update

l2tp-template.txt

@@ -0,0 +1,67 @@
+##  /etc/ipsec.conf
+#########################################################################
+conn <<VPN-NAME>>
+     authby=secret
+     pfs=no
+     auto=start
+     keyexchange=ikev1
+     keyingtries=3
+     dpddelay=15
+     dpdtimeout=45
+     dpdaction=clear
+     rekey=no
+     ikelifetime=3600
+     keylife=3600
+     type=transport
+     left=%defaultroute
+     leftprotoport=17/1701
+     right=<<VPN-SERVER-ADDRESS>>
+     rightprotoport=17/%any
+     ike=aes128-sha1-modp2048,aes256-sha1-modp4096,aes128-sha1-modp1536,aes256-sha1-modp2048,aes128-sha1-modp1024,aes256-sha1-modp1536,aes256-sha1-modp1024,3des-sha1-modp1024!
+     esp=aes128-sha1-modp2048,aes256-sha1-modp4096,aes128-sha1-modp1536,aes256-sha1-modp2048,aes128-sha1-modp1024,aes256-sha1-modp1536,aes256-sha1-modp1024!
+#########################################################################
+
+
+##  /etc/ipsec.secrets
+#########################################################################
+50.50.56.218 : PSK "<<VPN-PRE-SHARED-KEY>>"
+#########################################################################
+
+
+##  /etc/xl2tpd/xl2tpd.conf
+#########################################################################
+[lac <<VPN-NAME>>]
+lns = 50.50.56.218
+ppp debug = yes
+pppoptfile = /etc/ppp/options.l2tpd.client
+length bit = yes
+#########################################################################
+
+
+##  /etc/ppp/options.l2tpd.client
+#########################################################################
+ipcp-accept-local
+ipcp-accept-remote
+noccp
+refuse-eap
+refuse-chap
+noauth
+idle 1800
+mtu 1410
+mru 1410
+defaultroute
+#usepeerdns
+debug
+logfile /var/log/xl2tpd.log
+connect-delay 5000
+proxyarp
+name <<VPN-USERNAME>>
+password "<<VPN-PASSWORD>>"
+#########################################################################
+
+
+
+
+
+
+

vpnmon.sh

@@ -21,23 +21,33 @@ START(){
 	sudo echo "c ${VPN_CFGNAME}" > /var/run/xl2tpd/l2tp-control
 	sleep 5s
 	
-	[ "${ROUTE_SUBNET1}" != "" ] && ip route add ${ROUTE_SUBNET1} via $(ip address show dev ppp0 | grep -Po '(?<=peer )(\b([0-9]{1,3}\.){3}[0-9]{1,3}\b)') dev ppp0
-	[ "${ROUTE_SUBNET2}" != "" ] && ip route add ${ROUTE_SUBNET2} via $(ip address show dev ppp0 | grep -Po '(?<=peer )(\b([0-9]{1,3}\.){3}[0-9]{1,3}\b)') dev ppp0
+	OUT=$(ip link | grep "${VPN_INTERFACE}")			
+	if [ ${#OUT} -ne 0 ]; then
 	
-	# if [ "${SYSTEM}" = "unifipoller" ]; then
-	# 	/usr/sbin/service unifi-poller start &
-	# elif [ "${SYSTEM}" = "rpicam" ]; then
-	# 	/usr/sbin/service rpisurv restart
-	# fi
+		[ "${ROUTE_SUBNET1}" != "" ] && ip route add ${ROUTE_SUBNET1} via $(ip address show dev ppp0 | grep -Po '(?<=peer )(\b([0-9]{1,3}\.){3}[0-9]{1,3}\b)') dev ppp0
+		[ "${ROUTE_SUBNET2}" != "" ] && ip route add ${ROUTE_SUBNET2} via $(ip address show dev ppp0 | grep -Po '(?<=peer )(\b([0-9]{1,3}\.){3}[0-9]{1,3}\b)') dev ppp0
 		
-	rm -f /opt/idssys/vpnmon/vpn.stop
-	if [ -f /opt/idssys/vpnmon/vpn.fail* ]; then
-		echo "$(date) - VPN Fixed" >> $logfile
-		rm -f /opt/idssys/vpnmon/vpn.fail*
+		# if [ "${SYSTEM}" = "unifipoller" ]; then
+		# 	/usr/sbin/service unifi-poller start &
+		# elif [ "${SYSTEM}" = "rpicam" ]; then
+		# 	/usr/sbin/service rpisurv restart
+		# fi
+	
+		rm -f /opt/idssys/vpnmon/vpn.stop
+		if [ -f /opt/idssys/vpnmon/vpn.fail* ]; then
+			echo "$(date) - VPN Fixed" >> $logfile
+			rm -f /opt/idssys/vpnmon/vpn.fail*
+		fi
+		echo "VPN Started"
+		echo "$(date) - VPN started" >> $logfile
+		
+	else
+		echo "VPN Not Started, will stop and let system retry in a few minutes"
+		echo "$(date) - VPN was not started" >> $logfile
+		STOP
+		rm -f /opt/idssys/vpnmon/vpn.stop
 	fi
 	
-	echo "$(date) - VPN started" >> $logfile
-	
 }
 STOP(){
 	
@@ -55,7 +65,6 @@ STOP(){
 
 }
 CHECK(){
-	
 	if [ ! -f /opt/idssys/vpnmon/vpn.stop ]; then
 		touch /opt/idssys/vpnmon/vpn.stop
 		checked=false
@@ -96,9 +105,6 @@ CHECK(){
 			echo "$(date) - VPN Fixed" >> $logfile
 			rm -f /opt/idssys/vpnmon/vpn.fail*
 		fi
-		
-	else
-		echo "VPN system is stopped and must be restarted manually"
 	fi
 
 }