Ping Watchdog for Strongswan

#!/bin/bash
HOST=$1 ##Host IP at endpoint to test
ConnName=$2 ##StrongSwan connection name to call
OfflineCount=1
while [ $OfflineCount -gt 0 ]
do
echo loop $OfflineCount
ping=$(ping -c 1 -w 2 $HOST | grep bytes | wc -l)
if [[ $ping -gt 1 ]];then
echo "HOST ONLINE"
logger "[vpnwatchdog] host $HOST online"
OfflineCount=0
exit
else
echo "HOST OFFLINE"
let OfflineCount++
sleep 1
fi
if [[ $OfflineCount -gt 9 ]];then
logger "[vpnwatchdog] host $HOST timeout reached. Restarting VPN..."
echo "OFFLINE LIMIT REACHED"
sudo strongswan down $ConnName
sudo strongswan up $ConnName
exit
fi
done

Cisco SPA3102 settings for UK PSTN

A great unit even if it is 10 year old tech, only £20ish on eBay. However it comes with international settings as default. International dial tones and lack of disconnect supervision could result in a difficult and expensive situation for users.

I’ve applied the following settings for UK use. There are many more settings which could be changed – I’ve just not had the need to use the features needing these tones yet.

Dial Tone
350@-19,440@-19;10(*/0/1+2)
Outside Dial Tone
340@-19,430@-19;10(*/0/1+2)

 

Full details are in the manual, here

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/csbpvga/ata/administration/guide/ATA_AG_v3_NC-WEB.pdf

Changing Network Interface on Centos

Now I’ve got wired connectivity into the basement, I dont need to have the uplink between the comms pc and the router on Wifi. The interface shown here as wlp3s0 will now be called eth1

 

This article basically describes the process

https://unix.stackexchange.com/questions/205010/centos-7-rename-network-interface-without-rebooting/219277

 

However, I’ll also need to change the /etc/sysconfig/network-scripts/ifcfg-eth1 file to contain the IP address previously assigned to wlp3s0, and run

ip link set dev wlp3s0 down
service network restart

This is to ensure that incoming requests from the internet hit the new adapter, not the old one, which may be reassigned to something else later on.

Next, I’ll need to check firewalld has kept up with the changes

firewall-cmd --get-active-zones

and check eth1 is in the external zone