AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Linux vpn monitor12/27/2023 By redirecting the output we can have this show nothing if it connects successfully, but email the address specified in the MAILTO with the ipsec-restart.sh output. Passing in -w 10 tells it to wait 10 seconds to time out. Basically we want to test the hostname of our service to see if we can open port 80, and if not, run the restart script. Using NetCat ( nc) is a good option for this – it can actually do a crazy number of things I won’t go into here. Next step is to have the system automatically run the script when the tunnel goes down. # restart ipsec, then bring up the IPSec tunnel # show an error if the interface isn't specifiedĮcho "You must provide an interface argument with -i or -interface" # get the -i or -interface argument value Make sure to chmod +x /usr/local/bin/ipsec-restart.sh. I only have one IPSec interface of ipsec0 which is used in my script. To aid in the process of stopping and then restarting the services, I wrote a bash script to handle all the comments. This usually seemed to happen around 1am so despite many, many (MANY), emails, I wouldn’t actually fix it for several hours. Unfortunately I was seeing that this tunnel would for some reason collapse, requiring me to manually restart IPSec to rebuild the tunnel and re-enable our web services. ![]() It uses a IPSec, OpenSwan, and Pluto to maintain a private network. I have an IPSec Tunnel built from one of my servers to an integration partner which is used to secure our web service calls.
0 Comments
Read More
Leave a Reply. |