Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using Cron to stap and restart IPSEC service

    Scheduled Pinned Locked Moved IPsec
    16 Posts 3 Posters 20.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      You can use the script on this topic with few modifications.

      http://forum.pfsense.org/index.php/topic,42025.0.html

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • B
        bwstu
        last edited by

        Thanks for that,

        Is there no simple command I can use to disable IPSEC, then enable again? Just thought that there would be as there is a "Stop/Start/Restart button in the GUI that I can click if I want to do it manually.

        I am much more familiar with Windows scripts, and not these php ones, any idea which parts I need to modify?

        Ideally, I'd like 2 scripts, one to stop, and then a separate one to start again.

        Sorry to bug you but I am just not familiar with the non gui stuff in pfSense.

        Thanks again for your patience!
        Stu

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          Run the script with an ip address as argument.

          When script sucessfull pings an ip, the action is disable IPSec.

          When Ping fails, IPSec is enabled.

          The first goal of this script was to establish VPN when private link fails.
          This is not a patch, just a workaround.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • B
            bwstu
            last edited by

            Hi again,

            Sorry, I am not sure what to adjust, and how to split it into the two files that I would need.

            I will keep on searching the forums and see if anyone else has had similar requirements.

            Thanks,
            Stu

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              As I told you on last post, there is no need to edit the script.

              Here is an example:

              192.168.1.1 exist in your network
              192.168.1.50 Does not exist.

              To enable my IPSec I run at console or via cron

              Php -q /var/www/check_IPSec.php 192.168.1.50

              To disable

              Php -q /var/www/check_IPSec.php 192.168.1.1

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • B
                bwstu
                last edited by

                OK, sorry, I didn't quite understand. I thought I had to edit the script and insert the IP addresses there.

                Thanks very much for clearing that up. I will try it tonight when everyone has logged off their systems.

                1 Reply Last reply Reply Quote 0
                • B
                  bwstu
                  last edited by

                  Hello again!

                  I have finally had a chance to try and implement this before the holidays.

                  I can successfully run these commands via the shell:

                  php -q /root/PHPipsec.php 192.168.200.250 (This stops IPSEC as IP does ping)
                  php -q /root/PHPipsec.php 192.168.200.251 (This starts IPSEC as IP does not ping)

                  I am unable to schedule via Cron though, nothing seems to happen, I have setup my Cron task like this:

                  16  / 9  / * / * / * / root / php -q /root/PHPipsec.php 192.168.200.250
                  18  / 9  / * / * / * / root / php -q /root/PHPipsec.php 192.168.200.251

                  Could anyone assist with why this is running in teh shell, but not via cron? I really don't feel like restarting the ipsec service manually every day for the next 3 weeks while I am on leave :)

                  Thanks very much!
                  Stu

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    Use php full path.

                    Find it with find / -name php

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • B
                      bwstu
                      last edited by

                      Hi,

                      I ran that from the shell. I get this:

                      [2.0-RELEASE][root@testpfsense.testlocaldomain]/root(4): find / -PHPipsec php
                      find: -PHPipsec: unknown option

                      Am I typing something wrong?

                      1 Reply Last reply Reply Quote 0
                      • B
                        bwstu
                        last edited by

                        Update -

                        I typed it in correctly and get this as a result:

                        [2.0-RELEASE][root@testpfsense.testlocaldomain]/root(7): find / -name PHPipsec.php
                        /root/PHPipsec.php

                        That is what I am using in my Cron job though. Should I try move it out of the root folder? Maybe Cron doesn't like running the script from there?

                        Thanks again!
                        Stu

                        1 Reply Last reply Reply Quote 0
                        • B
                          bwstu
                          last edited by

                          No, that didn't do it…

                          My task now looks like this, but still didn't work:

                          51 9 * * * root php -q /sbin/PHPipsec.php 192.168.200.250

                          Still, when I copy and past into my SSH session to the shell. It works perfectly.

                          So frustrating.

                          Stu

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            use this way in cron:

                            0 4 * * * root /usr/local/bin/php -q /sbin/PHPipsec.php

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • B
                              bwstu
                              last edited by

                              Thanks you very much, that did it! I can now go on holiday and not have to manually restart Racoon every night/morning.

                              Merry Christmas and Happy new year!

                              Thanks again, that's awesome.
                              Stu

                              1 Reply Last reply Reply Quote 0
                              • K
                                katdrvr
                                last edited by

                                I would like to try to use this method to restart my ipsec vpn since it seems to quit working after 4 or 5 hours.

                                When I do; find / -name PHPipsec.php I get nothing, it would appear that I don't have this on my install (pfsense 2.0.1-RELEASE (amd64) ). I can stop and start racoon from the "Status:Services" page.

                                Any help would be very appreciated.

                                Thanks in advance

                                Mike

                                1 Reply Last reply Reply Quote 0
                                • marcellocM
                                  marcelloc
                                  last edited by

                                  The second post of this thread shows the link to script thread.

                                  @marcelloc:

                                  You can use the script on this topic with few modifications.

                                  http://forum.pfsense.org/index.php/topic,42025.0.html

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.