[英]My systemd unit file and bash scripts not working for interface ppp0 checks
Trying to understand systemd and craft a service that works , using two bash scripts I have to down/up an IPsec/L2tpd tunnel.试图理解 systemd 并制作一个有效的服务,使用两个 bash 脚本我必须关闭/打开 IPsec/L2tpd 隧道。 All works fine if I use the bash scripts commands from the command line, but for some reason I'm getting race conditions or lack of sync or something because using my systemd unit file is random and intermittent often requiring a random number of restarts to get it working.
如果我从命令行使用 bash 脚本命令,一切正常,但由于某种原因,我遇到了竞争条件或缺乏同步或其他原因,因为使用我的 systemd 单元文件是随机的和间歇性的,通常需要随机数的重新启动才能获得它工作。
echo "d myvpn" > /var/run/xl2tpd/l2tp-control
ipsec down myvpn
while grep ppp0 /proc/net/dev < /dev/null; do
echo "Waiting for ppp0 to go down ..."
sleep 5
done
echo "$0: ppp0/myvpn now down"
VPN_SERVER_IP='161.35.36.182'
VPN_IPSEC_PSK='Vsumz0402#tillykeats'
VPN_USER='pi'
VPN_PASSWORD='Psumz0402'
if [[ $EUID -ne 0 ]] ; then
echo "$0: Must be run as ROOT"
exit 1
fi
/home/daz/VPN/vpn-disconnect.sh
echo "
### Creating ipsec connections file ..."
cat > /etc/ipsec.conf <<EOF
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp2048!
esp=aes128-sha1-modp2048!
conn myvpn
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=$VPN_SERVER_IP
EOF
echo "
### Creating PSK file ..."
cat > /etc/ipsec.secrets <<EOF
: PSK "$VPN_IPSEC_PSK"
EOF
chmod 600 /etc/ipsec.secrets
echo "
### Creating xl2tpd config file ..."
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[lac myvpn]
lns = $VPN_SERVER_IP
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
EOF
echo "
### Creating PPP client file ..."
cat > /etc/ppp/options.l2tpd.client <<EOF
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name $VPN_USER
password $VPN_PASSWORD
EOF
chmod 600 /etc/ppp/options.l2tpd.client
echo "
### Creating control file ..."
mkdir -p /var/run/xl2tpd
touch /var/run/xl2tpd/l2tp-control
echo "
### Restarting services ..."
service strongswan restart
service xl2tpd restart
echo "
### Bringing up connection ..."
ipsec up myvpn
echo "c myvpn" > /var/run/xl2tpd/l2tp-control
while ! grep ppp0 /proc/net/dev ; do
echo "waiting for ppp0 ..."
sleep 5
done
echo "
### DONE !!"
ifconfig
[Service]
Type=oneshot
#Type=forking
#Type=notify
#Type=simple
#User=root
#Restart=no
#RuntimeMaxSec=10
#RestartSec=1
#User=root
WorkingDirectory=/tmp
RemainAfterExit=yes
ExecStart=/bin/sh -c '/home/vpn-connect.sh'
#ExecStartPre=/bin/sleep 10
#ExecStop=/bin/sh -c '/home/vpn-disconnect.sh'
#KillMode=process
StandardOutput=journal
StandardError=inherit
#SuccessExitStatus=0 143
#RestartSec=5
#Restart=on-failure
#TimeoutStopSec=120
#LimitNOFILE=102642
[Unit]
Description=IPsec L2TP tunner
After=network-online.target
StartLimitIntervalSec=0
[Install]
WantedBy=multi-user.target
The intention is to bring up ppp0 interface (or take it down) through the service.目的是通过服务打开 ppp0 接口(或关闭它)。 I've had several symptoms with this and as you can see I've tried various configurations (commenting them in/out).
我对此有几个症状,正如您所看到的,我尝试了各种配置(输入/输出注释)。 I'm lost.
我迷路了。 Various conditions I'm getting with this config:-
我在这个配置中遇到的各种条件:-
Like I say, it is all perfect if I run them from the command line as .就像我说的,如果我从命令行以. ./vpn-connect.sh or .
./vpn-connect.sh或. ./vpn-disconnect.sh as and when I need them, such as vpn-connect after I log in and vpn-disconnect before I power down.
./vpn-disconnect.sh在我需要它们时,例如登录后的vpn-connect和断电前的vpn-disconnect 。
help please :)请帮忙 :)
I accept I'm probably not doing this the 'correct' way but I'm no expert and have tried and got some way, before coming here.我承认我可能没有以“正确”的方式来做这件事,但我不是专家,在来这里之前已经尝试过并得到了一些方法。 There is probably a better way of checking if the ppp0 interface is down/up and there's certainly got to be a better way of crafting the service file?
可能有更好的方法来检查 ppp0 接口是否关闭/打开,并且肯定有更好的方法来制作服务文件?
Thanks in advance Gurus.在此先感谢大师。
Two script!两个剧本! That will be hard to manage.
这将很难管理。 Consider making one script and pass mode with arguments.
考虑使用参数制作一个脚本和传递模式。 But you can just use one script and auto-clean with a trap.
但是您可以只使用一个脚本并使用陷阱自动清理。 Like so:
像这样:
#!/bin/bash
# vpn-connect.sh
shutdown_func() {
# the stuff from vpn-disconnect.sh here
echo "d myvpn" > /var/run/xl2tpd/l2tp-control
ipsec down myvpn
while grep ppp0 /proc/net/dev < /dev/null; do
echo "Waiting for ppp0 to go down ..."
sleep 5
done
echo "$0: ppp0/myvpn now down"
}
# execute shutdown function when requested to... shutdown
trap 'shutdown_func' SIGTERM
# the rest of vpn-connect.sh script
: blablabl
echo "
### DONE !!"
ifconfig # ??
sleep infinity
then don't RemainAfterExit=yes
and just only do:然后不要
RemainAfterExit=yes
,只做:
[Service]
ExecStart=/usr/bin/bash /home/vpn-connect.sh
StandardOutput=journal
StandardError=inherit
That way systemctl
will "see" that the process is running.这样
systemctl
将“看到”进程正在运行。 The default KillSignal=
is SIGTERM.默认的
KillSignal=
是 SIGTERM。 So systemctl stop
will send SIGTERM
to your bash process, which in turn will make buash execute shutdown
part.所以
systemctl stop
会向你的 bash 进程发送SIGTERM
,这反过来会让 buash 执行shutdown
部分。 The TimeoutStopSec=
configures how long to wait for the sript to shutdown. TimeoutStopSec=
配置等待 sript 关闭的时间。
It does not look like a good idea to start VPN as a service.将 VPN 作为服务启动似乎不是一个好主意。 It is possible indeed but the service is supposed to start on system boot, so you have to cope with dependency on network etc.
确实有可能,但该服务应该在系统启动时启动,因此您必须处理对网络等的依赖。
Since your scripts work OK in standalone mode, I would suggest to use them as up/down hooks for a main network interface (see eg Run script when eth0 UP ).由于您的脚本在独立模式下工作正常,我建议将它们用作主网络接口的上/下挂钩(参见例如Run script when eth0 UP )。
PS In this line PS 在这一行
while grep ppp0 /proc/net/dev < /dev/null; do
you probably wanted to say你可能想说
while grep ppp0 /proc/net/dev > /dev/null; do
or或者
while grep -q ppp0 /proc/net/dev; do
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.