Auto DHCP on WAN not working when ISP WAN DCHP renews on PFsense 2.1

twp01

All,
  I kept having issues with PFsense 2.1 when my ISP would renew the DHCP WAN IP of the my cable modem. The only way I was finding to correct this was rebooting the Pfsense machine when this would happen weekly. I was exploring other options and came across the shell script in the following link (https://forum.pfsense.org/index.php?topic=51786.0). I implemented the script as described and uncommented the ping lines to see if the log file would generate when the crontabs packaged had it scheduled, but it seemed to not be running. Then I tried to trigger it from the command line and got the following error output.

_sh -n -v /usr/local/bin/pingtest.sh
#!/bin/sh

#=====================================================================

pingtest.sh, v1.0.1

Created 2009 by Bennett Lee

Released to public domain

(1) Attempts to ping several hosts to test connectivity.  After

#    first successful ping, script exits.

(2) If all pings fail, resets interface and retries all pings.

(3) If all pings fail again after reset, then reboots pfSense.

History

1.0.1  Added delay to ensure interface resets (thx ktims).

1.0.0  Initial release.

#=====================================================================

#=====================================================================

USER SETTINGS

Set multiple ping targets separated by space.  Include numeric IPs

(e.g., remote office, ISP gateway, etc.) for DNS issues which

reboot will not correct.

ALLDEST="google.com yahoo.com 24.93.40.36 24.93.40.37"

Interface to reset, usually your WAN

BOUNCE=em0

Log file

LOGFILE=/root/pingtest.log
#=====================================================================

COUNT=1
while [ $COUNT -le 2 ]
do

for DEST in $ALLDEST
        do
/usr/local/bin/pingtest.sh: 36: Syntax error: word unexpected_

I do not understand why it is throwing this error based on the research I have done.

When I run the same test with the OOB ping_host.sh shell script it executes fine as far as syntax with an exit code of 0. See below.  Any help or suggestion on how to fix this or what I may be doing wrong would be greatly appreciated.

_sh -n -v /usr/local/bin/ping_hosts.sh
#!/bin/sh

pfSense ping helper

written by Scott Ullrich

(C)2006 Scott Ullrich

All rights reserved.

Format of file should be deliminted by |

#  Field 1:  Source ip
#  Field 2:  Destination ip
#  Field 3:  Ping count
#  Field 4:  Script to run when service is down
#  Field 5:  Script to run once service is restored
#  Field 6:  Ping time threshold
#  Field 7:  Wan ping time threshold
#  Field 8:  Address family

Read in ipsec ping hosts and check the CARP status

if [ -f /var/db/ipsecpinghosts ]; then
        IPSECHOSTS="/var/db/ipsecpinghosts"
        CURRENTIPSECHOSTS="/var/db/currentipsecpinghosts"
        IFVPNSTATE=ifconfig $IFVPN | grep "carp: BACKUP vhid" | wc -l
        if [ $IFVPNSTATE -gt 1 ]; then
                echo -e "CARP interface in BACKUP (not pinging ipsec hosts)"
                rm -f $CURRENTIPSECHOSTS
                touch $CURRENTIPSECHOSTS
        else
                echo -e "CARP interface is MASTER or non CARP (pinging ipsec hosts)"
                cat < $IPSECHOSTS > $CURRENTIPSECHOSTS
        fi
fi

General file meant for user consumption

if [ -f /var/db/hosts ]; then
        HOSTS="/var/db/hosts"
fi

Package specific ping requests

if [ -f /var/db/pkgpinghosts ]; then
        PKGHOSTS="/var/db/pkgpinghosts"
fi

cat $PKGHOSTS $HOSTS $IPSECHOSTS >/tmp/tmpHOSTS

if [ ! -d /var/db/pingstatus ]; then
        /bin/mkdir -p /var/db/pingstatus
fi

if [ ! -d /var/db/pingmsstatus ]; then
        /bin/mkdir -p /var/db/pingmsstatus
fi

PINGHOSTS=cat /tmp/tmpHOSTS

PINGHOSTCOUNT=cat /tmp/tmpHOSTS | wc -l

if [ "$PINGHOSTCOUNT" -lt "1" ]; then
        exit
fi

for TOPING in $PINGHOSTS ; do
        echo "PROCESSING $TOPING"
        SRCIP=echo $TOPING | cut -d"|" -f1
        DSTIP=echo $TOPING | cut -d"|" -f2
        COUNT=echo $TOPING | cut -d"|" -f3
        FAILURESCRIPT=echo $TOPING | cut -d"|" -f4
        SERVICERESTOREDSCRIPT=echo $TOPING | cut -d"|" -f5
        THRESHOLD=echo $TOPING | cut -d"|" -f6
        WANTHRESHOLD=echo $TOPING | cut -d"|" -f7
        AF=echo $TOPING | cut -d"|" -f8
        if [ "$AF" == "inet6" ]; then
                PINGCMD=ping6
        else
                PINGCMD=ping
        fi
        echo Processing $DSTIP
        # Look for a service being down
        $PINGCMD -c $COUNT -S $SRCIP $DSTIP
        if [ $? -eq 0 ]; then
                # Host is up
                # Read in previous status
                PREVIOUSSTATUS=cat /var/db/pingstatus/$DSTIP
                if [ "$PREVIOUSSTATUS" = "DOWN" ]; then
                        # Service restored
                        if [ "$SERVICERESTOREDSCRIPT" != "" ]; then
                                echo "$DSTIP is UP, previous state was DOWN .. Running $SERVICERESTOREDSCRIPT"
                                echo "$DSTIP is UP, previous state was DOWN .. Running $SERVICERESTOREDSCRIPT" | logger -p daemon.info -i -t PingMonitor
                                echo "UP" > /var/db/pingstatus/$DSTIP
                                sh -c $SERVICERESTOREDSCRIPT
                        fi
                fi
        else
                # Host is down
                PREVIOUSSTATUS=cat /var/db/pingstatus/$DSTIP
                if [ "$PREVIOUSSTATUS" = "UP" ]; then
                        # Service is down
                        if [ "$FAILURESCRIPT" != "" ]; then
                                echo "$DSTIP is DOWN, previous state was UP ..  Running $FAILURESCRIPT"
                                echo "$DSTIP is DOWN, previous state was UP ..  Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
                                echo "DOWN" > /var/db/pingstatus/$DSTIP
                                sh -c $FAILURESCRIPT
                        fi
                fi
        fi
        echo "Checking ping time $DSTIP"
        # Look at ping values themselves
        PINGTIME=$PINGCMD -c 1 -S $SRCIP $DSTIP | awk '{ print $7 }' | grep time | cut -d "=" -f2
        echo "Ping returned $?"
        echo $PINGTIME > /var/db/pingmsstatus/$DSTIP
        if [ "$THRESHOLD" != "" ]; then
                if [ "$PINGTIME" -gt "$THRESHOLD" ]; then
                        echo "$DSTIP has exceeded ping threshold $PINGTIME / $THRESHOLD .. Running $FAILURESCRIPT"
                        echo "$DSTIP has exceeded ping threshold $PINGTIME / $THRESHOLD .. Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
                        sh -c $FAILURESCRIPT
                fi
        fi
        # Wan ping time threshold
        #WANTIME=rrdtool fetch /var/db/rrd/wan-quality.rrd AVERAGE -r 120 -s -1min -e -1min | grep ":" | cut -f3 -d" " | cut -d"e" -f1
        echo "Checking wan ping time $WANTIME"
        echo $WANTIME > /var/db/wanaverage
        if [ "$WANTHRESHOLD" != "" ]; then
                if [ "$WANTIME" -gt "$WANTHRESHOLD" ]; then
                        echo "$DSTIP has exceeded wan ping threshold $WANTIME / $WANTHRESHOLD .. Running $FAILURESCRIPT"
                        echo "$DSTIP has exceeded wan ping threshold $WANTIME / $WANTHRESHOLD .. Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
                        sh -c $FAILURESCRIPT
                fi
        fi
        sleep 1
done

exit 0_

doktornotor

What issues? What are we supposed to do with the obviously incomplete script you created?

