Help improving a script / test Internet connectivity without using ping
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Help improving a script / test Internet connectivity without using ping
Here is the script so far: (credit to David the H and Nominal Animal for making the script)
Code:
#!/bin/sh /etc/rc.common
START=99
start() {
# If vpn is up Internet works, If vpn is down block Internet traffic.
iptables -R zone_wan_ACCEPT 1 -j ACCEPT -p tcp --destination-port 443 -o eth1
# Put *.ovpn files in /etc/config/vpn_servers/
[ -n "$CONFIGDIR" ] || CONFIGDIR=/etc/config/vpn_servers/
# Begin Loop
while true; do
# Use find to list all *.ovpn files, and
# awk to pick one file at random.
CONFIG=$(find "$CONFIGDIR" -maxdepth 1 -name '*.ovpn' '!' -name '*
*' | awk '{ file[n++] = $0 } END { srand(); print file[int(n * rand())] }')
sleep 2
killall openvpn
sleep 2
#Pick Random Server
( openvpn --config "$CONFIG" & )
# Use this server for 7200 seconds
sleep 7200
# End Loop
done
}
The purpose of the script is to connect to a random vpn server every 2 hours. The script works great,
However there are 3 scenarios that could happen.
Scenario 1:
The script connects to a random vpn server and everything works as normal. This is of course what happens 95% of the time.
Scenario 2:
The script connects to a random vpn server but is latter dropped by the vpn server. I purposely added an iptable rule in the event, that blocks any Internet traffic not being tunneled through port 443 (the vpn connection). The end result is the end user will be without Internet for up to 7200 seconds. (until it connects to another vpn server)
Scenario 3:
The script connects to a random vpn server however the vpn server itself does not have Internet access. This is very rare but does happen once in awhile. The end result is you will be without Internet for up to 7200 seconds. (until it connects to another vpn server)
Both Scenarios 2 and 3 can be solved by manually issuing the command "killall sleep". I would like to find a way to automate this when needed.
My first thought was using the ping command. However using the ping command gives me a false positive. For example ping google.com works when connected to the vpn AND when NOT connected. As stated above I do have an iptable rule that forces the flow of traffic thru 443 but ping is not effected because ping is not port based. Long story short, I don't think I can use ping.
My second thought would be to monitor the iface's in ifconfig. If tun0 (the vpn's virtual iface) is not present, then killall sleep. However, this would only work for Scenario 2.
Ok, this whole thread is just a really long way of asking how can I test for Internet connectivity without using ping?
As a human, when I see "page not found" in my web browser, I can pretty much assume that Scenario 2 or 3 has occurred.
Here is the script so far: (credit to David the H and Nominal Animal for making the script)
Code:
#!/bin/sh /etc/rc.common
START=99
start() {
# If vpn is up Internet works, If vpn is down block Internet traffic.
iptables -R zone_wan_ACCEPT 1 -j ACCEPT -p tcp --destination-port 443 -o eth1
# Put *.ovpn files in /etc/config/vpn_servers/
[ -n "$CONFIGDIR" ] || CONFIGDIR=/etc/config/vpn_servers/
# Begin Loop
while true; do
# Use find to list all *.ovpn files, and
# awk to pick one file at random.
CONFIG=$(find "$CONFIGDIR" -maxdepth 1 -name '*.ovpn' '!' -name '*
*' | awk '{ file[n++] = $0 } END { srand(); print file[int(n * rand())] }')
sleep 2
killall openvpn
sleep 2
#Pick Random Server
( openvpn --config "$CONFIG" & )
# Use this server for 7200 seconds
sleep 7200
# End Loop
done
}
The purpose of the script is to connect to a random vpn server every 2 hours. The script works great,
However there are 3 scenarios that could happen.
Scenario 1:
The script connects to a random vpn server and everything works as normal. This is of course what happens 95% of the time.
Scenario 2:
The script connects to a random vpn server but is latter dropped by the vpn server. I purposely added an iptable rule in the event, that blocks any Internet traffic not being tunneled through port 443 (the vpn connection). The end result is the end user will be without Internet for up to 7200 seconds. (until it connects to another vpn server)
Scenario 3:
The script connects to a random vpn server however the vpn server itself does not have Internet access. This is very rare but does happen once in awhile. The end result is you will be without Internet for up to 7200 seconds. (until it connects to another vpn server)
Both Scenarios 2 and 3 can be solved by manually issuing the command "killall sleep". I would like to find a way to automate this when needed.
