#!/bin/bash
#
# Script to reset VPN tunnels on Vyatta based routers. Under some odd
# circumstances that I don't yet understand these will collapse and not come
# back up without some help. This will reset them if they don't come back up
# but do nothing otherwise. It's designed to run as a all-stars cron.
#
# Fixes: https://bugs.crute.me/show_bug.cgi?id=70
#

IPSEC=/usr/sbin/ipsec
ACTIVE_CONNECTIONS=$($IPSEC status | awk '/INSTALLED/ { split($1, i, "{"); items[i[1]] += 1 } END { for (k in items) { c += items[k]; } print c}')
ACTIVE_CONNECTIONS=${ACTIVE_CONNECTIONS:-0}
TOTAL_CONNECTIONS=( $(awk '/^conn/ { if ($2 != "%default" ) print $2 }' /etc/ipsec.conf) )

# Not sure if this is always true but seems that single-tunnel systems
# only have a single tunnel whereas systems with multiple tunnels have
# two of each
if (( ${#TOTAL_CONNECTIONS[@]} > 1 )); then
    TUNNEL_MULTIPLIER=2
else
    TUNNEL_MULTIPLIER=1
fi

if (( ${ACTIVE_CONNECTIONS} != (${#TOTAL_CONNECTIONS[@]} * $TUNNEL_MULTIPLIER) )); then
    echo "$(date '+%Y-%m-%d %H:%M:%S') Resetting IPSEC connections ${ACTIVE_CONNECTIONS} of ${#TOTAL_CONNECTIONS[@]}" >> /var/log/vpn_reset.log

    for conn in "${TOTAL_CONNECTIONS[@]}"; do
        $IPSEC down "$conn"
        $IPSEC up "$conn"
    done
fi