#!/bin/bash # This is a script for StrongSWAN's ipsec command to just make it a little more user friendly. # # To create the file (and paste the contents through terminal session) # vim vpn.sh <-- creates the file and opens editor # Press the 'i' key which causes vim to go into INSERT mode for editing. # Paste the contents of this file. Need to include these comments with the /bin/bash at the top. # Press the 'Escape' key to get out of INSERT mode. # Type ':x' to save and exit. ':w' saves without exit ':q' quits without saving # chmod u+x vpn.sh <-- sets user permission to executable for this file. # # In command shells like DOS or UNIX, a command returning error level of 0 means it is successful. TRUE=0 FALSE=1 function main() { local COMMAND=$1 shift if [[ $COMMAND == '' ]]; then echo echo "Commands for this script:" echo " reset Resets named connections listed as parameters." echo echo " status Shows if it detects the named connections listed as parameters as UP or DOWN." echo " Shows status for all connections if none listed." echo echo " monitor Watches the status of a named connection and automatically resets if it goes down." echo echo " list Lists the VPN connection names to use for other commands." echo echo " log Tails the encrypted TCP dump of the named connection." echo elif [[ $COMMAND == 'reset' ]]; then loop reset $* elif [[ $COMMAND == 'status' ]]; then loop status $* elif [[ $COMMAND == 'monitor' ]]; then monitor $* elif [[ $COMMAND == 'list' ]]; then list $* elif [[ $COMMAND == 'log' ]]; then log $* fi } # Use this function as a wrapper for other functions where the list of parameters indicates running it for each one. function loop() { local COMMAND=$1 shift # if we have no parameters, call the command so it can run without the parameters. if [[ $1 == '' ]]; then $COMMAND; fi # call the command for each parameter in the list. for PARAM in $* do $COMMAND $PARAM done } function list() { ipsec status | grep === | awk '{print $2}' | sed 's/://' | sed 's/"//g' | sort | uniq | paste - - } function reset() { local CONN=$1 if [[ $CONN == '' ]]; then echo "VPN Connection name needed."; return; fi ipsec down $CONN; ipsec up $CONN } # returns TRUE (0) if the connection is UP, FALSE (1) if DOWN. function is_up() { local RESULT=`ipsec status $CONN | grep "IPsec SA established"` if [[ $RESULT == '' ]]; then return $FALSE; else return $TRUE; fi } function status_specific() { local CONN=$1 if [[ $CONN == '' ]]; then echo "VPN Connection name needed."; return; fi is_up $CONN local RESULT=$? if [[ $RESULT == $TRUE ]]; then echo "$CONN is UP"; else echo "$CONN is DOWN"; fi } function status_all() { local CONN_LIST=`list` loop status_specific $CONN_LIST } function status() { local CONN=$1 if [[ $CONN == '' ]]; then status_all else status_specific $CONN fi } function log() { local CONN=$1 if [[ $CONN == '' ]]; then echo "VPN Connection name needed."; return; fi echo "espdump -c 1000 --conn $CONN" espdump -c 1000 --conn $CONN # -c option causes it to exit after the number of messages logged. In case # it runs away with a really busy connection. } function monitor() { local CONN=$1 if [[ $CONN == '' ]]; then echo "VPN Connection name needed."; return; fi while [[ $TRUE ]] do is_up $CONN local UP=$? if [[ $UP == $FALSE ]]; then echo "`date` - Detected VPN down. Resetting..." reset $CONN echo "`date` - reset action completed." fi sleep 60 done } # now start running the script by calling main() with all parameters. main $*