@
you're reading...
Scripting

Monitoring Script to Keep IPsec Tunnel Active

This script is used in our environment wherein it monitors certain tunnel. This is just a workaround though as we only encounter this when the other side of the tunnel is using Fortigate Firewall.  This can be handy as well when you want to monitor any connection as it can do some  automation like restarting a service or send out a notificaiton once disconnection is detected. Detection is done by checking the host for pings and if it does not reply after 5 requests then it’s considered down and in this case, tunnel is bounced. If if does not come up still, a notification will be sent for further checking. Anyway, here’s the script:

 

#!/bin/bash

SENDMAIL_CMD="/usr/sbin/sendmail"
SENDER="noreply@mydomain.com"
RCPT="yongitz@mydomain.com"

PINGER=`ping -c5 -I eth0 192.168.1.10 | grep -oP '\d+(?=% packet loss)'`
if [ $PINGER -eq 100 ]; then
ipsec auto --delete myTunnel
ipsec auto --add myTunnel
ipsec auto --up myTunnel
sleep 5
PINGER=`ping -c5 -I eth0 192.168.1.10 | grep -oP '\d+(?=% packet loss)'`
if [ $PINGER -eq 100 ]; then
echo -e "From:$SENDER \nTo:$RCPT \nSubject: !!! Tunnel to 192.168.1.10 is DOWN !!! \nTunnel is down even after tunnel has been bounced."|$SENDMAIL_CMD -t
fi
fi

exit 0

 

 

 

Advertisements

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s