincidence!).
Am I doing something wrong with this setting?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...