HOWTO: Show VPN status/activity with SES/Ciso LED

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
onemyndseye
DD-WRT Novice


Joined: 01 Aug 2009
Posts: 36

PostPosted: Tue Aug 11, 2009 9:53    Post subject: HOWTO: Show VPN status/activity with SES/Ciso LED Reply with quote
I worked out this little script out for my WRT54G-TM and WRT54GL and I thought I would share here since its based from examples shown on this forum and the wiki.

The script requires that you set 2 options in your vpn config file:

status /path/to/file (example: /tmp/vpn-status)
status-version 2

For activity it parses the info in /proc/net/dev

Be sure to edit the first 2 lines (VPN_STATUS= and VPN_DEV=) of this script to match your settings.. then Paste the following into your Startup script.
Code:

vpn_leds() {
VPN_STATUS=/tmp/vpn-status
VPN_DEV=tap0

# make sure status file exists
[ ! -f "$VPN_STATUS" ] && return 1
 
# Set initial Cisco/SES Led mode
AMBER='gpio disable 3 ; gpio enable 2'
WHITE='gpio enable 3 ; gpio disable 2'
BLACK='gpio enable 3 ; gpio enable 2'
eval $BLACK

LAST_ACT=0
while [ 1 ]; do
    if [ $(cat "$VPN_STATUS" |grep -c "") -gt 6 ]; then
      # tunnel up. White LED
      LED=$WHITE
      ACT_STRING="$(cat /proc/net/dev |grep "$VPN_DEV")"
      if [ "$ACT_STRING" != "$LAST_ACT" ]; then
        LED=$AMBER
        LAST_ACT=$ACT_STRING
      else
        LED=$WHITE
        LAST_ACT=$ACT_STRING
      fi
    else
      # tunnel down. All leds OFF
      LED=$BLACK
    fi 
    if [ "$LED" != "$PLED" ]; then
      eval $LED
      LAST_LED=$LED
    fi
    sleep 1
done
}
vpn_leds &


Reboot your router and viola! ;)

Light off = Tunnel down
White = Tunnel up
Amber = Activity

You can change the behavior of this script by changing each LED=$COLOR line.


Response time for tunnel up/down indication for my setup is 60sec for client connect and 120sec for disconnect. I believe the disconnect response could be improved by changing your keepalive setting in your VPN config.

Mine is set to:
keepalive 10 120

This means OpenVPN will ping the client every 10sec and assume the client has disconnect if no reply is received within 120sec. lowering the last value should improve the response time but be careful not to lower it too much as not to cause connection drops due to timeout


Hope this helps,
-onemyndseye
Sponsor
onemyndseye
DD-WRT Novice


Joined: 01 Aug 2009
Posts: 36

PostPosted: Tue Aug 11, 2009 13:00    Post subject: Reply with quote
** Script revised slightly
barryware
DD-WRT Guru


Joined: 26 Jan 2008
Posts: 13027
Location: Behind The Reset Button

PostPosted: Tue Aug 11, 2009 15:54    Post subject: Reply with quote
Nice work..

You should add this to the "useful scripts" wiki.

_________________
[Moderator Deleted] Shocked
DHC_DarkShadow
DD-WRT Guru


Joined: 22 Jun 2008
Posts: 2440
Location: Am now Dark_Shadow

PostPosted: Tue Aug 11, 2009 16:05    Post subject: Reply with quote
barryware wrote:
Nice work..

You should add this to the "useful scripts" wiki.



Done.

_________________
The New Me
onemyndseye
DD-WRT Novice


Joined: 01 Aug 2009
Posts: 36

PostPosted: Wed Aug 12, 2009 0:56    Post subject: Reply with quote
thanks guys
onemyndseye
DD-WRT Novice


Joined: 01 Aug 2009
Posts: 36

PostPosted: Wed Aug 19, 2009 8:15    Post subject: Reply with quote
** Update

Fun with egrep!


Here is an updated version of the script that will monitor for activity on ANY tun or tap device... useful if you have more than 1 VPN running

Code:

vpn_leds() {
VPN_STATUS=/tmp/vpn-status

# make sure status file exists
[ ! -f "$VPN_STATUS" ] && return 1
 
# Set initial Cisco/SES Led mode
AMBER='gpio disable 3 ; gpio enable 2'
WHITE='gpio enable 3 ; gpio disable 2'
BLACK='gpio enable 3 ; gpio enable 2'
eval $BLACK

LAST_ACT="$(cat /proc/net/dev |egrep "tap|tun")"
while [ 1 ]; do
    if [ $(cat "$VPN_STATUS" |grep -c "") -gt 6 ]; then
      # tunnel up. White LED
      LED=$WHITE
      ACT_STRING="$(cat /proc/net/dev |egrep "tap|tun")"
      if [ "$ACT_STRING" != "$LAST_ACT" ]; then
        LED=$AMBER
        LAST_ACT=$ACT_STRING
      else
        LED=$WHITE
        LAST_ACT=$ACT_STRING
      fi
    else
      # tunnel down. All leds OFF
      LED=$BLACK
    fi
    if [ "$LED" != "$PLED" ]; then
      eval $LED
      LAST_LED=$LED
    fi
    sleep 1
done
}
vpn_leds &


I've pondered checking the up/down status of multiple links quite a bit... and so far it always comes down to the fact that, yes - you can put together a way to check multiple tunnels or status files but with only 1 LED light I believe it becomes a invalid point.

By the same reasoning you could say checking for up/down status is useless when more than one tunnel exists *shrug*

Personally I use it to show that my site-to-site bridge is up and ignore the up/down status of my tun interface for mobile clients

However. What if i added another site-to-site bridge? I could script to check the status but how to indicate with only 1 light... this is where it starts to break down
ewoudenberg
DD-WRT Novice


Joined: 04 Jul 2012
Posts: 1

PostPosted: Wed Jul 04, 2012 3:29    Post subject: VPN activity indicator for v24-sp2 Reply with quote
Unfortunately onemyndseye's nice script doesn't work properly under v24 since it's difficult to get the status commands into the openvpn.conf (I'd be happy to learn how to do that though).

Here's a variant that doesn't require the status command. The LED is dark until the TUN/TAP interface comes up. From then on it turns amber during activity and white during quiescence.

When the link goes down though the LED does not return to dark since nothing in the file system seemed to indicate that condition. E.g. the /tmp/openvpncl directory remains present forever.

Just add this via Administration->Commands->Save Startup.

Code:

vpn_leds() {
  VPN_STATUS=/tmp/openvpncl

  # Cisco/SES Led modes
  AMBER='gpio disable 3 ; gpio enable 2' # Tun/Tap active
  WHITE='gpio enable 3 ; gpio disable 2' # Tun/Tap quiescent

  LAST_LED=""
  LAST_ACT="$(egrep 'tap|tun' /proc/net/dev)"

  while [ 1 ]; do
      if [ -e "$VPN_STATUS" ]; then
        # Tunnel has been started, check for activity
        ACTIVITY="$(egrep 'tap|tun' /proc/net/dev)"
        LED=$WHITE
        if [ "$ACTIVITY" != "$LAST_ACT" ]; then
          LAST_ACT=$ACTIVITY
          LED=$AMBER
        fi
        if [ "$LED" != "$LAST_LED" ]; then
          LAST_LED=$LED
          eval $LED
        fi
      fi
      sleep 1
  done
}

vpn_leds &
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum