API tools faq
paste
eibgrad

tomato-ovpn-client-watchdog.sh

eibgrad
Apr 10th, 2021 (edited)
384
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.68 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. #DEBUG=; set -x # uncomment/comment to enable/disable debug mode
  3.  
  4. #          name: tomato-ovpn-client-watchdog.sh
  5. #       version: 2.1.0, 08-aug-2022, by eibgrad
  6. #       purpose: (re)start failed/stopped/unresponsive openvpn client(s)
  7. #   script type: wanup (autostart)
  8. #  installation:
  9. #    1. enable jffs (administration->jffs)
  10. #    2. enable 'start with wan' option for openvpn clients to be monitored
  11. #    3. use shell (telnet/ssh) to execute one of the following commands:
  12. #         curl -kLs bit.ly/tomato-installer|tr -d '\r'|sh -s -- MPnU5WrK wanup
  13. #       or
  14. #         wget -qO - bit.ly/tomato-installer|tr -d '\r'|sh -s -- MPnU5WrK wanup
  15. #    4. optional: use vi editor to modify options:
  16. #         vi /jffs/etc/config/tomato-ovpn-client-watchdog.wanup
  17. #    5. reboot
  18. (
  19. # ------------------------------ BEGIN OPTIONS ------------------------------- #
  20.  
  21. # time (in secs) between checks for failed/stopped/unresponsive openvpn clients
  22. INTERVAL=60
  23.  
  24. # internet host used for ping checks
  25. PING_HOST='8.8.8.8'
  26.  
  27. # time (in secs) between ping checks
  28. PING_INTERVAL=10
  29.  
  30. # maxmium number of ping checks before being considered a failure
  31. PING_MAXTRY=3 # (3 recommended, 0 disables ping checks)
  32.  
  33. # ------------------------------- END OPTIONS -------------------------------- #
  34.  
  35. # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
  36.  
  37. WAN_IF="$(ip route | awk '/^default/{print $NF}')"
  38.  
  39. # function _ping( client-num )
  40. _ping() {
  41.     [ $PING_MAXTRY -gt 0 ] || return 0
  42.  
  43.     local i=1
  44.     local conf="/tmp/etc/openvpn/client${1}/config.ovpn"
  45.     local dev="$(grep '^dev[[:space:]]' $conf | tail -1 | awk '{print $2}')"
  46.  
  47.     # it's best to check multiple times to prevent false negatives
  48.     while :; do
  49.         ping -qc1 -W3 -I $dev $PING_HOST &>/dev/null && return 0
  50.         [ $((i++)) -ge $PING_MAXTRY ] && break || sleep $PING_INTERVAL
  51.     done
  52.  
  53.     return 1
  54. }
  55.  
  56. # reject uninitialized wan and additional instances
  57. { [ "$WAN_IF" ] && mkdir /tmp/$(basename $0 .${0##*.}).lock &>/dev/null; } || exit 0
  58.  
  59. # wait for *reliable* internet connection
  60. until ping -qc1 -W3 -I $WAN_IF $PING_HOST &>/dev/null; do sleep 10; done
  61.  
  62. while sleep $INTERVAL; do
  63.     for i in 1 2 3; do
  64.         # only enabled openvpn clients need to be considered
  65.         $(nvram get vpn_client_eas | grep -q $i) || continue
  66.  
  67.         # check for failed connection or unresponsive tunnel
  68.         pidof vpnclient${i} &>/dev/null && _ping $i && continue
  69.  
  70.         # fall-through means failure; restart the openvpn client
  71.         service vpnclient${i} restart
  72.         echo "openvpn client #$i (re)started @ $(date)"
  73.     done
  74. done
  75.  
  76. ) 2>&1 | logger -t "$(basename $0 .${0##*.})[$$]" &
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!