#! /usr/bin/perl -w
#

###	SYNOPSIS
##
#	vpn-monitor, hacked together by BlueGroper for use with IpCop
#	test whether vpn connections are "open", and restart connections only if not "open"
#	syntax vpn-monitor [more work here]

###	CHANGELOG
##
#	0.9	1/5/06	Added language support using existing ipcop perl modules
#				Still looking for better detection of false open conditions
#				Code for IpCop 1.3 deleted.
#	0.8a	25/4/06	Minor code tidy up, improved logging
#	0.8	8/4/06		First public outing
#   < 0.7	Feb 2006	Proof of concept

###	COMPILER DIRECTIVES
##
#
use strict; 
use English; 
require '/var/ipcop/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";

###	VARIABLES
##
#
my $version = "v0.9";
my $major_version = 0;
my $vpn_config = "${General::swroot}/vpn/config";
my (@vpn_status, @issue, @InFile);
my ($text, $Open_Closed, $key, $log_msg, $log_txt);
my (@Connections, $Connection, $Num_Connections, $status);
my $i = 0;

###	SANITY CHECKS
##
#
open (CONFIGFILE, "< $vpn_config") or die "$Lang::tr{'capswarning'} $vpn_config $Lang::tr{'could not be opened'} : $! \n";
@InFile = <CONFIGFILE>; close (CONFIGFILE);
if ($General::version =~ m/1.4/) {
	$major_version = "1.4";
}
else { 
	$log_msg = "$Lang::tr{'capswarning'} Invalid IpCop version"; &Message;
	&End;
}

###	MAIN
##
#
##	Code for IpCop 1.3 removed to separate perl script

if ($major_version eq "1.4") {
	@vpn_status = `/usr/sbin/ipsec auto --status`;
	$Num_Connections=@InFile;
	$status=@vpn_status;	
	$log_msg = "vpn-monitor $version, IpCop $General::version, $Lang::tr{'alt vpn'} = $Num_Connections"; &Message;
	while ($i < $Num_Connections) {
		$Open_Closed = "$Lang::tr{'capsclosed'}";
		@Connections = split(/,/,$InFile[$i]);
		$Connection = $Connections[2];
		$key = $Connections[0];
		for (0 .. $status-1) {
			$text=$vpn_status[$_];
			if ($text =~ m/$Connection/) {
				if ($text =~ m/IPsec SA established/) {
					$Open_Closed = "$Lang::tr{'capsopen'}";
					last;
				}
			}
		}
		$i++;
		$log_msg = "$Lang::tr{'vpn'} $Lang::tr{'connection'}\[$i\] \"$Connection\" : $Lang::tr{'connection'} $Open_Closed";
		&Message;
		if ($Open_Closed eq "$Lang::tr{'capsclosed'}") {
			if ($Connections[1] eq "on") {
				system('/usr/local/bin/ipsecctrl', 'S', $key);		
				$log_msg = "$Lang::tr{'vpn'} $Lang::tr{'connection'}\[$i\] \"$Connection\" : $Lang::tr{'connection'} $Lang::tr{'restart'}";
				&Message;
			} else {
				$log_msg = "$Lang::tr{'vpn'} $Lang::tr{'connection'}\[$i\] \"$Connection\" : $Lang::tr{'connection'} disabled";
				&Message;
			}
		}
	}
}

###           CLOSURES
##
#
&End;

###	SUBROUTINES
##
#

sub Message {
	system ('logger', '-s', '-i', $0, ':', "$log_msg");
	if ($log_msg =~ m/$Lang::tr{'restart'}/) {
		system ('logger', '-s', '-i', $0, ':', "**** $Lang::tr{'vpn'} $Lang::tr{'connection'} RESTARTED ****");
	}
}
	
sub End {
     exit 0;
}