From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: WAN Failover Date: Tue, 29 Nov 2016 15:51:10 +0000 Message-ID: <1480434670.13949.82.camel@ipfire.org> In-Reply-To: <009f01d2407d$5f5c4d60$1e14e820$@russellingupfun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4157227497666996591==" List-Id: --===============4157227497666996591== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Jeff, On Wed, 2016-11-16 at 21:50 -0500, Jeffrey S. Russell wrote: > First, I apologize if I am not conforming to any specific processes or > etiquette in this correspondence.=C2=A0 I did look for guidance prior to se= nding > this email, and didn=E2=80=99t find any.=C2=A0 Now, on to the purpose of th= is missive: There isn't much guidelines but common sense and this for the patches: =C2=A0=C2=A0http://wiki.ipfire.org/devel/submit-patches > I have been using IPFire for about 4 years now.=C2=A0 I=E2=80=99m quite imp= ressed with the > platform and its sophistication.=C2=A0 However, I ran into a need for WAN F= ailover, > which was absent in the platform.=C2=A0 After looking for solutions and fin= ding > very little, I became adventurous.=C2=A0 I=E2=80=99m hoping that this can b= e taken as a > contribution to be incorporated into the core platform, though it will like= ly > need a little tweaking.=C2=A0 I created my own WAN Failover solution for IP= Fire, > including a script that checks and verifies the primary connection and > switches to the secondary WAN in the event of a failure.=C2=A0 It continues= to > monitor the primary and switches back once it=E2=80=99s reliably up again.= =C2=A0 > Additionally, I =E2=80=9Chacked=E2=80=9D the integration of configuration p= ages in the Web > GUI.=C2=A0 To be clear, I am not a typically educated programmer, but have = learned > along the way due to various needs I or others have had.=C2=A0 My technique= may be > lacking, so please be gentle.=C2=A0=20 That's okay. We can work on that. However, there is a few reasons why IPFire doesn't support automatic failover. Simply: It never works well. But I can understand the problem that you are trying to solve here and it mak= es sense in the case that your primary connection *entirely* fails. I is not just getting a bit wobbly - it has to cut off completely - which is quite frankly = not the only reason to act and probably not a very common one either. Very often you have a significant amount of packet loss and high latency and those would be reasons to act for me if this should be a highly sophisticated solution. But let's start with the basics and get to that... > J=C2=A0 Here=E2=80=99s what I did: > =C2=A0 > On the IPFire box, I had to do the following: > Add a secondary IP address to the RED interface > Modify the file "/var/ipfire/menu.d/30-network.menu" to include a menu item > for "WAN Failover" > Modify the file "/var/ipfire/langs/en.pl" to include certain language > additions (I didn't know the correct words for the other languages, but cou= ld > research to add) > Create a CGI file for WAN failover, "/srv/web/ipfire/cgi-bin/failover.cgi" > Create a folder for the failover config, "/var/ipfire/failover", and a file= in > the folder, "failover.conf", marking both for owner and group, "nobody:nobo= dy" > Create a script to switch from Primary to Secondary WAN and vice-versa > Add a fcrontab entry to run the script every 5 minutes > To add the secondary IP address, I edited "/etc/rc.d/init.d/networking/red" > and inserted "ip addr add 1.1.1.2/30 dev red0" on line 117. I'm not happy w= ith > specifying the IP address explicitly in this file, but I have not yet delved > deep enough to understand the best way to include this as a variable, > especially given the complexity of this file. My implementation is based on > Ethernet-only, but could be further developed to encompass any RED interface > type. To do this, someone smarter than me would need to make this more > integrated with the IPFire setup. This is, in my mind, the weakest part of = my > implementation. Well, maintaining multiple connections alive that use DHCP is a bit trickier than this. I think focusing on static IPs is okay for now. But what is the reason to use a second IP address? > Here are the entries I added to the /var/ipfire/langs/en.pl: > =C2=A0 > 'Failover' =3D> 'WAN Failover', > 'ping target' =3D> 'Ping Target', > 'primary isp name' =3D> 'Primary ISP Name', > 'secondary isp name' =3D> 'Secondary ISP Name', > =C2=A0 > The CGI file for WAN Failover includes all the required fields for the gate= way > switching script: > Ping Target - This is the IP address that should be used to check for Layer= -3 > connectivity over the Primary WAN. This should always be an IP address, > because DNS resolution failure could cause the script to fail in error. > Gateway - This is the IP address of the Primary WAN gateway, which we disco= ver > from the "/var/ipfire/network/settings" file. > Primary ISP Name - This is just a useful name for the primary, typically the > name of your ISP and is used in the logging. > Secondary ISP Name - Again, a useful name and is relevant in logging. > Source IP - This is the Source IP address to be used to verify connectivity > and should align with the subnet of the primary WAN link gateway. > Mailserver Address - This is the FQDN of the mail server for notifications = of > gateway changes. > Mailserver Port - This is the TCP port the mail server listens on. > Mail Sender - This is the sender email address, which should represent the > IPFire box. > Mail recipient - This is the receiver email address, which should represent > the indivudual that manages the IPFire box, or can be an email address link= ed > to a distribution list for multiple recipients. > Username - This is the mail server username for the IPFire login to email. > Password - This is the mail server password for the IPFire login to email. For this to be merged into the distribution the email address stuff must be replaced by the new(ish) internal mail agent. That should even be better since it is trying to retransmit in case both connections are down. However, this is redundant and nothing is necessary that doesn't exist so far. Targets to ping is always a huge problem. First of all I think the gateway should be connected to. If that is okay, a host on the Internet should be tri= ed. > If I had more time and/or better skills, I would have added an optional > checkbox to enable/disable email notification as well as optional credential > entry. I would also have considered using the "Mailserver" package in IPFire > and its relevant credentials. >=20 > The following is my CGI file for WAN Failover: > #!/usr/bin/perl > ###########################################################################= ### > # > #=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > # IPFire.org - A linux based firewall=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > # Copyright (C) 2007=C2=A0 Michael Tremer & Christian Schmidt=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > # > #=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > # This program is free software: you can redistribute it and/or modify=C2= =A0 =C2=A0 =C2=A0 =C2=A0 > # > # it under the terms of the GNU General Public License as published by=C2= =A0 =C2=A0 =C2=A0 =C2=A0 > # > # the Free Software Foundation, either version 3 of the License, or=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > # (at your option) any later version.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > #=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > # This program is distributed in the hope that it will be useful,=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > # but WITHOUT ANY WARRANTY; without even the implied warranty of=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > # > # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.=C2=A0 See the=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > # GNU General Public License for more details.=C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 > # > #=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > # You should have received a copy of the GNU General Public License=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > # along with this program.=C2=A0 If not, see = .