Reconnect after hibernate

[Pi77Bull 0]

Hello. I've been having this problem for a while now and it's starting to become annoying.
Whenever my laptop resumes from hibernate (and sleep?), the VPN connection doesn't resume automatically.
What I need to do then is:

sudo systemctl restart bluetit.service
# wait for a while
goldcrest --reconnect

Is there a better way to do this and can I automate it somehow?

I'm using the AirVPN Suite 2.0.0 alpha 2.

Thank you.

[Staff 9972]

@Pi77Bull

Hello!
 
Since your Linux system is based on systemd you can consider to automate the procedure with a script which systemd executes when the system wakes up. systemd looks for your scripts in /usr/lib/systemd/system-sleep when the system is suspended and un-suspended (to be verified when it resumes from a full hibernation and not from a suspension, though). A tested example in Ubuntu and Debian which works with sleep/wake-up (suspend/resume) and should work in any systemd based system:

#!/usr/bin/env bash
case $1 in
  pre)
    goldcrest --disconnect
    ;;
  post)
    systemctl restart bluetit
    sleep 2
    ;;
esac

Just before the system is suspended, goldcrest orders Bluetit to disconnect. When the system is un-suspended Bluetit is re-started (so it connects since you have activated the connection at boot option in bluetit.rc). Networking is not made available until all scripts in the /usr/lib/systemd/system-sleep directory finish executing, therefore you should not have traffic leaks, provided that Bluetit is configured with networlockpersist on.

Kind regards

 

[Pi77Bull 0]

Thank you for the response!

With the script you gave me, systemctl status bluetit shows this after waking the computer:

Apr 03 17:47:03 bravo systemd[1]: Starting AirVPN Bluetit Daemon...
Apr 03 17:47:03 bravo bluetit[16087]: Starting Bluetit - AirVPN WireGuard/OpenVPN3 Service 2.0.0 alpha 2 - 24 November 2023
Apr 03 17:47:03 bravo bluetit[16087]: OpenVPN core 3.9 AirVPN linux x86_64 64-bit
Apr 03 17:47:03 bravo bluetit[16087]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
Apr 03 17:47:03 bravo bluetit[16087]: SSL Library: OpenSSL 3.2.1 30 Jan 2024
Apr 03 17:47:03 bravo bluetit[16087]: WireGuard connection available
Apr 03 17:47:03 bravo systemd[1]: bluetit.service: Can't open PID file /etc/airvpn/bluetit.lock (yet?) after start: No such file or directory
Apr 03 17:47:03 bravo bluetit[16098]: Bluetit daemon started with PID 16098
Apr 03 17:47:03 bravo bluetit[16098]: Waiting for external network connection to be available
Apr 03 17:47:03 bravo systemd[1]: Started AirVPN Bluetit Daemon.

It's not connected and the networklock is disabled.
 

Whenever I restart the bluetit.service manually systemctl status bluetit shows:

Apr 03 17:34:00 bravo bluetit[12347]: UDP send exception: send: Destination address required
Apr 03 17:34:00 bravo bluetit[12347]: ERROR: NETWORK_SEND_ERROR

a bunch of times. At that point I can run goldcrest --reconnect (sometimes twice) and then it successfully connects. Also this only works when I run it manually, not if I write it in the script after post)

Here is some additional info that might be of use:
I'm using a Laptop with ArchLinux and I have a wireless connection.

If you need any more info, please tell me. I just want to get this working

[Staff 9972]

@Pi77Bull

Hello!

The first start seems OK (the warning by systemd about a missing PID file is fine). Since Bluetit does not enable Network Lock and does not connect maybe the /etc/bluetit.rc /etc/airvpn/bluetit.rc file does not include the correct settings... can we see it? Checking this file may also shed some light on the critical error "Destination address required".

