Script to Restart OpenVPN Client if it goes down.

[Rick Jesse]

Thought this might be useful for someone. Need OPKG installed to get the SNMP utils. I run this script in Crontab every 10 min. So far it is working pretty good. I found 2 scenarios for when the VPN client stops working.

1) Tunnel is hard down, interface status = down
2) Tunnel is up but traffic is not increment

----vpnstatus.sh script below----
#Make sure Network is Alive
ping 8.8.8.8 -c 5 -q > /dev/null

# Find SNMP if for tunnel
ifdescriptor=`snmpwalk -c <snmppass> -v 2c localhost | grep "tun" | tail -1 | cut -d"." -f2 | cut -d " " -f1`

echo -n `date`
echo -n " | $ifdescriptor | "

#Find operational state of Tunnel

operstat=`snmpget -c <snmppass> -v 2c localhost IF-MIB::ifOperStatus.$ifdescriptor | cut -d ":" -f4`
adminstat=`snmpget -c <snmppass> -v 2c localhost .ifAdminStatus.$ifdescriptor | cut -d ":" -f4`

echo -n "$operstat | "
echo -n "$adminstat | "

#Get traffic numbers for Tunnel
ifin=`snmpget -c <snmppass> -v 2c localhost .ifInOctets.$ifdescriptor | cut -d ":" -f4`
ifout=`snmpget -c <snmppass> -v 2c localhost .ifOutOctets.$ifdescriptor | cut -d ":" -f4`

echo -n "$ifin | "
echo -n "$ifout | "

# If Tunnel is Down, Restart, if Up check if traffic is stalled
if [ $operstat = "up(1)" ]; then
echo -n "VPN UP | "
cd /jffs/scripts/
cp ifoctets.2 ifoctets.3
cp ifoctets.1 ifoctets.2
echo -n "$ifin" > ifoctets.1
ifin2=`cat ifoctets.2`
ifin3=`cat ifoctets.3`
if [ "$ifin" = "$ifin2" ] && [ "$ifin2" = "$ifin3" ]; then
echo " Same: $ifin->$ifin2->$ifin3"
echo " Restarting client1"
service restart_vpnclient1
tail -q -n -6 /jffs/scripts/mail.header /jffs/scripts/checkvpnstatus.log | /usr/sbin/sendmail -S <smtpserver> -f <fromaddress> <toaddress>
tail -q -n -25 /jffs/scripts/mail.header /jffs/syslog.log | /usr/sbin/sendmail -S <smtpserver> -f <fromaddress> <toaddress>
else
echo "Different: $ifin->$ifin2->$ifin3"
fi
else
echo -n "VPN DOWN | "
echo "Restarting client1"
service restart_vpnclient1
tail -q -n -6 /jffs/scripts/mail.header /jffs/scripts/checkvpnstatus.log | /usr/sbin/sendmail -S <smtpserver> -f <fromaddress> <toaddress>
tail -q -n -25 /jffs/scripts/mail.header /jffs/syslog.log | /usr/sbin/sendmail -S <smtpserver> -f <fromaddress> <toaddress>
fi

 

[RMerlin]

Why not set "Poll Interval" and "Connection Retry" on the webui? Poll Interval actually sets up a cron job (tho I never tested it myself, that code was ported from its original Tomato implementation).

 

[Rick Jesse]

They didn't seem to work for me, was easier to write a script that way I get notified as well

 

[amplatfus]

Hi,

I have found this old post. I have AC88U powerd by latest Asus Melin 384.11_2.
Please, what password should I put in snmppass?

Thank you!