=C2=A0 =C2=A0 =C2=A0 > =C2=A0# > #=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0# > ###########################################################################= ### > # >=20 >=20 > use strict; >=20 > require '/var/ipfire/general-functions.pl'; > require "${General::swroot}/lang.pl"; > require "${General::swroot}/header.pl"; >=20 > my %cgiparams=3D(); > my %mainsettings=3D(); > my %failoversettings=3D(); > my %netsettings=3D(); > my %color=3D(); > my %checked=3D(); > my $errormessage=3D''; >=20 > $cgiparams{'ACTION'} =3D ''; > &Header::getcgihash(\%cgiparams); >=20 > &Header::showhttpheaders(); > &General::readhash("${General::swroot}/main/settings",\%mainsettings); > &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/= inc > lude/colors.txt", \%color); > &General::readhash("${General::swroot}/failover/failover.conf",\%failoverse= tti > ngs); > &General::readhash("${General::swroot}/ethernet/settings",\%netsettings); >=20 > if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") > { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 $failoversettings{'TARGET'} =3D $cgiparams{'TAR= GET'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 $failoversettings{'MAILFROM'} =3D $cgiparams{'M= AILFROM'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 $failoversettings{'MAILTO'} =3D $cgiparams{'MAI= LTO'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 $failoversettings{'PRIMARYISP'} =3D $cgiparams{= 'PRIMARYISP'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 $failoversettings{'SECONDARYISP'} =3D $cgiparam= s{'SECONDARYISP'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 $failoversettings{'MAILSERVER'} =3D $cgiparams{= 'MAILSERVER'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0$failoversettings{'MAILPORT'} =3D $cgipar= ams{'MAILPORT'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 $failoversettings{'MAILUSER'} =3D $cgiparams{'M= AILUSER'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 $failoversettings{'MAILPWD'} =3D $cgiparams{'MA= ILPWD'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 $failoversettings{'GATEWAY'} =3D $cgiparams{'GA= TEWAY'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 $failoversettings{'SOURCEIP'} =3D $cgiparams{'S= OURCEIP'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 &General::writehash("${General::swroot}/failove= r/failover.conf", > \%failoversettings); > =C2=A0 =C2=A0 =C2=A0 =C2=A0 SAVE_ERROR: > } else { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'TARGET'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'TARGET'= } =3D $failoversettings{'TARGET'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'MAILFROM'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'MAILFRO= M'} =3D $failoversettings{'MAILFROM'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'MAILTO'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'MAILTO'= } =3D $failoversettings{'MAILTO'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'PRIMARYISP'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'PRIMARY= ISP'} =3D $failoversettings{'PRIMARYISP'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'SECONDARYISP'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'SECONDA= RYISP'} =3D > $failoversettings{'SECONDARYISP'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'MAILSERVER'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'MAILSER= VER'} =3D $failoversettings{'MAILSERVER'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'MAILPORT'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'MAILPOR= T'} =3D $failoversettings{'MAILPORT'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'MAILUSER'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'MAILUSE= R'} =3D $failoversettings{'MAILUSER'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'MAILPWD'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'MAILPWD= '} =3D $failoversettings{'MAILPWD'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'GATEWAY'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'GATEWAY= '} =3D $failoversettings{'GATEWAY'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } else { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'GATEWAY= '} =3D $netsettings{'DEFAULT_GATEWAY'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ($failoversettings{'SOURCEIP'}) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'SOURCEI= P'} =3D $failoversettings{'SOURCEIP'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } else { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 $cgiparams{'SOURCEI= P'} =3D $netsettings{'RED_ADDRESS'}; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 } > } > &Header::openpage($Lang::tr{'Failover'}, 1, ''); >=20 > print <
> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 >
 $Lang::tr{'ping > target'}: 3D'*'<= input type=3D'text' name=3D'TARGET' > value=3D'$cgiparams{'TARGET'}' />$Lang::tr{'primary isp > name'}: 3D'*'<= input type=3D'text' name=3D'PRIMARYISP' > value=3D'$cgiparams{'PRIMARYISP'}' />
