feat(healthcheck): combination of ICMP and TCP+TLS checks (#2923)
- New option: `HEALTH_ICMP_TARGET_IP` defaults to `0.0.0.0` meaning use the VPN server public IP address. - Options removed: `HEALTH_VPN_INITIAL_DURATION` and `HEALTH_VPN_ADDITIONAL_DURATION` - times and retries are handpicked and hardcoded. - Less aggressive checks and less false positive detection
This commit is contained in:
Quentin McGaw
@@ -2,6 +2,7 @@ package vpn
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/netip"
|
||||
|
||||
"github.com/qdm12/dns/v2/pkg/check"
|
||||
"github.com/qdm12/gluetun/internal/constants"
|
||||
@@ -9,6 +10,8 @@ import (
|
||||
)
|
||||
|
||||
type tunnelUpData struct {
|
||||
// Healthcheck
|
||||
serverIP netip.Addr
|
||||
// Port forwarding
|
||||
vpnIntf string
|
||||
serverName string // used for PIA
|
||||
@@ -18,7 +21,7 @@ type tunnelUpData struct {
|
||||
portForwarder PortForwarder
|
||||
}
|
||||
|
||||
func (l *Loop) onTunnelUp(ctx context.Context, data tunnelUpData) {
|
||||
func (l *Loop) onTunnelUp(ctx, loopCtx context.Context, data tunnelUpData) {
|
||||
l.client.CloseIdleConnections()
|
||||
|
||||
for _, vpnPort := range l.vpnInputPorts {
|
||||
@@ -28,6 +31,24 @@ func (l *Loop) onTunnelUp(ctx context.Context, data tunnelUpData) {
|
||||
}
|
||||
}
|
||||
|
||||
icmpTarget := l.healthSettings.ICMPTargetIP
|
||||
if icmpTarget.IsUnspecified() {
|
||||
icmpTarget = data.serverIP
|
||||
}
|
||||
l.healthChecker.SetConfig(l.healthSettings.TargetAddress, icmpTarget)
|
||||
|
||||
healthErrCh, err := l.healthChecker.Start(ctx)
|
||||
l.healthServer.SetError(err)
|
||||
if err != nil {
|
||||
// Note this restart call must be done in a separate goroutine
|
||||
// from the VPN loop goroutine.
|
||||
l.restartVPN(loopCtx, err)
|
||||
return
|
||||
}
|
||||
defer func() {
|
||||
_ = l.healthChecker.Stop()
|
||||
}()
|
||||
|
||||
if *l.dnsLooper.GetSettings().DoT.Enabled {
|
||||
_, _ = l.dnsLooper.ApplyStatus(ctx, constants.Running)
|
||||
} else {
|
||||
@@ -37,7 +58,7 @@ func (l *Loop) onTunnelUp(ctx context.Context, data tunnelUpData) {
|
||||
}
|
||||
}
|
||||
|
||||
err := l.publicip.RunOnce(ctx)
|
||||
err = l.publicip.RunOnce(ctx)
|
||||
if err != nil {
|
||||
l.logger.Error("getting public IP address information: " + err.Error())
|
||||
}
|
||||
@@ -56,4 +77,21 @@ func (l *Loop) onTunnelUp(ctx context.Context, data tunnelUpData) {
|
||||
if err != nil {
|
||||
l.logger.Error(err.Error())
|
||||
}
|
||||
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
case healthErr := <-healthErrCh:
|
||||
l.healthServer.SetError(healthErr)
|
||||
// Note this restart call must be done in a separate goroutine
|
||||
// from the VPN loop goroutine.
|
||||
l.restartVPN(loopCtx, healthErr)
|
||||
}
|
||||
}
|
||||
|
||||
func (l *Loop) restartVPN(ctx context.Context, healthErr error) {
|
||||
l.logger.Warnf("restarting VPN because it failed to pass the healthcheck: %s", healthErr)
|
||||
l.logger.Info("👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md")
|
||||
l.logger.Info("DO NOT OPEN AN ISSUE UNLESS YOU HAVE READ AND TRIED EVERY POSSIBLE SOLUTION")
|
||||
_, _ = l.ApplyStatus(ctx, constants.Stopped)
|
||||
_, _ = l.ApplyStatus(ctx, constants.Running)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user