Problem with "https-dns-proxy" after reconnecting WAN in OpenWrt

In the country where I live, DNS is "Hijacked".

I am using this program on OpenWrt project and on Raspberrypi4B device and it works very well. The only problem I have is that when my WAN connection is disconnected (from the Provider) and after it comes back it does not open any website (because it is not Resolve) and I have to restart service "/etc/init.d/https-dns-proxy" from Startup or via Terminal to connect.
Can you tell me how I can solve this problem? Is there a way that I can restart the service after the shutdown, for example through Shell Script?
I saw a script somewhere on the internet but I do not think it is a shell script and if so where should it be used:

#!/bin/sh
# Put this script run in crond.

service=ocserv

if test $(netstat -na | grep 0.0.0.0:443 | wc -l) = 2
then
        echo "$service is running!"
else
        /etc/init.d/$service start
fi

Do I have to change the script above as follows? (Unfortunately, I do not know any scripting.)

Is it possible for someone to help me solve this https problem after the WAN is down?

Something like this. not mine stole it from https://pastebin.com/wfSkpgKA
the if eval might be wrong, i really suck at shell scripting :wink:

#!/bin/bash

# Autor: John Llewelyn
# FB: fb.com/johnwilliam.llewelyn
# Twitter: twitter.com/JWLLEWELYN
# TLF: +584-1491-011-15
# Its use is free.
# Description: Connection Monitor for ADSL modem.
# Requirements:
# Copy this code or save to /home/administrator/ConnectionMonitor.sh
# It requires the installed packages fping beep and cron
# Comment the blacklist pcspkr snd-pcsp in /etc/modprobe.d/blacklist.conf
# Give execute permissions: chmod +x /home/administrator/ConnectionMonitor.sh
# Add this line in crontab -e with root user
# @reboot sleep 120 && /home/administrator/MonitorDeConexion.sh

#################################################################################
# SETTINGS
TEST="8.8.8.8"       # Ping Test
ADAPTER1="enp4s0"    # External Ethernet Adapter
TIMECHECK="120"      # Time to check the internet connection
service=ocserv
# Report
LOGFILE="/home/administrator/Documentos/ReportInternet.log"

# Messages
MESSAGE1="Restoring Connectivity..."
MESSAGE2="Wait a moment please..."
MESSAGE3="No Internet connectivity."
MESSAGE4="Yes, there is Internet connectivity."
#################################################################################

# Time and Date
TODAY=$(date "+%r %d-%m-%Y")
DOWN=0

# Show IP Public Address
IPv4ExternalAddr1=$(ip addr list $ADAPTER1 |grep "inet " |cut -d' ' -f6|cut -d/ -f1)
IPv6ExternalAddr1=$(ip addr list $ADAPTER1 |grep "inet6 " |cut -d' ' -f6|cut -d/ -f1)

# Execution of work
while true; do
    if [[ "$(fping -I ${ADAPTER1} ${TEST} | grep 'unreachable' )" != "" ]]; then
        alarm
        clear
        echo "================================================================================" >> ${LOGFILE}
        echo "${MESSAGE3} - ${TODAY}"                                                               >> ${LOGFILE}
        echo "${MESSAGE3 - ${TODAY}"
        echo "================================================================================" >> ${LOGFILE}
        sleep 10
        DOWN=1
    else
        clear
        echo "================================================================================"   >> ${LOGFILE}
        echo "${MESSAGE4} - ${TODAY} - IPv4 Addr: ${IPv4ExternalAddr1} - IPv6 Addr: ${IPv6ExternalAddr1}" >> ${LOGFILE}
        echo "${MESSAGE4} - ${TODAY} - IPv4 Addr: ${IPv4ExternalAddr1} - IPv6 Addr: ${IPv6ExternalAddr1}"
        echo "================================================================================"   >> ${LOGFILE}
        sleep ${TIMECHECK}
        if eval "$DOWN"; then
             /etc/init.d/$service restart
             D0WN=0
        fi
    fi
done
1 Like

Thanks buddy for the reply. Just a question . . .
Now I have to save your code in a file to "/etc/init.d/" and give it chmod 775.
Did I get it right?

Well, it's not a daemon script per se, but I guess it could/should work.
I'd just run it with a &.

You might want to test it, before putting it in production :wink:

1 Like

I should also add that when the https-dns-proxy service crashes, I have the DNS Server (GoogleDNS, etc. . .)pinged, but no Page will load until https-dns-proxy is restarted.

that might be the case, but the pings will fail, due to the WAN connection going down.

1 Like

Thanks buddy, but unfortunately this method did not work because Ping is using port 53, but in this case, no page opens for me because port 80,443 is down and that script must be restarted after these ports fail.

No, ping doesn't use ports, it doesn't even use TCP nor UDP, it uses ICMP.
I fail to see the relation between the ports and the ping.

But, you could try to ping your default gateway, that too might be unreachable, if your internet goes down.

1 Like
1 Like

@vgaetera
Is it possible to guide me more accurately in this case that I explained?
I don't really know anything about Shell Scripting

That's not the expected behavior, I just triggered ifdown wan; ifup wan; and I didn't lose ability to resolve domain names thru DoH proxy. I highly recommend you use the current OpenWrt release instead of the "ImmortalWrt 18.06-snapshot".

2 Likes

Collect the output when the issue happens and post it to pastebin.com redacting the private parts:

logread -e dnsmasq; netstat -l -n -p | grep -e dnsmasq; \
logread -e https-dns; netstat -l -n -p | grep -e https-dns; \
pgrep -f -a dnsmasq; pgrep -f -a https-dns; \
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*; \
uci show dhcp; uci show https-dns-proxy; \
nslookup openwrt.org 8.8.8.8; \
nslookup openwrt.org 127.0.0.1; \
nslookup openwrt.org 127.0.0.1#5053
2 Likes

Thanks for answering. Do you think this is possible because I did not use Openwrt Direct Source?
I used immortalWRT because it has very good packages and is based on OpenWRT 18.06.
Anyway, Thanks bro

I will definitely do that, buddy
Thanks for your response

1 Like