 $Lang::tr{'gateway'}:  src=3D'/blob.gif' alt=3D'*' /><= input type=3D'text' name=3D'GATEWAY' > value=3D'$cgiparams{'GATEWAY'}' />$Lang::tr{'secondary isp > name'}: 3D'*'<= input type=3D'text' name=3D'SECONDARYISP' > value=3D'$cgiparams{'SECONDARYISP'}' />
 <= /td> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Source IP:  src=3D'/blob.gif' alt=3D'*' /><= input type=3D'text' name=3D'SOURCEIP' > value=3D'$cgiparams{'SOURCEIP'}' />
 $Lang::tr{'email > mailaddr'}: 3D'*'<= input type=3D'text' name=3D'MAILSERVER' > value=3D'$cgiparams{'MAILSERVER'}' />$Lang::tr{'email > mailport'}: 3D'*'<= input type=3D'text' name=3D'MAILPORT' > value=3D'$cgiparams{'MAILPORT'}' />
 $Lang::tr{'email > mailsender'}: 3D'*'<= input type=3D'text' name=3D'MAILFROM' > value=3D'$cgiparams{'MAILFROM'}' />$Lang::tr{'email > mailrcpt'}: 3D'*'<= input type=3D'text' name=3D'MAILTO' > value=3D'$cgiparams{'MAILTO'}' />
 $Lang::tr{'email > mailuser'}: 3D'*'<= input type=3D'text' name=3D'MAILUSER' > value=3D'$cgiparams{'MAILUSER'}' />$Lang::tr{'email > mailpass'}: 3D'*'<= input type=3D'password' name=3D'MAILPWD' > value=3D'$cgiparams{'MAILPWD'}' />
> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 >
 <= img src=3D'/blob.gif' alt=3D'*' /> > $Lang::tr{'required field'} name=3D'ACTION' value=3D'$Lang::tr{'save'}' />
> END > ; > &Header::closebox(); > &Header::closebigbox(); > &Header::closepage(); > =C2=A0 > The following is the format of the "failover.conf" file: > =C2=A0 > MAILUSER=3D > GATEWAY=3D > MAILPORT=3D > MAILPWD=3D > TARGET=3D > SOURCEIP=3D > MAILTO=3D > MAILFROM=3D > SECONDARYISP=3D > PRIMARYISP=3D > MAILSERVER=3D > =C2=A0 > The following is the "check-gateway.sh" script: > =C2=A0 > # Script to check on the status of the Primary WAN network and switch to a > Secondary WAN network. > #!/bin/bash >=20 > # Create logfile and send all output to logfile > logfile=3D/var/log/gateway-check.log > exec &> >(tee -a "$logfile") >=20 > # Define variable for a date/time stamp > datetimestamp=3D$(date) >=20 > # Define variable for the source IP to use for the ping source > SRC_IP=3D$(cat /var/ipfire/failover/failover.conf | grep SOURCEIP | cut -d = "=3D" > -f 2) >=20 > # Define variable for Primary Gateway Address > GATEWAY_IP=3D$(cat /var/ipfire/failover/failover.conf | grep GATEWAY | cut = -d > "=3D" -f 2) >=20 > # Define variable for destination MACs > DEST_MAC=3D$(arp -n $GATEWAY_IP | grep $GATEWAY_IP | awk '{print $3}') >=20 > # Define variable for ping target > PING_TARGET=3D$(cat /var/ipfire/failover/failover.conf | grep TARGET | cut = -d > "=3D" -f 2) >=20 > # Define email fields > MAIL_FROM=3D$(cat /var/ipfire/failover/failover.conf | grep MAILFROM | cut = -d > "=3D" -f 2) > MAIL_TO=3D$(cat /var/ipfire/failover/failover.conf | grep MAILTO | cut -d "= =3D" -f > 2) > PRIMARY_ISP=3D$(cat /var/ipfire/failover/failover.conf | grep PRIMARYISP | = cut > -d "=3D" -f 2) > SECONDARY_ISP=3D$(cat /var/ipfire/failover/failover.conf | grep SECONDARYIS= P | > cut -d "=3D" -f 2) > MAIL_SERVER=3D$(cat /var/ipfire/failover/failover.conf | grep MAILSERVER | = cut > -d "=3D" -f 2) > MAIL_PORT=3D$(cat /var/ipfire/failover/failover.conf | grep MAILPORT | cut = -d > "=3D" -f 2) > MAIL_USER=3D$(cat /var/ipfire/failover/failover.conf | grep MAILUSER | cut = -d > "=3D" -f 2) > MAIL_PWD=3D$(cat /var/ipfire/failover/failover.conf | grep MAILPWD | cut -d= "=3D" > -f 2) >=20 > # Beginning bracket for logging results to show the date.time of the event > echo "=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D"$datetimestamp"=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D" >=20 > echo "------------------Parameter Check------------------" > echo "---------------------------------------------------" > echo "Field=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0| Parameter" > echo "___________________________________________________" > echo "Source IP Address=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| "$SRC_IP > echo "Gateway IP Address=C2=A0 =C2=A0 =C2=A0 =C2=A0 | "$GATEWAY_IP > echo "Destination MAC Address=C2=A0 =C2=A0| "$DEST_MAC > echo "Ping Target=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| "= $PING_TARGET > echo "Source email Address=C2=A0 =C2=A0 =C2=A0 | "$MAIL_FROM > echo "Destination email Address | "$MAIL_TO > echo "Primary ISP Name=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | "$PRIMARY_ISP > echo "Secondary ISP Name=C2=A0 =C2=A0 =C2=A0 =C2=A0 | "$SECONDARY_ISP > echo "Mail Server FQDN=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | "$MAIL_SERVER > echo "Mail Server Port=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | "$MAIL_PORT > echo "Mail Server Username=C2=A0 =C2=A0 =C2=A0 | "$MAIL_USER > echo "Mail Server Password=C2=A0 =C2=A0 =C2=A0 | "$MAIL_PWD > echo > # Creating a variable to determine the result of the nping command, which s= end > 5 pings to the ping target, always over my Primary WAN, no matter the defau= lt > gateway > # The command pulls the number of "Lost" pings, which will be a value from 1 > to 5. > result=3D$(nping --icmp --source-ip $SRC_IP --dest-mac $DEST_MAC $PING_TARG= ET | > grep Lost | awk '{print $12}') >=20 > # Creating a variable to determine the default gateway.=C2=A0 The "route" c= ommand > shows the routing table, the "grep" command is pulling the default route li= ne > and the "awk" command is printing the second value on the line. > gateway=3D$(route | grep default | awk '{print $2}') >=20 > # This prints the current gateway and the number of lost pings to the logfi= le. > echo "The current gateway is ("$gateway"), and the number of lost pings is > "$result"." >=20 > # Here, I evaluate the conditions and create an action depending on the > result.=C2=A0 First, I am trying to determine if all pings were lost.=C2=A0= If all pings > are lost, I'm declaring the Primary WAN link to be "dead". > if [ $result -eq 5 ]; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 then > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # Next, knowing tha= t the Primary WAN has failed, I check to > see if the default gateway is over my Primary WAN ("gateway" is the hostnam= e). > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if [ "$gateway" =3D= "gateway" ]; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 then > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # The next line logs that the Primary = WAN link > has failed and we will switch over to Secondary WAN. > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 echo "The $PRIMARY_ISP link has failed= .=C2=A0 > Switching over to the $SECONDARY_ISP link..." > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # The next lines delete the current Pr= imary > WAN gateway, switch to Secondary WAN and show the routing table for > confirmation. > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 route delete default gw gateway > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 route add default gw 1.1.1.1 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 echo "Gateway switched from $PRIMARY_I= SP to > $SECONDARY_ISP.=C2=A0 Following is the routing table:" > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 route > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # The next command sends me an email t= o alert > me that the Primary WAN link is down and we are switching over to Secondary > WAN. > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 echo > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 sendEmail -f $MAIL_FROM -t $MAIL_TO -u > "Gateway Change Alert" -m "The $PRIMARY_ISP link has failed.=C2=A0 Switchin= g over > to $SECONDARY_ISP link." -s $MAIL_SERVER:$MAIL_PORT -xu $MAIL_USER -xp > $MAIL_PWD > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 else > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # Now, again knowing that we failed ov= er > Primary WAN, if the default gateway is Secondary WAN, we don't do anything. > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 echo "$SECONDARY_ISP is the current ac= tive > link.=C2=A0 $PRIMARY_ISP is still down." > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # Since there is nothing we need to do= , we > next exit the shell script. > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 exit > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 fi > =C2=A0 =C2=A0 =C2=A0 =C2=A0 # The next section is based on if the Primary W= AN is operational (i.e. > less than 5 lost pings) > =C2=A0 =C2=A0 =C2=A0 =C2=A0 else > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # Knowing that the = Primary WAN link is viable, we now evaluate > if we are using the Secondary WAN link (1.1.1.1 is the gateway when using > Secondary WAN). > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if [ "$gateway" =3D= "1.1.1.1" ]; > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 then > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # The next line logs that the Primary = WAN is > operational and we will switch back to Primary WAN from Secondary WAN. > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 echo "The $PRIMARY_ISP link is now > operational.