Need som help with vpn-ip number order

[octopus]

Need som help/suggestions to get this working.
I use this script to monitor endpoint vpn-ipnumber.
I have two vpn-clients running, 1 and 3 and depending how it starts up I get display 1/ 2 in defferent order.
Also is doesn't matter if I use ovpnc1 or 3 I get same result in both way.
I wan't to use vpnclient-1 always been used/displayed.
Have someone any brilliant sulution?

cantshow1="Can't show vpnroute-ip 1"
cantshow2="Can't show vpnroute-ip 2"
display=$(ip route show table ovpnc1 | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}')
display1=$(echo $display | cut -d' ' -f2)
if [ -z "$display1" ]; then
display1=$cantshow1
fi
echo $display1

display2=$(echo $display | cut -c 1-14)
if [ -z "$display2" ]; then
display2=$cantshow2
fi
echo $display2

octopus@RT-AC68U:/tmp/home/root# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
158.xxx.xxx.1  *               255.255.255.255 UH    0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
10.8.30.0       *               255.255.255.0   U     0      0        0 tun22
192.168.12.0    *               255.255.255.0   U     0      0        0 br0
158.xxx.xxx.0   *               255.255.252.0   U     0      0        0 eth0
10.128.0.0      *               255.255.0.0     U     0      0        0 tun11
10.129.0.0      *               255.255.0.0     U     0      0        0 tun13
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         gw11.A444.priv. 0.0.0.0         UG    0      0        0 eth0

 

[Martineau]

Need som help/suggestions to get this working.
I use this script to monitor endpoint vpn-ipnumber.
I have two vpn-clients running, 1 and 3 and depending how it starts up I get display 1/ 2 in defferent order.
Also is doesn't matter if I use ovpnc1 or 2 I get same result in both way.
I wan't to use vpnclient-1 always been used/displayed.
Have someone any brilliant sulution?

cantshow1="Can't show vpnroute-ip 1"
cantshow2="Can't show vpnroute-ip 2"
display=$(ip route show table ovpnc1 | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}')
display1=$(echo $display | cut -d' ' -f2)
if [ -z "$display1" ]; then
display1=$cantshow1
fi
echo $display1

display2=$(echo $display | cut -c 1-14)
if [ -z "$display2" ]; then
display2=$cantshow2
fi
echo $display2

octopus@RT-AC68U:/tmp/home/root# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
158.xxx.xxx.1  *               255.255.255.255 UH    0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
10.8.30.0       *               255.255.255.0   U     0      0        0 tun22
192.168.12.0    *               255.255.255.0   U     0      0        0 br0
158.xxx.xxx.0   *               255.255.252.0   U     0      0        0 eth0
10.128.0.0      *               255.255.0.0     U     0      0        0 tun11
10.129.0.0      *               255.255.0.0     U     0      0        0 tun13
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         gw11.A444.priv. 0.0.0.0         UG    0      0        0 eth0

Definitely not a "brilliant" solution as you requested, but perhaps my ugly hack meets your main criteria?
e.g. The status of both VPN Client 1 and VPN Client 3 is always displayed in ascending order.

PRIMARY=1;SECONDARY=3;INDEX=$PRIMARY
ACTIVE=$(ip route | sort -k3 | grep -E tun1[${PRIMARY}"|"${SECONDARY}"]" | cut -d" " -f1,3)
if [ -n "$ACTIVE" ];then
   echo "" >/tmp/$$
   echo "$ACTIVE" | while read LINE
      do
         [ -n "$(echo "$LINE" | grep "tun1"$INDEX)" ] && { echo -e "\n\t"$LINE"\n"; echo $INDEX >/tmp/$$; } || { echo -e "\a\n\tCan't show vpnroute-ip" $INDEX"\n"; echo  -e "\t"$LINE"\n"; }
         INDEX=$SECONDARY
      done
      [ "$(cat /tmp/$$)" == "$PRIMARY" ] && echo -e "\n\tCan't show vpnroute-ip $SECONDARY\n"
      rm /tmp/$$ 2>/dev/null
else
   echo -e "\a\n\tCan't show vpnroute-ip $PRIMARY\n\tCan't show vpnroute-ip $SECONDARY\n"
fi

 

[octopus]

Thank you
I have tested and get this answere:

10.128.0.0/16 tun11
10.129.0.0/16 tun13

But it's not what I'm out after.

