Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to write script for VPN gateway switch?
Top Forums Shell Programming and Scripting How to write script for VPN gateway switch? Post 302880626 by Ag3r12 on Saturday 21st of December 2013 10:45:02 AM
Old 12-21-2013
Router How to write script for VPN gateway switch?
I have a VPN subscription at Private Internet Access. I mainly use the Switzerland gateway. Now I use it with their client. Many times the Switzerland gateway is down so I have to find another gateway. I want to setup my DD-WRT router (WRT54GL) with the VPN and I want it to automatically switch between the best possible gateways or at least the ones which are working. So basically a script for this or any other solution is also most welcome.

I was discussing this issue at another forum with somebody. He advised me to ask somebody who has UNIX experience. Since I have no UNIX experience, I do not know how to do that. I quote some of what he advised me.
"In any case the basic configuration is the same as if you would say have 2 remote offices. You build a VPN connection to both from your central location. Unlike a office situation where you would route certain networks to each tunnel in your case you need to route the default route. Since the router likes to always has a BEST route even though there are 2 default routes in the routing table it will choose one or the other based on some metric value you set. If the primary link would go down this default route will get removed and it will use only other one that is left. When the primary comes back it will get the better default route back and it will switch back. The only problem with this design is when the VPN stays active but just does not pass any traffic or is getting 90% packet loss. You would have to write a script that could detect something that advanced and cause it to change the metrics on the other default route to make it be selected."
So here it is.

Previously I was seeking advice on how to connect 3 routers wirelessly. Now I am over that, I will connect them with a wire. But I want my DD-WRT router to do the DHCP server. He adviced me this:
"If you want all your traffic to flow only via vpn then what you do is lie to your end devices. Say your main gateway is 192.168.1.1 and your vpn router is 192.168.1.2 You would set the DHCP server (can be any router) to tell the client devices to send all the traffic to 192.168.1.2. The 192.168.1.2 router would know to send all the traffic into the VPN tunnel to the remote site but it also would know that the gateway to the internet was really 192.168.1.1. It would send the tunnel traffic itself to 192.168.1.1 but it would send any other non tunnel internet traffic though the tunnel."

So can somebody help me with my case? Much appreciated.
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

ftp-gw(gateway) script help

What is the best method to ftp files to a machine that is outside of a gateway (0 Replies)
Discussion started by: coburn
0 Replies

2. Shell Programming and Scripting

script with more then one switch

Hi, have managed to code a script that has a simple menu so for instance if I run: this will call a help function that displays the programs help, I have coded this in using a case statement so if: case is h) call the help function The problem is I don't know how to code in the... (3 Replies)
Discussion started by: Del33t
3 Replies

3. IP Networking

start a new terminal from a script after opening VPN

Hi all, I am trying to write a script that launch the cisco vpn client from the command line and then connects to a remote host using ssh. When i connect to the cisco vpn using vpnclient client connect the last lines of output from that client is Encryption: 168-bit 3-DES Authentication:... (0 Replies)
Discussion started by: borderblaster
0 Replies

4. Shell Programming and Scripting

vpn connect/disconnect shell script

Hi I am not so good in scripting..trying ot learn it...need guidance of the experts in shell scripting.. Let me explain the scenario first.. a server MX1 is connected to another server MX2 through vpn..every 5 minute a script runs to test vpn connectivity between the 2 servers.when the vpn... (12 Replies)
Discussion started by: renuka
12 Replies

5. Shell Programming and Scripting

Switch from one database to other using shell script

Hi all, This is my first ever post to any forum so, dont let this go in vain...........:) Here is the scenario........ I have logged into the unix where oracle_sid is initialized for some X database in the .profile. I have a unix script where some sql query which fetches data from X... (3 Replies)
Discussion started by: sachinkl
3 Replies

6. Linux

GNUGK-How to setup static gateway to gateway routing

Dear Sir I am a newbie in the world of IP telephony. I have been working with Asterisk PBX (SIP) and Cisco Call Manager (MGCP) but now I am learning on how to work GNUGK for H.323 Gatekeeper. I am having a problem, configuring static call routing on GNUGK in the section ... (0 Replies)
Discussion started by: mfondoum
0 Replies

