Monitor OPNsense internet connection

!README.md

Monitor OPNsense internet connection

The WAN facing connection is sometime reinitialised and lost by the OPNsense server.

The solution is to monitor the WAN facing connection.

The script referenced above will try to restore the connetion by bringing the interface down and then up. If that does not work, it will issue a reboot of the system.

To enable monitoring, on needs to add a cron job in OPNsense that calls the action created by the script every 5 minutes for instance (less/more).

You may need to update the interface.

So to install this script: a. Copy it to your OPNsense instance. b. Execute it once interactively (copies script, and adds action)

Using the OPNsense UI, this action can be enabled as a cron job. Cron jobs are added under System>Settings>Cron. Add an entry that you:

1. Enable
2. Set minutes to */5
3. Select "ping_check" as the command
4. Set a description such as "Ping check and recover connection"
5. Click save.

Screenshot of adding action to the cron jobs:

opnsense_ping_check.sh

#!/bin/sh
# Script for OPNsense to monitor WAN facing connection
# - When failing:
#   1. down and up the interface, check again
#   2. When still failing, reboot OPNsense

# The second part of this script will also install
# an action on opnsense and copy the script to a system
# location.
#
# Therefore, to install this script:
#  a. Copy it to your OPNsense instance.
#  b. Execute it once interactively (copies script, and adds action)
#
# Using the OPNsense UI, this action can be enabled as a cron
# job.  Cron jobs are added under System>Settings>Cron.
# Add an entry that you:
#  1. Enable
#  2. Set minutes to "*/5"
#  3. Select "ping_check" as the command
#  4. Set a description such as "Ping check and recover connection"
#  5. Click save.
#
# Likely adapted from
#   http://blog.martinshouse.com/2014/06/pfsense-auto-reboot-if-internet.html
#


# First IP to ping to check if connection is up
IP1=8.8.8.8  # Google DNS Server 1
# Second IP to ping to check if connection is up
IP2=8.8.4.4  # Google DNS Server 2
# Minimum uptime
MIN_UPTIME=120

# Testing uptime to run script only xx seconds after boot
# Current time
curtime=$(date +%s)
# Bootime in seconds
uptime=$(sysctl kern.boottime | awk -F'sec = ' '{print $2}' | awk -F',' '{print $1}')
# Uptime in seconds
uptime=$((curtime - uptime))

# If boot is longer than 120 seconds ago...
if [ $uptime -gt $MIN_UPTIME ]; then

  # A message to the console (If you want feedback)
  # echo "Testing Connection at" `date +%Y-%m-%d.%H:%M:%S` "uptime:" $uptime "seconds" >> file.txt
  # wall file.txt
  # rm file.txt

  # Try 1 or 2 minutes worth of very short pings to the selected servers.
  # Quit immediately if we get a single frame back.
  # If neither server responds at all then reboot the firewall.

  counting=$(ping -o -s 0 -c 10 $IP1 | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')

  if [ "$counting" -eq 0 ]; then

    counting=$(ping -o -s 0 -c 10 $IP2 | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')

    if [ "$counting" -eq 0 ]; then

      # trying to just restart NIC

      ifconfig igb0 down
      ifconfig igb0 up

      counting=$(ping -o -s 0 -c 10 $IP1 | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }' )

      if [ "$counting" -eq 0 ]; then

        # network down
        # Save RRD data

        /usr/local/etc/rc.reboot
      fi
    fi
  fi
fi


# Optional, add opnsense action for this script, which can then be added
# as a cron job in the UI:
TARGET_ACTION=/usr/local/opnsense/service/conf/actions.d/actions_ping_check.conf
TARGET_LOCATION=/usr/local/sbin/ping_check.sh

# Copy this script to target location if needed
if [ ! -r "$TARGET_LOCATION" ] ; then
  cp "$0" "$TARGET_LOCATION"
  chmod +x "$TARGET_LOCATION"
fi

# Add action if needed
if [ ! -r "$TARGET_ACTION" ] ; then
  cat > "$TARGET_ACTION" <<EOACTION
[load]
command:$TARGET_LOCATION
parameters:
type:script
message:starting ping check
description:ping_check
EOACTION
fi

OPNsense_ping_cron.png