twp01

The issue the script does not run when it is in a cron job, and when executing the shell script from the commnd line it fails with a "syntax error line 36" unexpected word. I did not develop the script I pulled it from another message thread where users were having the same issues, it seems they have been able to get it to work, but for some reason the same exact script  in a copy and paste fails to execute by cron or command line on my machine. The full script can be found at https://forum.pfsense.org/index.php/topic,51786.0.html . Thanks

doktornotor

Let me state this again - the script snippet you posted is incomplete, broken and useless. If that's what you are trying to run via cron, so no, that will not ever work. Plus, the real question here was what issues are you having with DHCP WAN IP renewal.

twp01

This is the full script I am trying to run through CRON, it is the one the link went to, but here is it posted in its entirety. Thanks

_#!/bin/sh

#=====================================================================

pingtest.sh, v1.0.2

Created 2009 by Bennett Lee

Released to public domain

(1) Attempts to ping several hosts to test connectivity.  After

#    first successful ping, script exits.

(2) If all pings fail, resets interface and retries all pings.

(3) If all pings fail again after reset, then reboots pfSense.

History

1.0.2  Added turn dhclient on for the interface. (Dice81)

1.0.1  Added delay to ensure interface resets (thx ktims).

1.0.0  Initial release.

#=====================================================================

#=====================================================================

USER SETTINGS

Set multiple ping targets separated by space.  Include numeric IPs

(e.g., remote office, ISP gateway, etc.) for DNS issues which

reboot will not correct.

ALLDEST="google.com yahoo.com 24.93.40.36 24.93.40.37"

Interface to reset, usually your WAN

BOUNCE=rl0

Log file

LOGFILE=/root/pingtest.log
#=====================================================================

COUNT=1
while [ $COUNT -le 2 ]
do

for DEST in $ALLDEST
do
#echo date +%Y%m%d.%H%M%S "Pinging $DEST" >> $LOGFILE
ping -c1 $DEST >/dev/null 2>/dev/null
if [ $? -eq 0 ]
then
#echo date +%Y%m%d.%H%M%S "Ping $DEST OK." >> $LOGFILE
exit 0
fi
done

if [ $COUNT -le 1 ]
then
echo date +%Y%m%d.%H%M%S "All pings failed. Resetting interface $BOUNCE." >> $LOGFILE
/sbin/ifconfig $BOUNCE down

Give interface time to reset before bringing back up

sleep 10
/sbin/ifconfig $BOUNCE up

Give WAN time to establish connection

sleep 20
dhclient $BOUNCE
sleep 20
else
echo date +%Y%m%d.%H%M%S "All pings failed twice. Rebooting…" >> $LOGFILE
/sbin/shutdown -r now >> $LOGFILE
exit 1
fi

COUNT=expr $COUNT + 1
done_

twp01

The real issue I am trying to fix is that when my ISP renews the DHCP address on the WAN the Pfsense WAN DHCP client does not automatically renew and stays "stuck" causing connectivity to drop. I have tried cycling the WAN interface and this does not fix the problem, only a reboot seems to correct the problem. From the research I have done this seems to be a bug in PFsense 2.1., there for I am looking to use that script as a workaround. My setup is PFsense 2.1 running in an ESXi appliance  with two virtual interfaces (one for WAN and one for LAN) the WAN goes to an ISP cable modem, and the LAN goes to a wireless router. Hope this helps clarify. Thanks

aventrax

@twp01:

This is the full script I am trying to run through CRON, it is the one the link went to, but here is it posted in its entirety. Thanks

_#!/bin/sh

#=====================================================================

pingtest.sh, v1.0.2

Created 2009 by Bennett Lee

Released to public domain

(1) Attempts to ping several hosts to test connectivity.  After

#    first successful ping, script exits.

(2) If all pings fail, resets interface and retries all pings.

(3) If all pings fail again after reset, then reboots pfSense.

History

1.0.2  Added turn dhclient on for the interface. (Dice81)

1.0.1  Added delay to ensure interface resets (thx ktims).

1.0.0  Initial release.

#=====================================================================_

The script is working but If it runs from pfsense Cron package, it needs the full path of the /sbin/ping executables as well, otherwise it reboots the pfsense every time.