Monday, 10 April 2006

vpn-monitor
This small perl script helps keep vpn connections open.
The script does NOT simply monitor ip addresses and then only restart the vpn if the ip changes.  
That logic fails when a DSL modem reconnects with the very same ip address.  Many ISP's do that.
This script does a more rigorous check of each vpn tunnel, and is designed to be run periodically as a cron job.  
(If you don't know how to do that, then perhaps wait until this script has matured into a gui page before trying to use it.)
If the cron job is set to check too frequently,  a race condition may result.  
The previous check won't have time to finish (and perhaps restart the vpn) before the next check hammers away.
Perhaps 5 minute intervals might work OK.  Set your own cron interval, its not part of the script.
Can also be run manually from the cli and it will report current status of each vpn tunnel.
IpCop 1.3 and 1.4 are quite different, especially with the ipsec implementation.
In 1.3, if ANY vpn is closed, vpn-monitor will restart ALL vpn's.  Sorry, but that's how 1.3 works.
1.4 is more flexible.  Only restarting closed vpn connections.  Much more sensible.  
The script respects disabled connections and will only restart a connection that is "enabled" in the IpCop web-gui.
This script uses the same technique used by the IpCop developers to detect Open and Closed connections displayed in the browser gui.
Originally the 1.3 and 1.4 code was all hacked in together.
Later version of vpn-monitor has the code separated.  Plan will be to simply delete the 1.3 code one-day.
I've been testing the script for a few days only a multi-tunnel, 1.3 < = > 1.4 setup.  
I can powercycle the modem or manually close a vpn tunnel, and wait max 5 minutes for it to be re-initiated.
Naturally, vpn-monitor is run at BOTH ends of the vpn.  Don't need to synchronise any clocks or timing of cron jobs.
Seems to work OK.
If you're having bother, check the messages logged to /var/log/messages.
Or run it at the cli and view messages on console.
As always, USE AT YOUR OWN RISK.
If your house burns down, you lose your job, or get chucked out of college, don't blame me.
Post feedback to bgroper.AT.bur.st or to vpn section of ipcop forum at http://www.ipcops.com/index.php
- BG