My first thought was using the ping command. However using the ping command gives me a false positive. For example ping google.com works when connected to the vpn AND when NOT connected. As stated above I do have an iptable rule that forces the flow of traffic thru 443 but ping is not effected because ping is not port based. Long story short, I don't think I can use ping.
My second thought would be to monitor the iface's in ifconfig. If tun0 (the vpn's virtual iface) is not present, then killall sleep. However, this would only work for Scenario 2.
Ok, this whole thread is just a really long way of asking how can I test for Internet connectivity without using ping?
As a human, when I see "page not found" in my web browser, I can pretty much assume that Scenario 2 or 3 has occurred.
You could conceivably use nc (netcat ) or wget (maybe w/ a timeout of a few seconds?)
to retrieve http headers/pages from a well-known page, and if the response (timeout!)
is empty run killall.
I guess I forgot to mention that this script is being run from my router.
I have a iptable rule written for my FORWARD chain that forces traffic thru my vpn. SSH'ing a wget or nc from my router does not pass thru the FORWARD chain. In other words wget or nc is going to always pass thru whether or not I am connected to the vpn server.
My head hurts,
I am going to have to sleep on this.
Maybe it would be better to monitor the iface's in ifconfig. If tun0 (the vpn's virtual iface) is not present, then killall sleep. However, this would only work for Scenario 2. It would be nice to figure out a solution that works for both Scenario 2 and 3.
I am not sure I understand the issue exactly? We are not suggesting that just by using the commands it will indicate
access but rather what you get back information wise will indicate what you are looking for. So if you dig on port 443,
which if I understand correctly is the only open port your iptables entry is allowing, then you can test the
connection. Am I on the right idea here??
The target machine this script is destined for does not come with dig. It is available for install but it would be nice to share this script in the future. I do have wget and nc but I don't think those are going to help.
I don't think It wouldn't matter, If the nc, wget, or (insert whatever program), request is made by my router , then it will pass through the INPUT chain.
On the other hand, the traffic that gets forced through the tun0 (port 443) are Desktops, Laptops, Xboxs, netbooks, PS3s, ect, and that traffic is forced through the vpn tunnel. This all occurs in the FORWARD chain which I have rules written for.
It's also more than possible I am not understanding the situation correctly.
I'm thinking I should give up on this idea and try monitoring the tun0 iface, if it is not present then I can killall sleep which will start the loop again and connect to a different server.
iptables on it's own can not control routing, it can block, modify or mark packets before routing them. If you altered your iptables rules appropriately the ping test will work.
If you are using OpenVPN's redirect-gateway option to default route is altered to point though the VPN.
OpenVPN can pick random VPN servers and re-connect on failure by itself. How is it possible to connect to a VPN server which doesn't have internet access whilst be able to connect to a server that does?
OpenVPN can pick random VPN servers and re-connect on failure by itself. How is it possible to connect to a VPN server which doesn't have internet access whilst be able to connect to a server that does?
Maybe I should not have used the term "no Internet access". I just meant when I block everything but port 443 (the port openvpn connects to the vpn servers on) on eth1 forward chain and leave tun0 unrestricted (on the routers' iptable), it gives the desired effect of no Internet access when the tun0 is down. And by no Internet access what I really mean is that web browsers and torrent clients do not work (unless by chance they are using 443). So if for example, I see that my web browser is getting web page not found I know to ssh into my router and re-start openvpn. What I was trying to do was to write something that would detect this behavior and automatically re-start openvpn with a new vpn server.
Quote:
iptables on it's own can not control routing, it can block, modify or mark packets before routing them. If you altered your iptables rules appropriately the ping test will work.
Yes I realize this. I should have used the term filter not force. I just meant I was able to track down the appropriate place in the forward chain to add my 443 rule but got stumped when trying to do the same for the input chain. When ssh'd in and wget'ing a large file I can see the MB's in input state RELATED,ESTABLISHED rule increasing in size but gave up on trying to find the right place to add another 443 rule.
Quote:
OpenVPN can pick random VPN servers and re-connect on failure by itself.
what is the command to do this?
Code:
openvpn --config random *.ovpn # Sorry this was my crazy guess
I read the manual but I don't see how to do this. I have a bunch of *.ovpn config files each with the vpn servers ip address inside them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.