Scheduled maintenance: Community available only in read-only mode until 6:00 AM (PT)
Established Member
Posts: 1,868
Registered: ‎05-01-2013
Kudos: 389
Solutions: 50

Re: ERLite - Auto Restart VPN


@jeroen_ae92 wrote:

Just run it as:

/config/vpnrestart.script

 So without sudo, just this line. 


Thanks but

 

Travis@Award-SCW:~$ /config/vpnrestart.script
-vbash: /config/vpnrestart.script: /bin/bash^M: bad interpreter: No such file or directory

its there and is executable though

If I am drunk, ill be calm.
If I'm calm, I'll be nice and if I'm nice...
I wont go to hell!
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5481
Solutions: 1656
Contributions: 2

Re: ERLite - Auto Restart VPN

The "^M" in the output would indicate the possibility that the file was edited by some editors (e.g., on Windows platform) which add an extra character at the end of each line and that breaks the "#!" line in scripts. If that's the case, it is possible to fix it by removing the extra characters but it might be easier to start again and use a different editor that doesn't do this.

Established Member
Posts: 1,868
Registered: ‎05-01-2013
Kudos: 389
Solutions: 50

Re: ERLite - Auto Restart VPN

Thanks @UBNT-ancheng I used notepad++ is there somthing else I should be using?

If I am drunk, ill be calm.
If I'm calm, I'll be nice and if I'm nice...
I wont go to hell!
Member
Posts: 135
Registered: ‎06-06-2014
Kudos: 72
Solutions: 5

Re: ERLite - Auto Restart VPN

Notepad is good enough but you have to change the EOL of the file to Unix

see http://stackoverflow.com/questions/16239551/eol-conversion-in-notepad

 

And makesure the encoding is ASCII

Established Member
Posts: 1,868
Registered: ‎05-01-2013
Kudos: 389
Solutions: 50

Re: ERLite - Auto Restart VPN


@hazuki wrote:

Notepad is good enough but you have to change the EOL of the file to Unix

see http://stackoverflow.com/questions/16239551/eol-conversion-in-notepad

 

And makesure the encoding is ASCII


Thank you that worked!

If I am drunk, ill be calm.
If I'm calm, I'll be nice and if I'm nice...
I wont go to hell!
Established Member
Posts: 1,868
Registered: ‎05-01-2013
Kudos: 389
Solutions: 50

Re: ERLite - Auto Restart VPN

This now seems to be working!

Thank you everyone involved

If I am drunk, ill be calm.
If I'm calm, I'll be nice and if I'm nice...
I wont go to hell!
Established Member
Posts: 1,868
Registered: ‎05-01-2013
Kudos: 389
Solutions: 50

Re: ERLite - Auto Restart VPN

@hazuki Thank you!

This is working very well!


 

 

1. create a file "/config/vpncheck.sh" (change IP address and domain according to the settings of your remote erl router)

#!/bin/bash

/bin/ping -c 1 -W 2 10.139.2.10 1>/dev/null 2>&1  

if [ $? -ne 0 ]; then
        echo "Failed"
        /bin/vbash -ic 'clear vpn ipsec-peer remote.example.com'
fi

 

2. make the file executable

sudo chmod +x /config/vpncheck.sh

 

3. EDIT on 16.07.2015 - There are two methods to create a cron job in Edgerouter as below.  The only difference is that the former one will not presist during software upgrade (e.g. upgrade from v1.6 to 1.7) while the latter will. Therefore the latter one is recommended.

 

former one:

create a cron job under root (sudo crontab -e), and change the time parameters if necessary

*/5 * * * * /config/vpncheck.sh

 

latter one:

type the following command in the console, and change the time parameters if necessary

configure
set system task-scheduler task vpncheck executable path /config/vpncheck.sh
set system task-scheduler task vpncheck interval 5m
commit
save
exit

4.Have fun!


 

If I am drunk, ill be calm.
If I'm calm, I'll be nice and if I'm nice...
I wont go to hell!
New Member
Posts: 36
Registered: ‎04-28-2014
Kudos: 7
Solutions: 1

Re: ERLite - Auto Restart VPN

[ Edited ]

I thought I'd share my modification of the DPD workaround.

 

I use multiple ERLs with routed IPSEC VTI (192.168.X.Y/32 routes between them). The below script finds the route to the neighbor, tests it to make sure it's up, and clears vpn if nessisary. The advantage this has is you don't have to manually assign the test ping address/peer relationship in a setup like mine.

#!/bin/bash
# Check for dead site-to-site VPN peers and clear sessions (dead-peer-detection work-around)

PEER_LIST=`ls -1 /opt/vyatta/config/active/vpn/ipsec/site-to-site/peer`
IPSEC_PEER_LIST=`ls -1 /opt/vyatta/config/active/protocols/static/interface-route`

check_peer() {
VTI=`cat /opt/vyatta/config/active/vpn/ipsec/site-to-site/peer/$1/vti/bind/node.val`
	find_route() {
		if [ `ls -1 /opt/vyatta/config/active/protocols/static/interface-route/$1/next-hop-interface` == $VTI ]; then
			arr1=(${1//%/ })
			if ! /bin/ping -c 1 -w 1 "$arr1" &>/dev/null ; then
				echo "$arr1 down, peer $2. Reconnecting"
				/bin/vbash -ic "clear vpn ipsec-peer $2" &>/dev/null
			fi
		fi
	}

	for i in $IPSEC_PEER_LIST; do
		find_route $i $1
	done
}

for i in $PEER_LIST; do
    check_peer $i
done

 

Highlighted
New Member
Posts: 2
Registered: ‎06-23-2017
Kudos: 1

Re: ERLite - Auto Restart VPN

Thanks! This works for USG as well. Just not sure about what happens after a firmware upgrade but we'll see Man Happy for now this is a big help! I'll have to check if the task-scheduler lines are still in de config after a reprovision or I'll probably have to add them to the config.properties for this site on the controller.