=C2=A0 Switching over to the $PRIMARY_ISP link." > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # The next lines delete the current Se= condary > WAN gateway, switch to Primary WAN and show the routing table for > verification. > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 route delete default gw 1.1.1.1 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 route add default gw gateway > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 echo "Gateway switched from $SECONDARY= _ISP to > $PRIMARY_ISP.=C2=A0 Following is the routing table:" > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 route > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # The next command sends me an email t= o alert > me that the Primary WAN link is up and we are switching back to the Primary > WAN. > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 echo > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 sendEmail -f $MAIL_FROM -t $MAIL_TO -u > "Gateway Change Alert" -m "The $PRIMARY_ISP link is now operational.=C2=A0 > Switching back to the $PRIMARY_ISP link." -s $MAIL_SERVER:$MAIL_PORT -xu > $MAIL_USER -xp $MAIL_PWD > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 else > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # Now, again knowing that the Primary = WAN is > operational, if the default gateway is already the cable mode, then we don't > do anything. > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 echo "The $PRIMARY_ISP link is operati= onal and > $PRIMARY_ISP is the current active link." > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 fi > fi > # We end the logging with the same date/time stamp to indicate that this is > the end of this iteration of the scrupt run. > echo "=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D"$datetimestamp"=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D" > =C2=A0 > Finally, the following is the addition to fcrontab for the 5-minute interval > run of the script: > =C2=A0 > # Check the gateway connection every 15 minutes, if down, switch gateway to > Verizon backup > */5 * * * *=C2=A0 =C2=A0 =C2=A0/root/check-gateway.sh Not sure if this is "often enough", but probably better than nothing :) Do you have this in a git branch or something? It is a bit hard to read the c= ode in this email. > The script is currently stored in /root/, but that is just in my > implementation while I am ignorant of the proper location of such a script. /usr/sbin probably. > So, that's it! I'm open to thoughts or suggestions, but I'm currently at my > limit of capability. I'd love to see this get added as an option in the > initial setup, or packaged into an addon. I've seen numerous requests for t= his > kind of feature, so I did this to get something functional in place. If the= re > are any resources that can help me develop this into an official add-on, I'd > love to see it so this can be available to the community. This would probably be a part of the core package since it is modifying the network scripts. Hope my feedback helps a little and we can work on this. Best, -Michael > =C2=A0 > Thank you! > =C2=A0 > Jeff Russell --===============4157227497666996591== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSllQYVB2QUFvSkVJQjU4UDl2a0FrSGdla1AvajcycGlkQ3VGYjMrRmVEUDhEYUZySW8K WkdxZGlIeTBpeTRIYUdVbUNPM0JpUXdiUUg4Ly9MOFF0TEpreDZLRjRreWc5dEZpQzFtL1FMTFRi RW1HWm1QQgpUZDFDM0tueDdyRWIvSWpLTUk3N3YzMGJqdkMzUmNTamM0ZmNNOGZKaE4wTitPSHpw MWpxOE82R2gwVVlVcFVBCjJwNHpmRFFZWFBTblBkRW5qOFlwQjk2QjVZd2RWSnZCWElONDN6ZUM1 S1BzdVhSb3dlMzVuYW01WDI1a0ticDcKZHZBUEdKTkRlUjA0aDFWT3E0WWovWVE2clpUTjZUa05D NDdLY0FIZStNME9zSUU0dWFLTFQ1R3lGKzFLc2FmTApQYlJyVWpWTXo3eVBCQm5DNFRRL0xUN1dO YVRNODhqNmpjK29MUSttaEZER2IycEp4SDhWY1RNLzhBRFFvYVNSCnBSa3NENWMyMWNmSENabjA3 d2hJbmZsNWV6UFFPeWJPVmNBTEY2UW9NbnM1UE5YaGlxcXJlUTk1bXhqTXJJSisKNGFSd3A5Tk5a SWZobW1QdUhYcm9OSDhqU3A2TDQzUVJZMFhrMURrV3NyWlhnZWhRYUw0Z1BwczhTMmIyMVlaZQpi UzM4WmEvais1YkVVcWU4T05vOEtKZkF4dDJIdCtBdER6dWp4UmZzZ0JVT2l2Z0V2aDhMekVrZjA4 c2l0UlNLCnNDMUpaQ09DczBxRnprOTZ6aDRaQjVjYUQ5aEJZV1JkOUw1MmZjdE9ITHRDVHFtdzBm K2w3NkFmVFpKMkJxT3oKcnFVTzc2RktLVjF3cHFVOU1ZMWR6Q2k5d1o2NmRQMnR5N0FEN2c1KzF0 cGZINEFyRElZdFRsRmhkUzlRRUpqSAo4eWlvZ1BPd3hJb3drNVdGbWFyUwo9TVMyQwotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============4157227497666996591==--