This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via bb893dcd86744a5167d92529d4a7e3c0fb29d9d8 (commit) from b18bad8a194459493ccafefa25698168cda553d3 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit bb893dcd86744a5167d92529d4a7e3c0fb29d9d8 Author: Christian Schmidt maniacikarus@ipfire.org Date: Fri Jan 21 17:52:32 2011 +0100
Fixed several bugs in vpn-watch script.
The counter was pending between 0 and 1 and not going up to 9.
If ipsec whack is returning and empty page we do not need to check if the remoteip has changed because the tunnel is not up.
If ipsec is restarted the counter can be reset.
All these facts causes that on low powered system the tunnels are intable if you have a lot of them. But we need to check if the convergation timer is okay because with these bugs the tunnels were minutly restarted and with correct handling after 10.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/45/filelists/files | 3 ++- config/rootfiles/core/45/update.sh | 4 ++++ src/scripts/vpn-watch | 15 ++++++++++----- 3 files changed, 16 insertions(+), 6 deletions(-)
Difference in files: diff --git a/config/rootfiles/core/45/filelists/files b/config/rootfiles/core/45/filelists/files index 8df8185..4d88e23 100644 --- a/config/rootfiles/core/45/filelists/files +++ b/config/rootfiles/core/45/filelists/files @@ -7,4 +7,5 @@ srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi usr/sbin/updxlrator var/ipfire/outgoing/bin/outgoingfw.pl -srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat \ No newline at end of file +srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat +usr/local/bin/vpn-watch \ No newline at end of file diff --git a/config/rootfiles/core/45/update.sh b/config/rootfiles/core/45/update.sh index 03c6cfb..d227791 100644 --- a/config/rootfiles/core/45/update.sh +++ b/config/rootfiles/core/45/update.sh @@ -28,6 +28,8 @@ #Stop services echo Stopping Proxy /etc/init.d/squid stop 2>/dev/null +echo Stopping vpn-watch +killall vpn-watch
# #Extract files @@ -39,6 +41,8 @@ echo Starting Proxy /etc/init.d/squid start 2>/dev/null echo Rewriting Outgoing FW Rules /var/ipfire/outgoing/bin/outgoingfw.pl +echo Starting vpn-watch +/usr/local/bin/vpn-watch &
# #Update Language cache diff --git a/src/scripts/vpn-watch b/src/scripts/vpn-watch index 0c5f62d..32a8549 100755 --- a/src/scripts/vpn-watch +++ b/src/scripts/vpn-watch @@ -1,6 +1,6 @@ #!/usr/bin/perl ################################################## -##### VPN-Watch.pl Version 0.5 ##### +##### VPN-Watch.pl Version 0.6 ##### ################################################## # # # VPN-Watch is part of the IPFire Firewall # @@ -32,7 +32,7 @@ while ( $i == 0){ $round++;
# Reset roundcounter after 10 min. To do established check. - if ($round > 9) { $round=0 } + if ($round > 9) { $round==0 }
if (open(FILE, "<${General::swroot}/vpn/config")) { @vpnsettings = <FILE>; close(FILE); @@ -55,17 +55,22 @@ foreach (@vpnsettings){ my $remoteip = `/usr/bin/ping -c 1 $remotehostname 2>/dev/null | head -n1 | awk '{print $3}' | tr -d '()' | tr -d ':'`;chomp($remoteip); if ($remoteip eq ""){next;if ($debug){logger("Unable to resolve $remotehostname.");}} my $ipmatch= `echo "$status" | grep '$remoteip' | grep '$settings[2]'`; - my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`; + my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`;
- if ( $ipmatch eq '' ){ + if ( $ipmatch eq '' && $status ne ''){ logger("Remote IP for host $remotehostname($remoteip) has changed, restarting ipsec."); system("/usr/local/bin/ipsecctrl S $settings[0]"); + $round=0; last; #all connections will reloaded #remove this if ipsecctrl can restart single con again } - if ( ($round = 0) && ($established eq '')) { + + if ($debug){logger("Round=".$round." and established=".$established);} + + if ( ($round == 0) && ($established eq '')) { logger("Connection to $remotehostname($remoteip) not erouted, restarting ipsec."); system("/usr/local/bin/ipsecctrl S $settings[0]"); + $round=0; last; #all connections will reloaded #remove this if ipsecctrl can restart single con again
hooks/post-receive -- IPFire 2.x development tree