#! /usr/bin/perl -w
#

# VPN-Monitor is distributed under the following BSD-style license:
#
# Copyright (c) 2006-2011 David Johnson and Brian G Roper. All rights and wrongs reserved.
#
# Redistribution and use in source and binary forms, with or without modification, 
# are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, 
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice, 
# this list of conditions and the following disclaimer in the documentation and/or 
# other materials provided with the distribution.
#
# 3. The name of the author may not be used to endorse or promote products derived 
# from this software without specific prior written permission from the author.
#
# 4. Products derived from this software may not be called "VPN-Monitor" nor may 
# "VPN-Monitor" appear in their names without specific prior written permission from the author.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, 
# BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 
# PARTICULAR PURPOSE ARE DISCLAIMED. 
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO 
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


###	SYNOPSIS
##
#	vpn-monitor, originally hacked together for use with IpCop 1.3. Later adapted for 1.4 and 2.0
#	Code for IpCop 1.3 and 1.4 now removed to separate perl scripts
#	test whether vpn connections are "open", and restart connections only if not "open"
#	syntax vpn-monitor [more work needed here]

###	CHANGELOG
##
#	1.0	October 2011	Improved code; updated for IpCop 2.0; BSD Licence
#				Code for IpCop 1.4 deleted
#	0.9	May 2006	Added language support using existing ipcop perl modules
#				Still looking for better detection of false open conditions
#				Code for IpCop 1.3 deleted
#	0.8a	April 2006	Minor code tidy up, improved logging
#	0.8	8/4/06		First public outing
#   < 0.7	Feb 2006	Proof of concept

###	COMPILER DIRECTIVES
##
#
use strict; 
# use English; 
require '/usr/lib/ipcop/general-functions.pl';
require '/usr/lib/ipcop/lang.pl';
require '/usr/lib/ipcop/header.pl';

###	VARIABLES
##
#
my $version = "v1.0";
my $major_version = 0;
my $vpn_config = "${General::swroot}/ipsec/config";
my (@vpn_status, @issue, @InFile);
my ($text, $Open_Closed, $key, $log_msg, $log_txt);
my (@Connections, $Connection, $Num_Connections, $status);
my $i = 0;

###	SANITY CHECKS
##
#
open (my $configfile, '<' , "$vpn_config") or die "$Lang::tr{'capswarning'} $vpn_config $Lang::tr{'could not be opened'} : $! \n";
@InFile = <$configfile>; close ($configfile);
if ($General::version =~ m/2.0/) {
	$major_version = "2.0";
}
else { 
	$log_msg = "$Lang::tr{'capswarning'} Invalid IpCop version"; &Message;
	&End;
}

###	MAIN
##
#

if ($major_version eq "2.0") {
	@vpn_status = `/usr/sbin/ipsec auto --status`;
	$Num_Connections=@InFile;
	$status=@vpn_status;	
	$log_msg = "IpCop $General::version, vpn-monitor $version, VPNs = $Num_Connections"; &Message;
	while ($i < $Num_Connections) {
		$Open_Closed = "$Lang::tr{'capsclosed'}";
		@Connections = split(/,/,$InFile[$i]);
		$Connection = $Connections[2];
		$key = $Connections[0];
		for (0 .. $status-1) {
			$text=$vpn_status[$_];
			if ($text =~ m/$Connection/) {
				if ($text =~ m/IPsec SA established/) {
					$Open_Closed = "$Lang::tr{'capsopen'}";
					last;
				}
			}
		}
		$i++;
		$log_msg = "VPN $Lang::tr{'connection'}\[$i\] \"$Connection\" : $Lang::tr{'connection'} $Open_Closed";
		&Message;
		if ($Open_Closed eq "$Lang::tr{'capsclosed'}") {
			if ($Connections[1] eq "on") {
				system('/usr/local/bin/ipsecctrl --start='.$key);
				$log_msg = "VPN $Lang::tr{'connection'}\[$i\] \"$Connection\" : $Lang::tr{'connection'} $Lang::tr{'restart'}";
				&Message;
			} else {
				$log_msg = "VPN $Lang::tr{'connection'}\[$i\] \"$Connection\" : $Lang::tr{'connection'} disabled";
				&Message;
			}
		}
	}
}

&End;

###	SUBROUTINES
##
#

sub Message {
	system ('logger', '-s', '-i', $0, ':', "$log_msg");
	if ($log_msg =~ m/$Lang::tr{'restart'}/) {
		system ('logger', '-s', '-i', $0, ':', "**** VPN $Lang::tr{'connection'} RESTARTED ****");
	}
}
	
sub End {
     exit 0;
}