Informations :
Dates
- Publish : : Thursday 11 january 2018
- Modification : Thursday 11 january 2018
Share :
Je souhaite relancer mon VPN (IPSEC + XL2TP) si la connexion cliente se coupe. Puis je vérifie que l'adresse IPv6 et que les routes sont actives.
Le script vpn-remount.sh
:
#!/bin/bash #####---------------------------- INFORMATIONS --------------------------------##### # # Name : vpn-remount.sh # Desc : Script qui remount les address IPv(4/6) et ajoute des routes IPv(4/6) # Auteur : O.Romain JAILLET-RAMEY alias Kss* # Mail : orj AT lab3w DOT fr # Date : 2018-01-11 # #####---------------------------- INFORMATIONS --------------------------------##### #-------------------------------------------------------------------------------- # Declaration DEV="ppp0" SEARCH_DEV="`cat /proc/net/dev | grep $DEV`" LOC_IPv4="172.16.5.253" LOC_IPv6="2001:bc8:25bb:ff00:1ab3:3a:c10d:253" CMD_ADD_ADDR_IPv6="/sbin/ip -6 address add 2001:bc8:25bb:ff00:1ab3:3a:c10d:253/112 dev ppp0" CMD_ADD_ROUTE_IPv4="/sbin/route add -net 10.59.199.0 netmask 255.255.255.0 dev ppp0" CMD_ADD_ROUTE_IPv6="/sbin/ip -6 route add default dev ppp0" #SEARCH_IPSEC_OK="/usr/sbin/ipsec status | grep -i 'INSTALLED, TRANSPORT' -B1 -A1" SEARCH_ADDR_IPv6_OK="/sbin/ip -6 a show dev $DEV" SEARCH_ROUTE_IPv6_OK="/sbin/ip -6 route show | grep default" SEARCH_ROUTE_IPv4_OK="/sbin/ip -4 route show dev ppp0 | grep 10.59.199.0" # Declaration #-------------------------------------------------------------------------------- #-------------------------------------------------------------------------------- # Fonctions ipsec_l2tp() { /etc/init.d/ipsec /etc/init.d/xl2tpd } vpn_check_config() { IPv4="`/sbin/ip -4 address show dev $DEV | grep inet | awk '{print }'`" IPv6="`/sbin/ip -6 address show dev $DEV | grep inet | awk '{print }'`" echo "+-----------------------------------" echo "|" echo "+ VPN" echo "|" echo "+--+ Iface $DEV exist !" echo "| |" echo "| +--+ IPv4 -> $IPv4" # IPv4 : Route echo "| | |" if [ "`/sbin/ip -4 route show dev $DEV | grep 10.59.199.0`" ]; then echo -n "| | +-- Route" echo " -> `/sbin/ip -4 route show dev $DEV | grep 10.59.199.0`" else echo -n "| | +-- Route ADD" ${CMD_ADD_ROUTE_IPv4} echo " -> `/sbin/ip -4 route show dev $DEV | grep 10.59.199.0`" fi echo "| |" # IPv6 : Address if [ "`${SEARCH_ADDR_IPv6_OK}`" ]; then echo "| +--+ IPv6 -> $IPv6" else echo -n "| +-- On ajoute l'address IPv6" ${CMD_ADD_ADDR_IPv6} echo " -> `/sbin/ip -6 address show dev $DEV | grep inet | awk '{print }'`" fi # IPv6 : Route echo "| |" if [ "`/sbin/ip -6 route show | grep "default dev $DEV"`" ]; then echo -n "| +-- Route" echo " -> `/sbin/ip -6 route show | grep "default dev ${DEV}"`" else echo -n "| +-- Route ADD" ${CMD_ADD_ROUTE_IPv6} echo " -> `/sbin/ip -6 route show | grep "default dev ${DEV}"`" fi echo "|" echo "+-----------------------------------" } # Fonctions #-------------------------------------------------------------------------------- #-------------------------------------------------------------------------------- # Script echo "" if [ "${SEARCH_DEV}" ]; then vpn_check_config else echo "+-----------------------------------" echo "+ VPN" echo "|" echo "+--+ Iface $DEV nexist pas !" echo " |" echo " +-- On remonte le VPN...." echo " |" ipsec_l2tp restart && sleep 2 /usr/sbin/ipsec up zw3b.fr && sleep 2 echo "c zw3b" >> /var/run/xl2tpd/l2tp-control && sleep 20 vpn_check_config echo "|" echo "+-----------------------------------" fi # Script #--------------------------------------------------------------------------------
Vous remarquerez que la route par default IPv6 passe par le VPN pour ressortir depuis une des adresse IPv6 de mon serveur LAB3W (ONLINE). Cela est un fait exprès vu que je n'ai pas d'IPv6 chez mon Fournisseur d'Accès InterNet (Orange (contrat non pro)).
Pour tester on lance le script de cette façon : sh vpn-remount.sh
ou on le met en tâche planifiée toutes les N minutes.
Par exemple :
*/3 * * * * sh /root/vpn-remount.sh 1>>/var/log/syslog 2>/dev/null 2>&1
La sortie du script va dans syslog
et les erreurs ne sont pas affichées ;)
Sortie du script :
+----------------------------------- | + VPN | +--+ Iface ppp0 exist ! | | | +--+ IPv4 -> 172.16.5.199/32 | | | | | +-- Route -> 10.59.199.0/24 scope link | | | +--+ IPv6 -> 2001:bc8:25bb:ff00:1ab3:3a:c10d:253/112 | | | +-- Route -> default dev ppp0 metric 1024 pref medium | +-----------------------------------
Bon Virtual Private Network ;)
Cordialement,
Romain