7. IP Networking

Cisco 3750 Switch ASA VPN Routing

Hi,I want connect my ASA 5510 firewall to a 3750 switch with RIP routing. Unfortunately,I am having issues passing the VPN subnet through rip to the 3750.I don't understand how the routing table is populated on the ASA. Any suggestions? (0 Replies)
Discussion started by: Ayaerlee
0 Replies

8. Shell Programming and Scripting

Script to execute with switch

Hello I want to create a script which will require a mandatory value and optional values which can be supplied using switch. If optional values are not supplied, the script will use the default values mentioned in the script. For example, how we create user in linux systems. Please... (3 Replies)
Discussion started by: atanubanerji
3 Replies

9. UNIX for Beginners Questions & Answers

Inconsistency between RedHat 6.5 global gateway and single gateway leads to loss of default gateway

Dear friends I use RedHat 6.5, which sets the gateway in the configuration file / etc / sysconfig / network as GATEWAY = 192.168.1.26, and the gateway in the configuration file / etc / sysconfig / network-scripts / ifcfg-eth11 as GATEWAY = 192.168.1.256. The two gateways are different.... (6 Replies)
Discussion started by: tanpeng
6 Replies

LEARN ABOUT XFREE86

gre

GRE(4)							   BSD Kernel Interfaces Manual 						    GRE(4)

NAME

     gre -- encapsulating network device

SYNOPSIS

     To compile the gre device into the kernel, place the following line in the kernel configuration file:

	   device gre

     Alternatively, to load the gre device as a module at boot time, place the following line in loader.conf(5):

	   if_gre_load="YES"

DESCRIPTION

     The gre network interface pseudo device encapsulates datagrams into IP.  These encapsulated datagrams are routed to a destination host, where
     they are decapsulated and further routed to their final destination.  The ``tunnel'' appears to the inner datagrams as one hop.

     gre interfaces are dynamically created and destroyed with the ifconfig(8) create and destroy subcommands.

     This driver currently supports the following modes of operation:

     GRE encapsulation (IP protocol number 47)
	     Encapsulated datagrams are prepended an outer datagram and a GRE header.  The GRE header specifies the type of the encapsulated data-
	     gram and thus allows for tunneling other protocols than IP like e.g. AppleTalk.  GRE mode is also the default tunnel mode on Cisco
	     routers.  This is also the default mode of operation of the gre interfaces.  As part of the GRE mode, gre also supports Cisco WCCP
	     protocol, both version 1 and version 2.  Since there is no reliable way to distinguish between WCCP versions, it should be configured
	     manually using the link2 flag.  If the link2 flag is not set (default), then WCCP version 1 is selected.

     MOBILE encapsulation (IP protocol number 55)
	     Datagrams are encapsulated into IP, but with a shorter encapsulation.  The original IP header is modified and the modifications are
	     inserted between the so modified header and the original payload.	Like gif(4), only for IP-in-IP encapsulation.

     The gre interfaces support a number of ioctl(2)s, such as:

     GRESADDRS	Set the IP address of the local tunnel end.  This is the source address set by or displayed by ifconfig(8) for the gre interface.

     GRESADDRD	Set the IP address of the remote tunnel end.  This is the destination address set by or displayed by ifconfig(8) for the gre
		interface.

     GREGADDRS	Query the IP address that is set for the local tunnel end.  This is the address the encapsulation header carries as local address
		(i.e., the real address of the tunnel start point).

     GREGADDRD	Query the IP address that is set for the remote tunnel end.  This is the address the encapsulated packets are sent to (i.e., the
		real address of the remote tunnel endpoint).

     GRESPROTO	Set the operation mode to the specified IP protocol value.  The protocol is passed to the interface in (struct ifreq)->ifr_flags.
		The operation mode can also be given as

		link0	IPPROTO_GRE
		-link0	IPPROTO_MOBILE

		to ifconfig(8).

		The link1 flag is not used to choose encapsulation, but to modify the internal route search for the remote tunnel endpoint, see
		the BUGS section below.

     GREGPROTO	Query operation mode.

     GRESKEY	Set the GRE key used for outgoing packets.  A value of 0 disables the key option.

     GREGKEY	Get the GRE key currently used for outgoing packets.  0 means no outgoing key.