Kind regards
 

[Pi77Bull 0]

My bluetit.rc is in /etc/airvpn/bluetit.rc - should it be in /etc/bluetit.rc ?
Anyway, here's the content:

#
# bluetit runcontrol file
#

# AirVPN bootstrap servers

bootserver                http://63.33.78.166
bootserver                http://52.48.66.85
bootserver                http://54.93.175.114
bootserver                http://63.33.116.50
bootserver                http://[2a03:b0c0:0:1010::9b:c001]

# RSA Parameters

rsaexponent               AQAB
rsamodulus                wuQXz7eZeEBwaaRsVK8iEHpueXoKyQzW8sr8qMUkZIcKtKv5iseXMrTbcGYGpRXdiqXp7FqrSjPSMDuRGaHfjWgjbnW4PwecmgJSfhkWt4xY8OnIwKkuI2Eo0MAa9lduPOQRKSfa9I1PBogIyEUrf7kSjcoJQgeY66D429m1BDWY3f65c+8HrCQ8qPg1GY+pSxuwp6+2dV7fd1tiKLQEoJg9NeWGW0he/DDkNSe4c8gFfHj3ANYwDhTQijb+VaVZqPmxVJIzLoE1JOom0/P8fKsvpx3cFOtDS4apiI+N7MyVAMcx5Jjk2AQ/tyDiybwwZ32fOqYJVGxs13guOlgI6h77QxqNIq2bGEjzSRZ4tem1uN7F8AoVKPls6yAUQK1cWM5AVu4apoNIFG+svS/2kmn0Nx8DRVDvKD+nOByXgqg01Y6r0Se8Tz9EEBTiEopdlKjmO1wlrmW3iWKeFIwZnHt2PMceJMqziV8rRGh9gUMLLJC9qdXCAS4vf5VVnZ+Pq3SK9pP87hOislIu4/Kcn06cotQChpVnALA83hFW5LXJvc85iloWJkuLGAV3CcAwoSA5CG1Uo2S76MM+GLLkVIqUk1PiJMTTlSw1SlMEflU4bZiZP8di5e2OJI6vOHjdM2oonpPi/Ul5KKmfp+jci+kGMs9+zOyjKFLVIKDE+Vc=

# bootserver              <ip|url>
# rsaexponent             <value>
# rsamodulus              <value>
 airconnectatboot         quick
 networklockpersist       on
 airusername              Pi77Bull
 airpassword              redacted
 airkey                   Laptop
# airserver               <airvpn_server_name>
# aircountry              <airvpn_country_name>
# airproto                <udp|tcp>
# airport                 <port>
# aircipher               <cipher_name>
# airipv6                 <yes|no>
# air6to4                 <yes|no>
# manifestupdateinterval  <minutes>
# airwhiteserverlist      <server list>
# airblackserverlist      <server list>
# airwhitecountrylist     <country list>
# airblackcountrylist     <country list>
# forbidquickhomecountry  <yes|no>
# country                 <ISO code>
# remote                  <ip|url list>
# proto                   <udp|tcp>
# port                    <port>
 tunpersist               yes
# cipher                  <cipher_names>
# maxconnretries          <number>
# tcpqueuelimit           <value>
# ncpdisable              <yes|no>
 networklock              on
 ignorednspush            no
 timeout                  0
# compress                <yes|no|asym>
# tlsversionmin           <disabled|default|tls_1_x>
# proxyhost               <ip|url>
# proxyport               <port>
# proxyusername           <username>
# proxypassword           <password>
# proxybasic              <yes|no>

[Staff 9972]

@Pi77Bull

Hello!

The run control file is fine (you can comment out networklock as it is bypassed by networklockpersist but it's irrelevant), Bluetit remains stuck waiting for the network (or the gateway) indefinitely. This is related to systemd management and deserves additional investigation during this testing phase, so let's approach the problem differently in the meantime. Consider the following files to define units:

bluetit-suspend.service

[Unit]
Description=AirVPN Bluetit Daemon Suspend, Sleep, Hibernate
Before=suspend.target
Before=suspend-then-hibernate.target
Before=hibernate.target
Before=hybrid-sleep.target
Before=sleep.target

