-
Notifications
You must be signed in to change notification settings - Fork 57
/
check_ipsec
executable file
·58 lines (47 loc) · 1.24 KB
/
check_ipsec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/bin/bash
# Check for phase 1 and 2 connection of a specific IPsec tunnel
#
# Author: Dave Simons <[email protected]>
# helper functions
die () {
RETVAL=$1
shift
echo $@
exit $RETVAL
}
help () {
cat <<EOF
Usage: $0 -t <TUNNEL_ID> [-n <NUMBER OF CONNECTIONS>]
Options:
-h display this help and exit
-n set desired number of connections
-t set tunnel id
Exit status:
0 if OK
1 if minor errors occured
2 if critical errors occured
3 if status unknown
EOF
exit 0
}
# Default values
NO_CONN='2'
# Parse command line switches
while getopts "hn:t:" OPTS; do
case "$OPTS" in
h) help ;;
n) NO_CONN="$OPTARG" ;;
t) TUNN_ID="$OPTARG" ;;
esac
done
# Validate input
[[ -z "$TUNN_ID" ]] && die 2 "[ERROR] No tunnel id specified"
# Check config files
TUNN_CFG=$(grep -r "conn $TUNN_ID" /etc/ipsec.d/*.conf)
[ -z "$TUNN_CFG" ] && die 1 "[ERROR] No configuration found for tunnel id '${TUNN_ID}'"
# Check connection status
CONNECTIONS=$(ipsec whack --status|awk '/newest IPSEC/{ print $3 }')
CNT_CONN=$(echo -e $CONNECTIONS|grep -o "$TUNN_ID"|wc -l)
[[ "x${CNT_CONN}" != "x${NO_CONN}" ]] && die 2 "[ERROR] Connection with id '${TUNN_ID}' is down"
# exit through the door
die 0 "[OK] Connection with id '${TUNN_ID} is up"