Ping, packet lost and exit level

asidko · July 23, 2022, 3:06pm

Hi guys.

I'm trying to setup some kind of reachability monitoring over l2l VPN for right openenwrt router using standard ping. where:

192.168.172.1 - right openwrt router
192.168.174.242 - left openwrt router

I'd like to achieve behavior like bellow:

send 10 icmp packets from left to right routers (via s2s VPN)
if packet lost more than 10-20% restart ipsec
if packet lost less than 10-20% exit scpir with level 0 (do nothing).

bellow my small script:

#!/bin/ash
  /bin/ping -c10 -q 192.168.172.1 -I 192.168.174.242 > /dev/null
  if [ $? -eq 0 ]
    then
      /usr/bin/logger "as for `date` RA VPN to home is up, gate is reachable"; exit 0
    else
        /usr/sbin/ipsec stop; /usr/sbin/ipsec stop; /usr/sbin/ipsec stop; sleep 1
       /etc/init.d/ipsec start
      /usr/bin/logger "as for `date` RA VPN to home was down !!!! tried to re-establish. !!!!"
  fi

I'm hitting behavior like this:
if ping gets at least 1 of 10 packet lost, script exit with exit 1 status and ipsec resetting tunnel even it up and reachable.

/bin/ping -c4 -q 192.168.172.1 -I 192.168.174.242

as results VPN reloads couple times per hour...

I took a look at opkg repository, but unfortunately did not find something suitable for my situation..

Could you suggest

grrr2 · July 23, 2022, 3:33pm

what about processing the normal output, ie. removing -q and parse last line which shows statistics?

asidko · July 23, 2022, 3:34pm

bellow is validation of my initial post. I wrote one more script to clarify what I meant:

#!/bin/ash
/bin/ping -c30 192.168.172.2 -I 192.168.174.242
if [ $? -eq 0 ]; 
then 
  echo Successful ; 
else 
  echo Failure 
fi

results:

root@a81m8:/home/sam# ./ping-exit-levels.ash
PING 192.168.172.2 (192.168.172.2) from 192.168.174.242: 56 data bytes
64 bytes from 192.168.172.2: seq=0 ttl=63 time=71.728 ms
64 bytes from 192.168.172.2: seq=1 ttl=63 time=54.917 ms
-= omitted for briefly =-
64 bytes from 192.168.172.2: seq=28 ttl=63 time=76.855 ms
64 bytes from 192.168.172.2: seq=29 ttl=63 time=42.903 ms

--- 192.168.172.2 ping statistics ---

**> 30 packets transmitted, 28 packets received, 7% packet loss**

round-trip min/avg/max = 34.354/59.887/83.058 ms

**> Failure**

root@a81m8:/home/sam#

30 icmp requests sent 28 icmp replies received. Tunnel is UP , but script exit w/ error level 1 ("Falure above")

grrr2 · July 23, 2022, 3:36pm

yes, because there was failure.

very raw code:

ping -c1 -W1 -w1 -q x.x.x.x| awk -F',' '/transmitted/{print $3}'| awk '{print $1}'
100%

will tell 100% packet loss in case x.x.x.x is not reachable, and any other percentage according to success rate.

pavelgl · July 23, 2022, 3:45pm

loss=$(/bin/ping -c10 -q -W 1 192.168.172.1 -I 192.168.174.242 | /bin/grep received | /usr/bin/awk '{print $7}' | /bin/sed 's/%//')
if [ $loss -lt 20 ]; then
   #exit
else
   #restart
fi

asidko · July 23, 2022, 3:54pm

Thank you grrr2!

asidko · July 23, 2022, 3:55pm

Thank you pavelgl!