[Service]
Type=forking
ExecStart=systemctl stop bluetit.service

[Install]
WantedBy=suspend.target
WantedBy=suspend-then-hibernate.target
WantedBy=hibernate.target
WantedBy=hybrid-sleep.target
WantedBy=sleep.target

bluetit-resume.service

[Unit]
Description=AirVPN Bluetit Daemon Resume after Suspend, Sleep, Hibernate
Requires=network-online.target firewalld.service ufw.service dbus-daemon.service dbus.socket
After=suspend.target
After=suspend-then-hibernate.target
After=hibernate.target
After=hybrid-sleep.target
After=sleep.target

[Service]
Type=forking
PIDFile=/etc/airvpn/bluetit.lock
ExecStart=/sbin/bluetit
TimeoutStopSec=90
KillSignal=SIGTERM
KillMode=mixed
SendSIGKILL=no

[Install]
WantedBy=suspend.target
WantedBy=suspend-then-hibernate.target
WantedBy=hibernate.target
WantedBy=hybrid-sleep.target
WantedBy=sleep.target

Create both files with the content we sent you and put them both in /etc/systemd/system . Finally activate the units with (root privileges required):

systemctl daemon-reload
systemctl enable bluetit-suspend.service
systemctl enable bluetit-resume.service

Try again suspension and/or hibernation and verify whether Bluetit re-connects successfully when the system is resumed (we successfully tested in Debian 12 at the moment). Please keep us posted. If any problem arises, please describe it and also send us the complete Bluetit log:

sudo journalctl | grep bluetit

Kind regards
 

[Pi77Bull 0]

I did not have firewalld.service, ufw.service or dbus-daemon.service. I installed firewalld, removed ufw.service from the "Requires" list and replaced dbus-daemon with dbus-broker (I think that's the equivalent in ArchLinux).
I also removed the file from /usr/lib/systemd/system-sleep that I created previously.
After returning from hibernate, this is the journal output:
 

