diff --git a/l2tp-template.txt b/l2tp-template.txt new file mode 100644 index 0000000..41897bf --- /dev/null +++ b/l2tp-template.txt @@ -0,0 +1,67 @@ +## /etc/ipsec.conf +######################################################################### +conn <> + authby=secret + pfs=no + auto=start + keyexchange=ikev1 + keyingtries=3 + dpddelay=15 + dpdtimeout=45 + dpdaction=clear + rekey=no + ikelifetime=3600 + keylife=3600 + type=transport + left=%defaultroute + leftprotoport=17/1701 + right=<> + rightprotoport=17/%any + ike=aes128-sha1-modp2048,aes256-sha1-modp4096,aes128-sha1-modp1536,aes256-sha1-modp2048,aes128-sha1-modp1024,aes256-sha1-modp1536,aes256-sha1-modp1024,3des-sha1-modp1024! + esp=aes128-sha1-modp2048,aes256-sha1-modp4096,aes128-sha1-modp1536,aes256-sha1-modp2048,aes128-sha1-modp1024,aes256-sha1-modp1536,aes256-sha1-modp1024! +######################################################################### + + +## /etc/ipsec.secrets +######################################################################### +50.50.56.218 : PSK "<>" +######################################################################### + + +## /etc/xl2tpd/xl2tpd.conf +######################################################################### +[lac <>] +lns = 50.50.56.218 +ppp debug = yes +pppoptfile = /etc/ppp/options.l2tpd.client +length bit = yes +######################################################################### + + +## /etc/ppp/options.l2tpd.client +######################################################################### +ipcp-accept-local +ipcp-accept-remote +noccp +refuse-eap +refuse-chap +noauth +idle 1800 +mtu 1410 +mru 1410 +defaultroute +#usepeerdns +debug +logfile /var/log/xl2tpd.log +connect-delay 5000 +proxyarp +name <> +password "<>" +######################################################################### + + + + + + + diff --git a/vpnmon.sh b/vpnmon.sh index 808cf06..7ae00ba 100755 --- a/vpnmon.sh +++ b/vpnmon.sh @@ -21,23 +21,33 @@ START(){ sudo echo "c ${VPN_CFGNAME}" > /var/run/xl2tpd/l2tp-control sleep 5s - [ "${ROUTE_SUBNET1}" != "" ] && ip route add ${ROUTE_SUBNET1} via $(ip address show dev ppp0 | grep -Po '(?<=peer )(\b([0-9]{1,3}\.){3}[0-9]{1,3}\b)') dev ppp0 - [ "${ROUTE_SUBNET2}" != "" ] && ip route add ${ROUTE_SUBNET2} via $(ip address show dev ppp0 | grep -Po '(?<=peer )(\b([0-9]{1,3}\.){3}[0-9]{1,3}\b)') dev ppp0 + OUT=$(ip link | grep "${VPN_INTERFACE}") + if [ ${#OUT} -ne 0 ]; then + + [ "${ROUTE_SUBNET1}" != "" ] && ip route add ${ROUTE_SUBNET1} via $(ip address show dev ppp0 | grep -Po '(?<=peer )(\b([0-9]{1,3}\.){3}[0-9]{1,3}\b)') dev ppp0 + [ "${ROUTE_SUBNET2}" != "" ] && ip route add ${ROUTE_SUBNET2} via $(ip address show dev ppp0 | grep -Po '(?<=peer )(\b([0-9]{1,3}\.){3}[0-9]{1,3}\b)') dev ppp0 - # if [ "${SYSTEM}" = "unifipoller" ]; then - # /usr/sbin/service unifi-poller start & - # elif [ "${SYSTEM}" = "rpicam" ]; then - # /usr/sbin/service rpisurv restart - # fi + # if [ "${SYSTEM}" = "unifipoller" ]; then + # /usr/sbin/service unifi-poller start & + # elif [ "${SYSTEM}" = "rpicam" ]; then + # /usr/sbin/service rpisurv restart + # fi - rm -f /opt/idssys/vpnmon/vpn.stop - if [ -f /opt/idssys/vpnmon/vpn.fail* ]; then - echo "$(date) - VPN Fixed" >> $logfile - rm -f /opt/idssys/vpnmon/vpn.fail* + rm -f /opt/idssys/vpnmon/vpn.stop + if [ -f /opt/idssys/vpnmon/vpn.fail* ]; then + echo "$(date) - VPN Fixed" >> $logfile + rm -f /opt/idssys/vpnmon/vpn.fail* + fi + echo "VPN Started" + echo "$(date) - VPN started" >> $logfile + + else + echo "VPN Not Started, will stop and let system retry in a few minutes" + echo "$(date) - VPN was not started" >> $logfile + STOP + rm -f /opt/idssys/vpnmon/vpn.stop fi - echo "$(date) - VPN started" >> $logfile - } STOP(){ @@ -55,7 +65,6 @@ STOP(){ } CHECK(){ - if [ ! -f /opt/idssys/vpnmon/vpn.stop ]; then touch /opt/idssys/vpnmon/vpn.stop checked=false @@ -96,9 +105,6 @@ CHECK(){ echo "$(date) - VPN Fixed" >> $logfile rm -f /opt/idssys/vpnmon/vpn.fail* fi - - else - echo "VPN system is stopped and must be restarted manually" fi }