source: npl/internetserver/libreswan_conf/root/sbin/syn3-ipseccheck

Last change on this file was c5c522c, checked in by Edwin Eefting <edwin@datux.nl>, 8 years ago

initial commit, transferred from cleaned syn3 svn tree
  • Property mode set to 100755
File size: 1.2 KB
RevLine 
[c5c522c]1#!/bin/bash
2#DatuX vpn monitoring script (C)2007 DatuX/Syn-3
3
4
5if [ "$1" ]; then
6        MONS="/etc/ipsec.d/tunnels/$1.mon"
7else
8        MONS="/etc/ipsec.d/tunnels/*.mon"
9fi
10
11for MON in $MONS; do
12        IP=
13        SRC=
14        DISABLED=1
15        source "$MON" 2>/dev/null
16        TUN=`basename "$MON"|sed 's/.mon$//'`
17        FACILITY="ipsec_$TUN"
18
19        if grep "auto=ignore" "/etc/ipsec.d/tunnels/$TUN.conf" &>/dev/null ||
20            [ "$DISABLED" = "1" ] ||
21            [ ! $IP ]
22        then
23            syn3-state "$FACILITY" DELETE 
24            continue;
25        fi
26
27        echo "$TUN: Checking tunnel $IP..."
28        #sleep 1 second, otherwise ping and fping hang 30 seconds for some reason?
29        sleep 1
30
31        if [ "$SRC" != "" ]; then
32                PING_CMD="fping -S $SRC -r 20 -B 1 $IP";
33        else
34                PING_CMD="fping -r 20 -B 1 $IP";
35        fi
36       
37
38        (sleep 10;killall -9 fping )&  #route mode is ehold, causing fping to hang
39        KILLER_PID=$!
40        if ! $PING_CMD ; then
41                echo "$TUN: Down! Restarting tunnel!"
42                ipsec auto --delete $TUN
43                ipsec auto --add $TUN
44                ipsec auto --asynchronous --up $TUN
45                syn3-state "$FACILITY" CAUTION "No ping reply to $IP@$TUN (from $SRC) Reconnecting..."
46        else
47                echo "$TUN: OK"
48                syn3-state "$FACILITY" OK  "Ping to $IP@$TUN (from $SRC) is ok."
49        fi
50        kill -9 $KILLER_PID &>/dev/null #kill the killer
51       
52done
53
54exit 0
Note: See TracBrowser for help on using the repository browser.