Monitor ssh tunnel
Before doing this, you should pair server-sides by pre-shared key (no password requirement)
To monitor ssh tunnel every 60 seconds and re-create the process if dropped use below script:
#!/bin/bash
FILE=/root/tun_err.log
TARGET=10.29.2.1
touch $FILE
while true;
do
DATE=$(date '+%d/%m/%Y %H:%M:%S')
ping -W 5 -c 1 $TARGET &> /dev/null
if [[ $? -ne 0 ]]; then
echo $DATE >> $FILE
killall ssh
sleep 2
ssh -w0:0 <USER>@<DOMAIN>.com -p <PORT> 'ifconfig tun0 10.29.2.1 netmask 255.255.255.0' &
sleep 5
ifconfig tun0 10.29.2.2 netmask 255.255.255.0
ip route add default via 10.29.2.1 table vpn_de
fi
sleep 60
done
To run it as a service and enable it at startup:
1. add below to /etc/systemd/system/mymonit.service
[Unit]
Description=My Tunnel monitoring script
After=network.target
[Service]
ExecStart=<PATH>
[Install]
WantedBy=multi-user.target
- exec
systemctl daemon-reload
- exec
systemctl enable mymonit
- exec
systemctl start mymonit
By running systemctl status mymonit
, no failed message should be seen, otherwise please check the script and resolbe the issue.