It's respond from this:

ip route show table ovpnc1 | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'

193.187.91.199
217.64.148.69
Which can come in different order in chain.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
158.xxx.xxx.1  *               255.255.255.255 UH    0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0

 

[Martineau]

Thank you
I have tested and get this answere:

10.128.0.0/16 tun11
10.129.0.0/16 tun13

But it's not what I'm out after.

It's respond from this:

ip route show table ovpnc1 | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'

193.187.91.199
217.64.148.69
Which can come in different order in chain.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
158.xxx.xxx.1  *               255.255.255.255 UH    0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0

OK, just to clarify.

For all of my VPN Clients, I use 'Redirect Internet traffic=Policy Rules (strict)' so the following command you supplied

ip route show table ovpnc? | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'

always returns NULL and there are no 'VPN Client eth0' entries created in the 'route' table.

However, if I set 'Redirect Internet traffic=Policy Rules', then

ip route show table ovpnc? | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'

now produces output.

So it appears that when a VPN Client initialises, a new entry for 'eth0' appears in the 'route' table
e.g. your two VPN Clients are ACTIVE

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0

but there is no way to determine which VPN actually owns the destination Gateway IP address entry above.

i.e. you want to know which VPN Client instance created say entry 193.187.91.199 ?

Is this correct?

 

[octopus]

OK, just to clarify.
i.e. you want to know which VPN Client instance created say entry 193.187.91.199 ?
Is this correct?

Yes, to both. I want to make sure they come in right order every time so I can use one for eg vpn client1.
Strange is when use "ip route show table ovpnc1" it shows both ip-number.
I think if they come in order below it's only display vpnclients1 ip-number by ovpnc1.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
158.xxx.xxx.1  *                255.255.255.255 UH    0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0

 

[octopus]

OK, just to clarify.

For all of my VPN Clients, I use 'Redirect Internet traffic=Policy Rules (strict)' so the following command you supplied

ip route show table ovpnc? | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'

always returns NULL and there are no 'VPN Client eth0' entries created in the 'route' table.

However, if I set 'Redirect Internet traffic=Policy Rules', then

ip route show table ovpnc? | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'

now produces output.

So it appears that when a VPN Client initialises, a new entry for 'eth0' appears in the 'route' table
e.g. your two VPN Clients are ACTIVE

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0

but there is no way to determine which VPN actually owns the destination Gateway IP address entry above.

i.e. you want to know which VPN Client instance created say entry 193.187.91.199 ?

Is this correct?

Hi
I have done some more testing and have some questions.
I detect CN= in vpnclient-1.log and get answer and that is right ip-number. Howe to use nslookup with this "cat" string?

cat /tmp/vpnclient-1.log | grep -E -m 1 "CN=v" | awk -F' ' '{print $9}' | cut -d '=' -f2

vpn20.prd.kista.ovpn.com

Ok got it:

CN="$(cat /tmp/vpnclient-1.log | grep -E -m 1 "CN=v" | awk -F' ' '{print $9}' | cut -d '=' -f2)"; echo $CN

This working:

CN="$(cat /tmp/vpnclient-1.log | grep -E -m 1 "CN=v" | awk -F' ' '{print $9}' | cut -d '=' -f2)"
nslookup "$CN" | grep -woE '([0-9]{1,3}\.){3}[0-9]{1,3}' | awk 'NR>2'

217.xx.xxx.58

Edit: Is't any other way to monitor "CN=" other then vpn-client-log?