Placing files in /etc/network/if-up.d/ you can invoke a script whenever the interface is brought up. But that doesn't mean internet connectivity has been established. This happens to me quite frequently. For instance, the code below
#!/bin/sh
# Don't bother to do anything for lo.
if [ "$IFACE" = lo ]; then
exit 0
fi
# Only run from ifup.
if [ "$MODE" != start ]; then
exit 0
fi
# we only care about inet and inet6.
case $ADDRFAM in
inet|inet6|NetworkManager)
;;
*)
exit 0
;;
esac
/path/to/my/script
exit 0
Calls the script as soon as interface is brought up. But most often, I still do not have network connectivity, so my script fails because it tries to connect to the web.
What am I doing wrong?
By the time the interface is up, it doesn't means that you have a connectivity at all. If the interface is configured to get IP from DHCP for example, few seconds are needed for the IP configurations.
To check for Internet connectivity, you can query the IP of a known webpage with nslookup or dig. If you get a valid answer you can proceed. Otherwise, wait and repeat for a certain number of retries before aborting.
Now why to use the DNS system to check for Internet connectivity? I think that is the most easy and convenient way to check that all network aspects are properly configured (IP address, routes, DNS, etc).
Related
My case is as follows:
While at office, I use site-to-site VPN and my DNS servers are part of the office domain, which can be accessed only through the VPN.
While at home, I can connect to point-to-site VPN and DNS is working just fine.
The problem occurs while not connecting to the VPN in either way. I'm using systemd-resolved and my first 2 DNS servers are the domains servers, while the rest of the DNS servers can be reached without VPN.
Every request is sent to the first 2 servers, waiting for their response and since they are unreachable, it will take a few seconds for each request to reach a working DNS server.
My question is, can I set the system to ignore unreachable DNS servers for defined time before trying them again?
You can use work around with simplest script. If your VPN is off just change DNS. like this for example.
status=$(systemctl is-active --quiet service "your vpn site-to-site.service" && echo "running" );
if [ "$status" != "running" ]
then
"put your command here to change DNS when VPN is OFF"
else
"put your command here to change DNS when VPN is ON"
fi
Of course you can also checking current DNS settings to prevent no needed
the same changes in file if you will use cron for example.
I can help you with this script, but I need to see your
/etc/systemd/resolved.conf first. Of course without original IP
Your DNS settings should also be dynamically configured. If (for whatever strange reason) that is not possible, you have two options:
You can do some tweaking in your /etc/resolv.conf by adding line
options timeout:1
This will make internal resolver wait max. 1 second for answer before trying the next nameserver (default value is 5)
Install local DNS server, preferably lightweight one like dnsmasq or unbound. Configure it to forward requests for "example.com" to your internal DNS servers, and all other requests to default (public) DNS servers. Configure your OS resolver to use local DNS server.
I am writing a relatively small bash script that is supposed to update DNS records for a server behind a NAT which might change its external IP address. Essentially a free DynDNS using my DNS provider's API.
I am retrieving the server's IP address using a simple query to an external service. But for the sake of security, before pointing my DNS A record to a new arbitrary IP address given to my by an external service I first need to verify that this indeed is the server's IP address. And this check would need to involve a cryptography step since an active MITM attack could be taking place and just forwarding traffic to the server's real IP address.
So what would be the simplest way (if possible through bash) to verify that this is indeed the server's IP address?
I presume you mean that the bash script is running somewhere other than the server whose IP you need to determine?
The obvious solution would be to connect using ssh with strict host checking (and a remembered server key) or via SSL with certificate versification (you could use a self-signed certificate). The former is a bit easier to do out of the box.
Assuming that $IP is the server's new external IP address, this works by first acquiring the servers SSH keys by running ssh-keyscan on localhost and generating a temporary known hosts file. It then substitutes 127.0.0.1 with the given $IP and initiates an ssh session with the temporary known hosts file to the remote IP address. If the session is established and the key verification is successful the command will exit cleanly. Otherwise it will output the Host key verification failed. message. This will work even if authentication with the server fails as host key verification is done before authentication. The script finally checks whether the ssh output includes the given error message and returns valid or invalid correspondingly.
TMP_KNOWN_HOSTS=$(mktemp)
ssh-keyscan 127.0.0.1 > $TMP_KNOWN_HOSTS
sed -i "s/127\.0\.0\.1/$IP/" $TMP_KNOWN_HOSTS
RESPONSE=$(ssh -n -o "UserKnownHostsFile $TMP_KNOWN_HOSTS" -o "StrictHostKeyChecking yes" $IP true 2>&1)
if ! [[ $RESPONSE = *"Host key verification failed."* ]]; then
echo "valid"
else
echo "invalid"
fi
so I made a script that logs into my schools vpn automatically by entering my username and password for me in my raspberry pi. Now I am trying to see if there is a way I can have a script running in the background that detects that I am connected to my vpn and also to my local wifi. If it detects there is no connection, then it will run my script of logging into the vpn automatically.
Below is the script I use to login to my vpn automatically my login.sh file:
#!/usr/bin/expect
spawn sudo openconnect vpn.ucr.edu/engineering
expect -r "\[sudo] .*\: " {
send "pw_for_my_linux\n"
}
expect "Username:" {
send "my_vpn_username\n"
}
expect "Password:" {
send "vpn_password\n"
}
interact
Perhaps you can use ethtool and check the connection status by looking at network interfaces.
ifconfig
(view network interface names, select network interface known to be associated with working vpn)
sudo ethtool eth0
Where 'eth0' is replaced by the name of the network interface that your vpn software is using
OUTPUT should look something like this if it's communicating (replace example net interface name eth0 with relevant one you can see in ifconfig):
Current message level: 0x00000007 (7)
drv probe link Link detected: yes
OUTPUT if down?:
Settings for eth0:
Link detected: no
In your bash code you can poll the 'link detected' status, parse out the answer to determine if you try reconnecting. Warning, haven't been able to test this on a vpn connection -- I have to use a special client other than openconnect, and for me I know the VPN is down if I run
ifconfig | grep "tun0"
If that returns something, VPN is up. If my network interface called tun0 is missing, VPN is not up.
