Posted: Tue Aug 11, 2009 9:53 Post subject: HOWTO: Show VPN status/activity with SES/Ciso LED
I worked out this little script out for my WRT54G-TM and WRT54GL and I thought I would share here since its based from examples shown on this forum and the wiki.
The script requires that you set 2 options in your vpn config file:
status /path/to/file (example: /tmp/vpn-status)
status-version 2
For activity it parses the info in /proc/net/dev
Be sure to edit the first 2 lines (VPN_STATUS= and VPN_DEV=) of this script to match your settings.. then Paste the following into your Startup script.
LAST_ACT=0
while [ 1 ]; do
if [ $(cat "$VPN_STATUS" |grep -c "") -gt 6 ]; then
# tunnel up. White LED
LED=$WHITE
ACT_STRING="$(cat /proc/net/dev |grep "$VPN_DEV")"
if [ "$ACT_STRING" != "$LAST_ACT" ]; then
LED=$AMBER
LAST_ACT=$ACT_STRING
else
LED=$WHITE
LAST_ACT=$ACT_STRING
fi
else
# tunnel down. All leds OFF
LED=$BLACK
fi
if [ "$LED" != "$PLED" ]; then
eval $LED
LAST_LED=$LED
fi
sleep 1
done
}
vpn_leds &
Reboot your router and viola! ;)
Light off = Tunnel down
White = Tunnel up
Amber = Activity
You can change the behavior of this script by changing each LED=$COLOR line.
Response time for tunnel up/down indication for my setup is 60sec for client connect and 120sec for disconnect. I believe the disconnect response could be improved by changing your keepalive setting in your VPN config.
Mine is set to:
keepalive 10 120
This means OpenVPN will ping the client every 10sec and assume the client has disconnect if no reply is received within 120sec. lowering the last value should improve the response time but be careful not to lower it too much as not to cause connection drops due to timeout
LAST_ACT="$(cat /proc/net/dev |egrep "tap|tun")"
while [ 1 ]; do
if [ $(cat "$VPN_STATUS" |grep -c "") -gt 6 ]; then
# tunnel up. White LED
LED=$WHITE
ACT_STRING="$(cat /proc/net/dev |egrep "tap|tun")"
if [ "$ACT_STRING" != "$LAST_ACT" ]; then
LED=$AMBER
LAST_ACT=$ACT_STRING
else
LED=$WHITE
LAST_ACT=$ACT_STRING
fi
else
# tunnel down. All leds OFF
LED=$BLACK
fi
if [ "$LED" != "$PLED" ]; then
eval $LED
LAST_LED=$LED
fi
sleep 1
done
}
vpn_leds &
I've pondered checking the up/down status of multiple links quite a bit... and so far it always comes down to the fact that, yes - you can put together a way to check multiple tunnels or status files but with only 1 LED light I believe it becomes a invalid point.
By the same reasoning you could say checking for up/down status is useless when more than one tunnel exists *shrug*
Personally I use it to show that my site-to-site bridge is up and ignore the up/down status of my tun interface for mobile clients
However. What if i added another site-to-site bridge? I could script to check the status but how to indicate with only 1 light... this is where it starts to break down
Posted: Wed Jul 04, 2012 3:29 Post subject: VPN activity indicator for v24-sp2
Unfortunately onemyndseye's nice script doesn't work properly under v24 since it's difficult to get the status commands into the openvpn.conf (I'd be happy to learn how to do that though).
Here's a variant that doesn't require the status command. The LED is dark until the TUN/TAP interface comes up. From then on it turns amber during activity and white during quiescence.
When the link goes down though the LED does not return to dark since nothing in the file system seemed to indicate that condition. E.g. the /tmp/openvpncl directory remains present forever.
Just add this via Administration->Commands->Save Startup.
while [ 1 ]; do
if [ -e "$VPN_STATUS" ]; then
# Tunnel has been started, check for activity
ACTIVITY="$(egrep 'tap|tun' /proc/net/dev)"
LED=$WHITE
if [ "$ACTIVITY" != "$LAST_ACT" ]; then
LAST_ACT=$ACTIVITY
LED=$AMBER
fi
if [ "$LED" != "$LAST_LED" ]; then
LAST_LED=$LED
eval $LED
fi
fi
sleep 1
done
}