Add VPN reset script

1 files changed, 33 insertions, 0 deletions

diff --git a/vpn_reset.sh b/vpn_reset.sh
new file mode 100755
index 0000000..0905927
--- /dev/null
+++ b/vpn_reset.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Script to reset VPN tunnels on Vyatta based routers. Under some odd
+# circumstances that I don't yet understand these will collapse and not come
+# back up without some help. This will reset them if they don't come back up
+# but do nothing otherwise. It's designed to run as a all-stars cron.
+#
+# Fixes: https://bugs.crute.me/show_bug.cgi?id=70
+#
+
+IPSEC=/usr/sbin/ipsec
+ACTIVE_CONNECTIONS=$($IPSEC status | awk '/INSTALLED/ { split($1, i, "{"); items[i[1]] += 1 } END { for (k in items) { c += items[k]; } print c}')
+ACTIVE_CONNECTIONS=${ACTIVE_CONNECTIONS:-0}
+TOTAL_CONNECTIONS=( $(awk '/^conn/ { if ($2 != "%default" ) print $2 }' /etc/ipsec.conf) )
+
+# Not sure if this is always true but seems that single-tunnel systems
+# only have a single tunnel whereas systems with multiple tunnels have
+# two of each
+if (( ${#TOTAL_CONNECTIONS[@]} > 1 )); then
+    TUNNEL_MULTIPLIER=2
+else
+    TUNNEL_MULTIPLIER=1
+fi
+
+if (( ${ACTIVE_CONNECTIONS} != (${#TOTAL_CONNECTIONS[@]} * $TUNNEL_MULTIPLIER) )); then
+    echo "$(date '+%Y-%m-%d %H:%M:%S') Resetting IPSEC connections ${ACTIVE_CONNECTIONS} of ${#TOTAL_CONNECTIONS[@]}" >> /var/log/vpn_reset.log
+
+    for conn in "${TOTAL_CONNECTIONS[@]}"; do
+        $IPSEC down "$conn"
+        $IPSEC up "$conn"
+    done
+fi
+