Fixed several bugs in vpn-watch script.

The counter was pending between 0 and 1 and not going up to 9.

If ipsec whack is returning and empty page we do not need to check
if the remoteip has changed because the tunnel is not up.

If ipsec is restarted the counter can be reset.

All these facts causes that on low powered system the tunnels are
intable if you have a lot of them. But we need to check if the
convergation timer is okay because with these bugs the tunnels
were minutly restarted and with correct handling after 10.

config/rootfiles/core/45/filelists/files

@@ -7,4 +7,5 @@ srv/web/ipfire/cgi-bin/proxy.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
 usr/sbin/updxlrator
 var/ipfire/outgoing/bin/outgoingfw.pl
-srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat
+usr/local/bin/vpn-watch

config/rootfiles/core/45/update.sh

@@ -28,6 +28,8 @@
 #Stop services
 echo Stopping Proxy
 /etc/init.d/squid stop 2>/dev/null
+echo Stopping vpn-watch
+killall vpn-watch
 
 #
 #Extract files
@@ -39,6 +41,8 @@ echo Starting Proxy
 /etc/init.d/squid start 2>/dev/null
 echo Rewriting Outgoing FW Rules
 /var/ipfire/outgoing/bin/outgoingfw.pl
+echo Starting vpn-watch
+/usr/local/bin/vpn-watch &
 
 #
 #Update Language cache

src/scripts/vpn-watch

@@ -1,6 +1,6 @@
 #!/usr/bin/perl 
 ##################################################
-#####     VPN-Watch.pl     Version 0.5       #####
+#####     VPN-Watch.pl     Version 0.6       #####
 ##################################################
 #                                                #
 #   VPN-Watch is part of the IPFire Firewall     #
@@ -32,7 +32,7 @@ while ( $i == 0){
   $round++;
 
    # Reset roundcounter after 10 min. To do established check.
-  if ($round > 9) { $round=0 }
+  if ($round > 9) { $round==0 }
 
   if (open(FILE, "<${General::swroot}/vpn/config")) {    @vpnsettings = <FILE>;
     close(FILE);
@@ -55,17 +55,22 @@ foreach (@vpnsettings){
   my $remoteip = `/usr/bin/ping -c 1 $remotehostname 2>/dev/null | head -n1 | awk '{print \$3}' | tr -d '()' | tr -d ':'`;chomp($remoteip);
   if ($remoteip eq ""){next;if ($debug){logger("Unable to resolve $remotehostname.");}}
   my $ipmatch= `echo "$status" | grep '$remoteip' | grep '$settings[2]'`;
-  my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`; 
+  my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`;
   
-  if ( $ipmatch eq '' ){
+  if ( $ipmatch eq '' && $status ne ''){
     logger("Remote IP for host $remotehostname($remoteip) has changed, restarting ipsec.");
     system("/usr/local/bin/ipsecctrl S $settings[0]");
+    $round=0;
     last; #all connections will reloaded
           #remove this if ipsecctrl can restart single con again
   }
-  if ( ($round = 0) && ($established eq '')) {
+
+  if ($debug){logger("Round=".$round." and established=".$established);}
+
+  if ( ($round == 0) && ($established eq '')) {
     logger("Connection to $remotehostname($remoteip) not erouted, restarting ipsec.");
     system("/usr/local/bin/ipsecctrl S $settings[0]");
+    $round=0;
     last; #all connections will reloaded
           #remove this if ipsecctrl can restart single con again