Apr 04 13:46:52 bravo bluetit[100696]: UDP send exception: send: Network is unreachable
Apr 04 13:46:52 bravo bluetit[100696]: ERROR: NETWORK_SEND_ERROR
Apr 04 13:46:52 bravo bluetit[100696]: UDP send exception: send: Network is unreachable
Apr 04 13:46:52 bravo bluetit[100696]: ERROR: NETWORK_SEND_ERROR
Apr 04 13:46:52 bravo bluetit[100696]: UDP send exception: send: Network is unreachable
Apr 04 13:46:52 bravo bluetit[100696]: ERROR: NETWORK_SEND_ERROR
Apr 04 13:46:53 bravo bluetit[100696]: Received Terminated signal. Terminating Bluetit.
Apr 04 13:46:53 bravo bluetit[100696]: Stopping OpenVPN connection thread
Apr 04 13:46:53 bravo bluetit[100696]: Connection statistics updater thread finished
Apr 04 13:46:53 bravo bluetit[100696]: UDP send exception: send: Network is unreachable
Apr 04 13:46:53 bravo bluetit[100696]: ERROR: NETWORK_SEND_ERROR
Apr 04 13:46:53 bravo bluetit[100696]: net_route_del: 128.0.0.0/1 via 10.8.242.1 dev tun0 table 0 metric 0
Apr 04 13:46:53 bravo bluetit[100696]: net_route_del: 0.0.0.0/1 via 10.8.242.1 dev tun0 table 0 metric 0
Apr 04 13:46:53 bravo bluetit[100696]: net_route_del: 213.152.162.167/32 via 192.168.0.1 dev wlan0 table 0 metric 0
Apr 04 13:46:53 bravo bluetit[100696]: sitnl_send: rtnl: generic error: No such process (-3)
Apr 04 13:46:53 bravo bluetit[100696]: [36B blob data]
Apr 04 13:46:53 bravo bluetit[100696]: net_iface_mtu_set: mtu 1500 for tun0
Apr 04 13:46:53 bravo bluetit[100696]: net_iface_up: set tun0 down
Apr 04 13:46:53 bravo bluetit[100696]: Error while executing NetlinkRoute4(add: 0) tun0: -1
Apr 04 13:46:53 bravo bluetit[100696]: EVENT: DISCONNECTED
Apr 04 13:46:53 bravo bluetit[100696]: Successfully restored DNS settings
Apr 04 13:46:53 bravo bluetit[100696]: Session network filter and lock rollback successful
Apr 04 13:46:53 bravo bluetit[100696]: OpenVPN3 connection thread finished
Apr 04 13:46:53 bravo bluetit[100696]: Terminating quick connection thread
Apr 04 13:46:53 bravo bluetit[100696]: Session network filter and lock rollback successful
Apr 04 13:46:53 bravo bluetit[100696]: Persistent network filter and lock are enabled
Apr 04 13:46:53 bravo bluetit[100696]: Sending event 'event_disconnected'
Apr 04 13:46:53 bravo bluetit[100696]: Connection time: 00:01:53
Apr 04 13:46:53 bravo bluetit[100696]: Total transferred Input data: 73,81 KB
Apr 04 13:46:53 bravo bluetit[100696]: Total transferred Output data: 70,01 KB
Apr 04 13:46:53 bravo bluetit[100696]: Max Input rate: 4,91 Kbit/s
Apr 04 13:46:53 bravo bluetit[100696]: Max Output rate: 4,94 Kbit/s
Apr 04 13:46:53 bravo bluetit[100696]: AirVPN Manifest updater thread finished
Apr 04 13:46:53 bravo bluetit[100696]: Session network filter and lock are now disabled
Apr 04 13:46:53 bravo bluetit[100696]: Logging out AirVPN user Pi77Bull
Apr 04 13:46:53 bravo bluetit[100696]: Sending event 'event_end_of_session'
Apr 04 13:46:53 bravo systemd[1]: bluetit.service: Deactivated successfully.
Apr 04 13:46:53 bravo systemd[1]: bluetit.service: Consumed 3.147s CPU time, 15.3M memory peak, 0B memory swap peak.
Apr 04 13:46:53 bravo systemd[1]: bluetit-suspend.service: Deactivated successfully.
Apr 04 13:47:22 bravo bluetit[101763]: Starting Bluetit - AirVPN WireGuard/OpenVPN3 Service 2.0.0 alpha 2 - 24 November 2023
Apr 04 13:47:22 bravo bluetit[101763]: OpenVPN core 3.9 AirVPN linux x86_64 64-bit
Apr 04 13:47:22 bravo bluetit[101763]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
Apr 04 13:47:22 bravo bluetit[101763]: SSL Library: OpenSSL 3.2.1 30 Jan 2024
Apr 04 13:47:22 bravo bluetit[101763]: WireGuard connection available
Apr 04 13:47:22 bravo systemd[1]: bluetit-resume.service: Can't open PID file /etc/airvpn/bluetit.lock (yet?) after start: No such file or directory
Apr 04 13:47:22 bravo bluetit[101766]: Bluetit daemon started with PID 101766
Apr 04 13:47:22 bravo bluetit[101766]: Waiting for external network connection to be available
Apr 04 13:48:20 bravo bluetit[101766]: Waiting for external network connection to be available
Apr 04 13:49:20 bravo bluetit[101766]: Waiting for external network connection to be available
Apr 04 13:50:21 bravo bluetit[101766]: Waiting for external network connection to be available
Apr 04 13:51:21 bravo bluetit[101766]: Waiting for external network connection to be available
Apr 04 13:52:21 bravo bluetit[101766]: Waiting for external network connection to be available

The last line repeats indefinitely. At that point I have a working internet connection again, but without being connected to the VPN.

[Staff 9972]

@Pi77Bull

Thank you very much, we will investigate the problem. At least the units are fine. Note that you didn't need firewalld installation, so you can safely uninstall it if you wish so. You didn't need to remove ufw.service in the "Requires" line as well, it is ignored if missing. The main problem (which does not occur in Debian) now is in Bluetit itself, which waits forever for a network connection that's already available. We are investigating and we will keep you posted!

Kind regards