Hope this gets you moving in the right direction!
In Linux (Ubuntu), I want to programmatically check if there is Internet connection (or if eth0 is connected).
I'm doing this because I am writing a program that requires network connection on a system that is highly prone to lose connection.
So I was thinking maybe a script that I can run periodically to check.
Can you give me good suggestions?
Here is a quick script that will accomplish what you want:
EMAIL=youremail#something.com
ping -c 5 8.8.8.8 >> /dev/null
if [ $? -eq 0 ]
then
echo "Able to reach internet!" | mail $EMAIL
else
echo "Unable to reach internet!" | mail $EMAIL
fi
Obviosly you can change the mail to something else to do depending on what your goal is
EDIT: to explain, this pings googles dns server to ensure you are connected and sends you an email one way or the other. The email part on failure will only work of course if you have a local email server on your network.
/sbin/ifconfig would be an excellent "get adapter status" command to script.
cron would be an excellent way to execute the script.
I also suggest to ping or perhaps wget some distant server (preferably the one you want to connect to). The network could work well on the local campus, but not well on intercontinental connections (e.g. because some cables has been cut).
Does anyone know a way to detect a change of IP address in Linux. Say I have dhcpcd running, and it assigns a new IP address, is there a way I can get a notification when it changes? I can't use D-Bus, because this is an embedded ucLinux build that doesn't have it.
inotify on something in /proc/net/ ?
This is an old question, but I will answer for those who will arrive by Google (such as myself). After struggling for a while, I found out that you don't necessarily need to poll or hack a C solution for this. For my case, I wanted to update my home server's (dynamic dns) domain when the IP changes.
If you are running dhcpcd, you are in luck. dhcpcd will run hook scripts when anything happens. See man dhcpcd-run-hooks (online here). Basically you will want to modify or create your own dhcpcd.enter-hook or dhcpcd.exit-hook depending on what you want to do with the data provided by the event.
The command
ip monitor
will show you this kind of thing happening. It uses some the netlink API which is rather tricky and not documented well (at least for humans to understand). However, it is able to get notified by the kernel of various events, such as changes of assigned IPs, routing tables and link status (e.g. someone unplugged the network)
Since DHCP activity is sent to syslogd you could create a named pipe, direct syslog traffic to it and watch the stream for IP address updates. See 'man syslogd' and 'man syslog.conf'.
Edit: Another approach would be to use inotify to monitor the DHCP leases file for the interface. Under Ubuntu 9.10 that is in the /var/lib/dhcp3 directory.
What I thought of was running this script from cron every 10 or so minutes, depending on your link.
If I wrote this right, it only nsupdates when there is an IP change, so no undue load is creater on the zone's master server.
#!/bin/bash
OLD_IP=`cat ip.txt`
NEW_IP=`/sbin/ifconfig | awk -F "[: ]+'{ print $4}'` #adapted from something I got from the internets.
if [ $NEW_IP != OLD_IP ]; then
nsupdate <commands> #it seems like the keys need to be in the same directory from where nsupdate was called
fi
echo $NEW_IP > ip.txt
exit 0 #not sure if this is necessary
Not tested!
This is an older thread but in case someone finds it like I did, I wrote something that does network change detection/notification in Linux awhile back (mostly targeted at helping VPN users), and thanks to some pushy friends I put it up for others to use. It's a pet project now and I'm actively maintaining it, so feature requests and feedback are welcome.
http://code.google.com/p/ipcheck/source/browse/ipcheck.sh
I think you can use dbus to do this on modern Linux distributions. If your distribution uses NetworkManager, see this document for information about its dbus interface:
http://people.redhat.com/dcbw/NetworkManager/NetworkManager%20DBUS%20API.txt
If you have a router running DD-WRT and have the status page in use when going to the router, you can, with a script... wget the status page, cat for the ip address and write it to a file for comparison, have an email send when the latest wget ip address has changed from what is in the comparison file.
I'm running dd-wrt on a linksys wrt54g router and use this script:
It wgets the router status page from 192.168.3.1, uses cat on the page (index.html) and greps for the wan ip address, then writes it to a file (gotip.txt).
A comparison is made between the captured ip (gotip.txt) and the current working ip (workingip.txt). If the ip addresses are different, I get an email sent by send mail of the new ip, and the new working ip is written into the workingip.txt file.
Cron run this every 5 min or so and I have the cron output silenced to /dev/null
#!/bin/bash
getip=$(wget http://192.168.3.1/)
cat index.html | grep "wan_ipaddr" > gotip.txt
gotip=$(cat gotip.txt)
compare=$(cat workingip.txt)
if [[ "$compare" != "$gotip" ]]
then
EMAIL="youremail#foo.net"
EMAILMESSAGE="/home/pi/ipmessage.txt"
echo "ip address is now $gotip" >> $EMAILMESSAGE
/usr/sbin/sendmail -t "$EMAIL" < $EMAILMESSAGE
rm ipmessage.txt
cp gotip.txt workingip.txt
rm index.html
else
echo "done"
rm index.html
fi