     Note that the IP addresses of the tunnel endpoints may be the same as the ones defined with ifconfig(8) for the interface (as if IP is encap-
     sulated), but need not be, as e.g. when encapsulating AppleTalk.

EXAMPLES

     Configuration example:

     Host X-- Host A  ----------------tunnel---------- Cisco D------Host E
	       					  |
							 /
		 +------Host B----------Host C----------+

     On host A (FreeBSD):

	   route add default B
	   ifconfig greN create
	   ifconfig greN A D netmask 0xffffffff linkX up
	   ifconfig greN tunnel A D
	   route add E D

     On Host D (Cisco):

	   Interface TunnelX
	    ip unnumbered D   ! e.g. address from Ethernet interface
	    tunnel source D   ! e.g. address from Ethernet interface
	    tunnel destination A
	   ip route C <some interface and mask>
	   ip route A mask C
	   ip route X mask tunnelX

     OR

     On Host D (FreeBSD):

	   route add default C
	   ifconfig greN create
	   ifconfig greN D A
	   ifconfig greN tunnel D A

     If all goes well, you should see packets flowing ;-)

     If you want to reach Host A over the tunnel (from Host D (Cisco)), then you have to have an alias on Host A for e.g. the Ethernet interface
     like:

	   ifconfig <etherif> alias Y

     and on the Cisco:

	   ip route Y mask tunnelX

     A similar setup can be used to create a link between two private networks (for example in the 192.168 subnet) over the Internet:

     192.168.1.* --- Router A  -------tunnel-------- Router B --- 192.168.2.*
						       /
			 			      /
			  +------ the Internet ------+

     Assuming router A has the (external) IP address A and the internal address 192.168.1.1, while router B has external address B and internal
     address 192.168.2.1, the following commands will configure the tunnel:

     On router A:

	   ifconfig greN create
	   ifconfig greN 192.168.1.1 192.168.2.1 link1
	   ifconfig greN tunnel A B
	   route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1

     On router B:

	   ifconfig greN create
	   ifconfig greN 192.168.2.1 192.168.1.1 link1
	   ifconfig greN tunnel B A
	   route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1

     Note that this is a safe situation where the link1 flag (as discussed in the BUGS section below) may (and probably should) be set.

NOTES

     The MTU of gre interfaces is set to 1476 by default, to match the value used by Cisco routers.  If grekey is set this is lowered to 1472.
     This may not be an optimal value, depending on the link between the two tunnel endpoints.	It can be adjusted via ifconfig(8).

     For correct operation, the gre device needs a route to the destination that is less specific than the one over the tunnel.  (Basically, there
     needs to be a route to the decapsulating host that does not run over the tunnel, as this would be a loop.)  If the addresses are ambiguous,
     doing the ifconfig tunnel step before the ifconfig(8) call to set the gre IP addresses will help to find a route outside the tunnel.

     In order to tell ifconfig(8) to actually mark the interface as ``up'', the keyword up must be given last on its command line.

     The kernel must be set to forward datagrams by setting the net.inet.ip.forwarding sysctl(8) variable to non-zero.

SEE ALSO

     gif(4), inet(4), ip(4), netintro(4), protocols(5), ifconfig(8), sysctl(8)

     A description of GRE encapsulation can be found in RFC 1701 and RFC 1702.

     A description of MOBILE encapsulation can be found in RFC 2004.

AUTHORS

     Heiko W.Rupp <hwr@pilhuhn.de>

BUGS

     The compute_route() code in if_gre.c toggles the last bit of the IP-address to provoke the search for a less specific route than the one
     directly over the tunnel to prevent loops.  This is possibly not the best solution.

     To avoid the address munging described above, turn on the link1 flag on the ifconfig(8) command line.  This implies that the GRE packet des-
     tination and the ifconfig remote host are not the same IP addresses, and that the GRE destination does not route over the gre interface
     itself.

     The current implementation uses the key only for outgoing packets.  Incomming packets with a different key or without a key will be treated
     as if they would belong to this interface.

     RFC1701 is not fully supported, however all unsupported features have been deprecated in RFC2784.

BSD
								   June 20, 2008							       BSD
All times are GMT -4. The time now is 01:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy