Monitor ssh tunnel

Before doing this, you should pair server-sides by pre-shared key (no password requirement)

To monitor ssh tunnel every 60 seconds and re-create the process if dropped use below script:

#!/bin/bash
FILE=/root/tun_err.log
TARGET=10.29.2.1
touch $FILE
while true;
do
  DATE=$(date '+%d/%m/%Y %H:%M:%S')
  ping -W 5 -c 1 $TARGET &> /dev/null
  if [[ $? -ne 0 ]]; then
    echo $DATE >> $FILE
    killall ssh
    sleep 2
    ssh -w0:0 <USER>@<DOMAIN>.com -p <PORT> 'ifconfig tun0 10.29.2.1 netmask 255.255.255.0' &
    sleep 5
    ifconfig tun0 10.29.2.2 netmask 255.255.255.0
    ip route add default via 10.29.2.1 table vpn_de
  fi
  sleep 60
done

To run it as a service and enable it at startup: 1. add below to /etc/systemd/system/mymonit.service

[Unit]
Description=My Tunnel monitoring script
After=network.target

[Service]
ExecStart=<PATH>

[Install]
WantedBy=multi-user.target
  1. exec systemctl daemon-reload
  2. exec systemctl enable mymonit
  3. exec systemctl start mymonit

By running systemctl status mymonit, no failed message should be seen, otherwise please check the script and resolbe the issue.

Search Results