Use Ipsec as a backup route
-
There is something already done to use ipsec as a backup route? When private links fails, establish ipsec using internet.
If so, how to enable it on pfsense2?
If not, this is the first try on doing it by crontab + php script.
Current stage is betarequire_once("util.inc"); require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("globals.inc"); require_once("filter.inc"); require_once("shaper.inc"); require_once("ipsec.inc"); require_once("vpn.inc"); $ipsec=$config['ipsec']; $host=array_pop($argv); if (! is_ipaddr($host)){ print "invalid ip address!\n"; exit(1); } array_shift($argv); $args=implode(" ", $argv); exec("/sbin/ping -c 1 -t 1 $args $host",$ret,$exit1); if ($exit1 == 0) exec("/sbin/ping -c 1 -t 1 $args $host",$ret,$exit2); if ($exit2 == 0) exec("/sbin/ping -c 1 -t 1 $args $host",$ret,$exit3); $exit = ($exit1 + $exit2 + $exit3); if ($exit == 0){ #link online if (array_key_exists("enable",$ipsec)){ print "link online, disabling ipsec\n"; unset ($config['ipsec']['enable']); write_config(); vpn_ipsec_configure(); vpn_ipsec_refresh_policies(); filter_configure(); } else print "link online\n"; } else{ if (! array_key_exists("enable",$ipsec)){ print "link offline, enabling ipsec\n"; $config['ipsec']['enable']=""; write_config(); vpn_ipsec_configure(); vpn_ipsec_refresh_policies(); filter_configure(); } else print "link offline\n"; } ?>save it on /var/www/checklink.php and run it at cron. Pass any icmp args and the host you want to check as last argument.
sample: php -q /var/www/checklink.php -s 172.16.5.6 172.16.2.7 (if 172.16.2.7 ping fails, then ipsec will be enabled)
Thanks for any help on answering or testing
att,
Marcello Coutinho
