From: Arne Fitzenreiter Date: Fri, 25 Jun 2010 20:55:30 +0000 (+0200) Subject: Merge branch 'master' of ssh://arne_f@ipfire.org/pub/git/ipfire-2.x X-Git-Tag: v2.9-beta1~183 X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=2746e7014edf38f9cd9fd6df7205e51ae0c1c54f;hp=fd4da55b68527cfef08eeffbb39915cf2ee01ed9 Merge branch 'master' of ssh://arne_f@ipfire.org/pub/git/ipfire-2.x --- diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c index 2e8ca53bfe..51f6b5a301 100644 --- a/src/misc-progs/ipsecctrl.c +++ b/src/misc-progs/ipsecctrl.c @@ -141,16 +141,11 @@ int decode_line (char *s, issue ipsec commmands to turn on connection 'name' */ void turn_connection_on (char *name, char *type) { - char command[STRING_SIZE]; - FILE *file = NULL; - - if (file = fopen("/var/run/vpn-watch.pid", "r")) { - safe_system("kill -9 $(cat /var/run/vpn-watch.pid)"); - safe_system("unlink /var/run/vpn-watch.pid"); - close(file); - } +/* + if you find a way to start a single connection without changing all add it + here. Change also vpn-watch. +*/ safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null"); - safe_system("/usr/local/bin/vpn-watch &"); } /* issue ipsec commmands to turn off connection 'name' @@ -193,6 +188,12 @@ int main(int argc, char *argv[]) { /* Get vpnwatch pid */ + + if ((argc == 2) && (file = fopen("/var/run/vpn-watch.pid", "r"))) { + safe_system("kill -9 $(cat /var/run/vpn-watch.pid)"); + safe_system("unlink /var/run/vpn-watch.pid"); + close(file); + } /* FIXME: workaround for pclose() issue - still no real idea why * this is happening */ @@ -338,6 +339,8 @@ int main(int argc, char *argv[]) { // start the system if ((argc == 2) && strcmp(argv[1], "S") == 0) { + safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null"); + safe_system("/usr/local/bin/vpn-watch &"); exit(0); } diff --git a/src/scripts/vpn-watch b/src/scripts/vpn-watch index 3f7757adb2..0c5f62d59f 100755 --- a/src/scripts/vpn-watch +++ b/src/scripts/vpn-watch @@ -1,6 +1,6 @@ #!/usr/bin/perl ################################################## -##### VPN-Watch.pl Version 0.4c ##### +##### VPN-Watch.pl Version 0.5 ##### ################################################## # # # VPN-Watch is part of the IPFire Firewall # @@ -24,13 +24,17 @@ if ( -e $file ){ } system("echo $$ > $file"); - +my $round=0; while ( $i == 0){ if ($debug){logger("We will wait 60 seconds before next action.");} sleep(60); - - if (open(FILE, "<${General::swroot}/vpn/config")) { - @vpnsettings = ; + + $round++; + + # Reset roundcounter after 10 min. To do established check. + if ($round > 9) { $round=0 } + + if (open(FILE, "<${General::swroot}/vpn/config")) { @vpnsettings = ; close(FILE); unless(@vpnsettings) {exit 1;} } @@ -50,12 +54,21 @@ foreach (@vpnsettings){ my $remoteip = `/usr/bin/ping -c 1 $remotehostname 2>/dev/null | head -n1 | awk '{print \$3}' | tr -d '()' | tr -d ':'`;chomp($remoteip); if ($remoteip eq ""){next;if ($debug){logger("Unable to resolve $remotehostname.");}} - my $ipmatch= `echo "$status" | grep $remoteip | grep $settings[2]`; + my $ipmatch= `echo "$status" | grep '$remoteip' | grep '$settings[2]'`; + my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`; if ( $ipmatch eq '' ){ - logger("Remote IP for host $remotehostname-$remoteip has changed, restarting ipsec."); - system("/usr/local/bin/ipsecctrl S"); + logger("Remote IP for host $remotehostname($remoteip) has changed, restarting ipsec."); + system("/usr/local/bin/ipsecctrl S $settings[0]"); last; #all connections will reloaded + #remove this if ipsecctrl can restart single con again + } + if ( ($round = 0) && ($established eq '')) { + logger("Connection to $remotehostname($remoteip) not erouted, restarting ipsec."); + system("/usr/local/bin/ipsecctrl S $settings[0]"); + last; #all connections will reloaded + #remove this if ipsecctrl can restart single con again + } } if ($debug){logger("All connections may be fine nothing was done.");} @@ -65,4 +78,3 @@ sub logger { my $log = shift; system("logger -t vpnwatch \"$log\""); } -