On Wed, 09 Dec 2015 21:52:35 -0800, Marek Novotny wrote:
> The difference here is that this will no longer act as a polling process
> where it tells you every few minutes, or seconds that the link is up or
> down. Instead it watches the link and only tells you if the status of
> the link has changed. If it has not changed, you see nothing. But if
> tun0 even hickups for a second, this will detect it, and kill apps. If
> tun0 restores itself, it will detect that too, and instantly update.
Hi Marek,
Here is the first pass results on the first test for a few minutes
SUMMARY:
A. I ran your vpnchecker.sh script in a directory full of *ovpn files
B. Once I was on a good vpn, I ran your vpnstatus.sh in another window
C. I started firefox
D. I started pan using a reverse of your tbird.sh script
(which only allows pan to start when on VPN)
E. Then, I aborted the VPN session with a control+c
F. This immediately killed pan & firefox (woohoo! it worked!)
G. It did not kill the WiFi connection (I gotta think if that matters or not)
H. The vpnchecker.sh script asked if the openvpn task was successful
I. I said Yes and the vpnchecker.sh moved on to the next ovpn file
J. Once I was back on VPN, the vpnstatus.sh kicked in anew!
DETAILS:
1. I changed into a directory full of vpn scripts and started the
reverse vpnchecker script, which does the following:
a. It starts "openvpn --config the-next-ovpn-file.ovpn"
b. If that works, I go about my business (e.g., torrent or whatever)
c. If that fails, the vpnchecker asks "Was that successful?"
d. If I say "No", the vpnchecker moves the ovpn file somewhere else
e. And then the vpnchecker starts openvpn on the next *.ovpn file
f. If I say "Yes", the vpnchecker keeps the *.ovpn file, and
g. It moves on to the next *ovpen file to run openvpn on.
2. Once a vpn session starts, in another terminal, I run vpnstatus.sh
a. vpnstatus.sh version 2.5 has a process list of the following:
processList=("transmission" "transmission-gtk" "firefox" "pan")
b. vpnstatus.sh v2.5 reports:
VPN status: on - tun0: 10.211.1.17
3. Then I control+c in the vpnchecker terminal window.
a. Immediately, I get the output in the vpnchecker.sh terminal window:
CONTROL+C
Wed Dec 9 23:54:10 2015 event_wait : Interrupted system call (code=4)
Wed Dec 9 23:54:10 2015 /sbin/ip route del
60.239.82.237/32
Wed Dec 9 23:54:10 2015 /sbin/ip route del
0.0.0.0/1
Wed Dec 9 23:54:10 2015 /sbin/ip route del
128.0.0.0/1
Wed Dec 9 23:54:10 2015 Closing TUN/TAP interface
Wed Dec 9 23:54:10 2015 /sbin/ip addr del dev tun0 local 10.211.1.17 peer 10.211.1.18
Wed Dec 9 23:54:10 2015 SIGINT[hard,] received, process exiting
Was that successful?
4. I notice immediately the following in the vpnstatus.sh terminal window:
VPN status: on - tun0: 10.211.1.17
VPN status: off - wlan0: 192.168.1.28
Terminating apps...
firefox is running...
Terminating firefox...
firefox terminated...
pan is running...
Terminating pan...
pan terminated...
5. Now, I go back to the vpnchecker window, and I type either "Y" or "N".
a. The vpnchecker script goes back to running the next ovpn config file
b. If that config file fails, I simply type "No" to the success question.
c. And the checker kicks the bad *ovpn config file out of that directory.
d. If that ovpn config file works, I'm back on VPN ...
Was that successful?
y <===== I hit Yes because I had control+c out of a good config file
Was that successful?
n <===== the next ovpn file was bad, so, the script kicked it out
Wed Dec 9 23:56:43 2015 /sbin/ip route add
24.154.231.149/32 via 192.168.1.1
Wed Dec 9 23:50:56 2015 /sbin/ip route add
0.0.0.0/1 via 10.211.1.22
Wed Dec 9 23:50:56 2015 /sbin/ip route add
128.0.0.0/1 via 10.211.1.22
Wed Dec 9 23:50:56 2015 Initialization Sequence Completed
e. So now I'm back on a good *ovpn file.
6. Looking back to the still-running vpnchecker.sh window, I see it's back
in business!
a. VPN status: on - tun0: 10.211.1.21
Woo hooo! This is nice! Clever. Pretty. Elegant.
The only thing it doesn't do is kill the WiFi connection; but, if the apps
are actually killed fast enough, I wonder if I still need to shut the WiFi
NIC down?
As noted by BitTwister, it was a hole that I had to put ifconfig in the
sudoers.d directory just to shut down the WiFi NIC from the old script:
bannon laptop1 = (root) NOPASSWD: /sbin/ifconfig
This is the command in the old vpnstatus.sh that shut down the wlan0 NIC: