Project

General

Profile

ipsecmon.sh

PFSense ipsec bug monitoring + bounce script - Firstname Surname, 11/28/2016 08:41 AM

 
1
#!/bin/sh
2

    
3
estabcount=0
4
p2count=0
5
totalcount=0
6
buferr=0
7

    
8
bounceall() {
9
/usr/local/etc/rc.d/bgpd.sh stop
10
sleep 1
11
$ipsecpath stop
12
sleep 1
13
$ipsecpath start
14
sleep 3
15
/usr/local/etc/rc.d/bgpd.sh start
16
}
17

    
18
ipsecpath=/usr/local/sbin/ipsec
19

    
20
echo "=== started at `date` ==="
21

    
22
for con in `$ipsecpath status | grep "\[" | sed 's/\[.*//g' | sort | uniq` ; do 
23
echo $con
24
estab=0
25
p2=0
26

    
27
$ipsecpath status $con | grep ESTAB >/dev/null 2>&1 && estab=1
28
$ipsecpath status $con | grep INSTALLED >/dev/null 2>&1 && p2=1
29

    
30
[ $estab -eq 1 ] && { 
31
	echo $con p1 up
32
	estabcount=$(( $estabcount + 1 ))
33
	[ $p2 -eq 0 ] && {
34
	 	echo $con p2 down, restarting
35
                echo stopping $con...
36
		$ipsecpath down $con >/dev/null 2>&1
37
		sleep 1
38
                echo starting $con...
39
		$ipsecpath up $con | grep error | grep "buffer space" >/dev/null 2>&1  && { echo "PF_KEY buffer error while starting $con"; buferr=$(( $buferr + 1 )); }
40
	}
41

    
42
}
43
[ $estab -eq 0 ] && { echo $con p1 down; }
44
[ $p2 -eq 1 ] && { echo $con p2 up; p2count=$(( $p2count + 1 )); }
45
totalcount=$(( $totalcount + 1 ))
46
done
47

    
48
echo
49
echo ===
50
echo estab $estabcount / $totalcount
51
echo p2 $p2count / $totalcount
52
echo buf_err $buferr / $totalcount
53
echo ===
54
echo
55

    
56
[ $totalcount -gt 0 ] && [ $buferr -gt 0 ] && {
57
echo $buferr connections show buffer space errors - bouncing openbgpd and ipsec
58
bounceall
59
exit
60
}
61

    
62
[ $totalcount -gt 0 ] && [ $estabcount -eq 0 ] && {
63
echo no connections have p1 up - bouncing openbgpd and ipsec
64
bounceall
65
exit
66
}
67

    
68
[ $totalcount -gt 0 ] && [ $estabcount -eq $totalcount ] && [ $p2count -eq 0 ] && {
69
echo all connections have p1 up but no connections have p2 up - bouncing openbgpd and ipsec
70
bounceall
71
exit
72
}
73