From 44b5666bc74f839158af79d215d00a7232b8a3dd Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 25 Jun 2010 22:52:43 +0200 Subject: [PATCH] Fix ipseccrtl, add 10min restart of unrouted connections to vpn-watch. --- src/misc-progs/ipsecctrl.c | 21 ++++++++++++--------- src/scripts/vpn-watch | 30 +++++++++++++++++++++--------- 2 files changed, 33 insertions(+), 18 deletions(-) diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c index 2e8ca53bfe..51f6b5a301 100644 --- a/src/misc-progs/ipsecctrl.c +++ b/src/misc-progs/ipsecctrl.c @@ -141,16 +141,11 @@ int decode_line (char *s, issue ipsec commmands to turn on connection 'name' */ void turn_connection_on (char *name, char *type) { - char command[STRING_SIZE]; - FILE *file = NULL; - - if (file = fopen("/var/run/vpn-watch.pid", "r")) { - safe_system("kill -9 $(cat /var/run/vpn-watch.pid)"); - safe_system("unlink /var/run/vpn-watch.pid"); - close(file); - } +/* + if you find a way to start a single connection without changing all add it + here. Change also vpn-watch. +*/ safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null"); - safe_system("/usr/local/bin/vpn-watch &"); } /* issue ipsec commmands to turn off connection 'name' @@ -193,6 +188,12 @@ int main(int argc, char *argv[]) { /* Get vpnwatch pid */ + + if ((argc == 2) && (file = fopen("/var/run/vpn-watch.pid", "r"))) { + safe_system("kill -9 $(cat /var/run/vpn-watch.pid)"); + safe_system("unlink /var/run/vpn-watch.pid"); + close(file); + } /* FIXME: workaround for pclose() issue - still no real idea why * this is happening */ @@ -338,6 +339,8 @@ int main(int argc, char *argv[]) { // start the system if ((argc == 2) && strcmp(argv[1], "S") == 0) { + safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null"); + safe_system("/usr/local/bin/vpn-watch &"); exit(0); } diff --git a/src/scripts/vpn-watch b/src/scripts/vpn-watch index 3f7757adb2..0c5f62d59f 100755 --- a/src/scripts/vpn-watch +++ b/src/scripts/vpn-watch @@ -1,6 +1,6 @@ #!/usr/bin/perl ################################################## -##### VPN-Watch.pl Version 0.4c ##### +##### VPN-Watch.pl Version 0.5 ##### ################################################## # # # VPN-Watch is part of the IPFire Firewall # @@ -24,13 +24,17 @@ if ( -e $file ){ } system("echo $$ > $file"); - +my $round=0; while ( $i == 0){ if ($debug){logger("We will wait 60 seconds before next action.");} sleep(60); - - if (open(FILE, "<${General::swroot}/vpn/config")) { - @vpnsettings = ; + + $round++; + + # Reset roundcounter after 10 min. To do established check. + if ($round > 9) { $round=0 } + + if (open(FILE, "<${General::swroot}/vpn/config")) { @vpnsettings = ; close(FILE); unless(@vpnsettings) {exit 1;} } @@ -50,12 +54,21 @@ foreach (@vpnsettings){ my $remoteip = `/usr/bin/ping -c 1 $remotehostname 2>/dev/null | head -n1 | awk '{print \$3}' | tr -d '()' | tr -d ':'`;chomp($remoteip); if ($remoteip eq ""){next;if ($debug){logger("Unable to resolve $remotehostname.");}} - my $ipmatch= `echo "$status" | grep $remoteip | grep $settings[2]`; + my $ipmatch= `echo "$status" | grep '$remoteip' | grep '$settings[2]'`; + my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`; if ( $ipmatch eq '' ){ - logger("Remote IP for host $remotehostname-$remoteip has changed, restarting ipsec."); - system("/usr/local/bin/ipsecctrl S"); + logger("Remote IP for host $remotehostname($remoteip) has changed, restarting ipsec."); + system("/usr/local/bin/ipsecctrl S $settings[0]"); last; #all connections will reloaded + #remove this if ipsecctrl can restart single con again + } + if ( ($round = 0) && ($established eq '')) { + logger("Connection to $remotehostname($remoteip) not erouted, restarting ipsec."); + system("/usr/local/bin/ipsecctrl S $settings[0]"); + last; #all connections will reloaded + #remove this if ipsecctrl can restart single con again + } } if ($debug){logger("All connections may be fine nothing was done.");} @@ -65,4 +78,3 @@ sub logger { my $log = shift; system("logger -t vpnwatch \"$log\""); } - -- 2.39.2