CRON doesn't run my script

k23ahnka

I have the following script:

it reconnects a vpn connection.

#!/usr/bin/env bash
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin/
_scriptname="pfsense-vpnreset"
set -u
set -e

function printusage
{
cat - >&2 <<EOF

Description:
  Resets a pfSense VPN client connection

Usage: ${_scriptname} <host> <vpnname>
  host: The name of the pfSense host. Consider using an IP address here if DNS depends on the VPN
  vpnname: The name of the VPN connection, as shown in the web interface "OpenVPN: Client" description field.
		   The description field is also used to find IPSec connections.   
		   You can put the vpnname in quotes if you need spaces.

EOF
}

if (($# != 2)); then
	printusage
	exit $(($# == 0 ? 0 : 1))
fi

host=$1
shift
vpnname=$1
shift

script=$(
	sed "s/<VPNNAME>/${vpnname}/g" <<-"EOF"
		<?php
			# Preload
			require_once('service-utils.inc');
			require_once("ipsec.inc");

			# Init
			function fubar($reason) {print $reason . "\n"; exit(1);}
			$xml=simplexml_load_file("/cf/conf/config.xml") or fubar("Error: Cannot load config.xml");
			$found = false;

			# IPsec
			foreach($xml->ipsec->{'phase1'} as $vpn) {
				$desc = html_entity_decode((string)$vpn->descr);
				print "Found IPsec: $desc\n";
				if (strcasecmp($desc, "VPN_LINK") != 0) continue;
				if ($found) print "Warning: Multiple matching VPN connections\n";
				$found = true;
				print "Restarting VPN with ID " . $vpn->ikeid . "\n";

				# code from /usr/local/www/status_ipsec.php ("ikedisconnect")
				$_GET = array(ikeid => $vpn->ikeid . "000"); # wtf is up with the zeroes?
				mwexec_bg("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));

				# code from /usr/local/www/status_ipsec.php ("connect")
				$_GET = array(ikeid => $vpn->ikeid);
				$ph1ent = ipsec_get_phase1($_GET['ikeid']);
				if (!empty($ph1ent)) {
					if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == 'ikev1' || isset($ph1ent['splitconn'])) {
						$ph2entries = ipsec_get_number_of_phase2($_GET['ikeid']);
						for ($i = 0; $i < $ph2entries; $i++) {
							$connid = escapeshellarg("con{$_GET['ikeid']}00{$i}");
							mwexec_bg("/usr/local/sbin/ipsec down {$connid}");
							mwexec_bg("/usr/local/sbin/ipsec up {$connid}");
						}
					} else {
						mwexec_bg("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
						mwexec_bg("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid']));
					}
				}
			}

			# The End
			if (!$found) fubar("Error: No VPN with the name '<VPNNAME>'");
		?>
	EOF
)

ssh "$host" /usr/local/bin/php -q <<<"$script"

when i run it in the ssh command line :

 /usr/local/bin/php -q /usr/local/bin/pfsense-vpnreset

it runs without an issue.

However when I create

• • • • • root php /usr/local/bin/pfsense-vpnreset

nothing happens. my other cron jobs for dyndns.updates work without an issue.

what am i doing wrong?

i already tried:

chmod +rx /usr/local/bin/pfsense-vpnreset 
chmod a+x /usr/local/bin/pfsense-vpnreset 
chmod 755 /usr/local/bin/pfsense-vpnreset

without success.

Also tried /usr/local/bin/php -q /usr/local/bin/pfsense-vpnreset as the command in cron job, also without success. what am i doing wrong?

jimp

Use the full path to PHP in the cron definition as you did on the CLI when testing it.

k23ahnka

@jimp
Sorry I didn't mention that I had done that already

jimp

Actually I'm a bit blind apparently. The shell script you posted above is not PHP. It's just a plain shell script. I'm surprised that worked in the command prompt if you ran it through PHP.

Just run it on its own without the extra PHP stuff in front of it.

k23ahnka

@jimp

Thanks for your reply. but when i run it with just /usr/local/bin/pfsense-vpnreset it's not working via cron. and when i run it as /usr/local/bin/pfsense-vpnreset in the console, it gives me 'function: not found' error.

when i use bash infront so bash /usr/local/bin/pfsense-vpnreset, in the console, it throws _scriptname: unbound variable.

something tells me it does need the php infront of it. or i need to do modifications in my script?

jimp

pfSense does not include the bash shell by default. If that isn't a plain sh script, then you have to install bash and explicitly run it through bash. For example, pkg install -y bash and then change the shabang line to #!/usr/local/bin/bash.

k23ahnka

This post is deleted!