Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #DEBUG=; set -x # uncomment/comment to enable/disable debug mode
- # name: tomato-ovpn-client-watchdog.sh
- # version: 2.1.0, 08-aug-2022, by eibgrad
- # purpose: (re)start failed/stopped/unresponsive openvpn client(s)
- # script type: wanup (autostart)
- # installation:
- # 1. enable jffs (administration->jffs)
- # 2. enable 'start with wan' option for openvpn clients to be monitored
- # 3. use shell (telnet/ssh) to execute one of the following commands:
- # curl -kLs bit.ly/tomato-installer|tr -d '\r'|sh -s -- MPnU5WrK wanup
- # or
- # wget -qO - bit.ly/tomato-installer|tr -d '\r'|sh -s -- MPnU5WrK wanup
- # 4. optional: use vi editor to modify options:
- # vi /jffs/etc/config/tomato-ovpn-client-watchdog.wanup
- # 5. reboot
- (
- # ------------------------------ BEGIN OPTIONS ------------------------------- #
- # time (in secs) between checks for failed/stopped/unresponsive openvpn clients
- INTERVAL=60
- # internet host used for ping checks
- PING_HOST='8.8.8.8'
- # time (in secs) between ping checks
- PING_INTERVAL=10
- # maxmium number of ping checks before being considered a failure
- PING_MAXTRY=3 # (3 recommended, 0 disables ping checks)
- # ------------------------------- END OPTIONS -------------------------------- #
- # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
- WAN_IF="$(ip route | awk '/^default/{print $NF}')"
- # function _ping( client-num )
- _ping() {
- [ $PING_MAXTRY -gt 0 ] || return 0
- local i=1
- local conf="/tmp/etc/openvpn/client${1}/config.ovpn"
- local dev="$(grep '^dev[[:space:]]' $conf | tail -1 | awk '{print $2}')"
- # it's best to check multiple times to prevent false negatives
- while :; do
- ping -qc1 -W3 -I $dev $PING_HOST &>/dev/null && return 0
- [ $((i++)) -ge $PING_MAXTRY ] && break || sleep $PING_INTERVAL
- done
- return 1
- }
- # reject uninitialized wan and additional instances
- { [ "$WAN_IF" ] && mkdir /tmp/$(basename $0 .${0##*.}).lock &>/dev/null; } || exit 0
- # wait for *reliable* internet connection
- until ping -qc1 -W3 -I $WAN_IF $PING_HOST &>/dev/null; do sleep 10; done
- while sleep $INTERVAL; do
- for i in 1 2 3; do
- # only enabled openvpn clients need to be considered
- $(nvram get vpn_client_eas | grep -q $i) || continue
- # check for failed connection or unresponsive tunnel
- pidof vpnclient${i} &>/dev/null && _ping $i && continue
- # fall-through means failure; restart the openvpn client
- service vpnclient${i} restart
- echo "openvpn client #$i (re)started @ $(date)"
- done
- done
- ) 2>&1 | logger -t "$(basename $0 .${0##*.})[$$]" &
Add Comment
Please, Sign In to add comment