blob: 09059274c2caf1f7115a69baa8ec3125eaf94dfb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
#!/bin/bash
#
# Script to reset VPN tunnels on Vyatta based routers. Under some odd
# circumstances that I don't yet understand these will collapse and not come
# back up without some help. This will reset them if they don't come back up
# but do nothing otherwise. It's designed to run as a all-stars cron.
#
# Fixes: https://bugs.crute.me/show_bug.cgi?id=70
#
IPSEC=/usr/sbin/ipsec
ACTIVE_CONNECTIONS=$($IPSEC status | awk '/INSTALLED/ { split($1, i, "{"); items[i[1]] += 1 } END { for (k in items) { c += items[k]; } print c}')
ACTIVE_CONNECTIONS=${ACTIVE_CONNECTIONS:-0}
TOTAL_CONNECTIONS=( $(awk '/^conn/ { if ($2 != "%default" ) print $2 }' /etc/ipsec.conf) )
# Not sure if this is always true but seems that single-tunnel systems
# only have a single tunnel whereas systems with multiple tunnels have
# two of each
if (( ${#TOTAL_CONNECTIONS[@]} > 1 )); then
TUNNEL_MULTIPLIER=2
else
TUNNEL_MULTIPLIER=1
fi
if (( ${ACTIVE_CONNECTIONS} != (${#TOTAL_CONNECTIONS[@]} * $TUNNEL_MULTIPLIER) )); then
echo "$(date '+%Y-%m-%d %H:%M:%S') Resetting IPSEC connections ${ACTIVE_CONNECTIONS} of ${#TOTAL_CONNECTIONS[@]}" >> /var/log/vpn_reset.log
for conn in "${TOTAL_CONNECTIONS[@]}"; do
$IPSEC down "$conn"
$IPSEC up "$conn"
done
fi
|
