Check current VPN Connections in Vyatta-flavored systems

vpnchk

#!/usr/bin/env python
import os

run = '/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper'
runusr = '/opt/vyatta/bin/vyatta-op-cmd-wrapper'
red=31
green=32
reset=37

def make_color(color):
        return '\033[1;%d;40m'%color

def call(command):
        return os.popen(command).read()


def callusr(command):
        cmd = '%s %s'%(runusr, command)
        return call(cmd)


def callcfg(command):
        cmd = '%s %s'%(run, command)
        return call(cmd)


def sa(ip):
        l1 = callusr("show vpn ipsec sa | grep %s | awk 'BEGIN {FS=\",\"}; {print $2 $3};'"%ip).split('\n')[0]
        return l1

lst = callcfg("show vpn ipsec site-to-site peer | grep peer | awk '{print $2};'").split('\n')
lst = lst[:len(lst)-1]


def doloop():
        for peer in lst:
                # TODO: Add check for tunnel <n> disable

                ip=callcfg("show vpn ipsec site-to-site peer %s tunnel 1 remote prefix | awk '{print $2};' | cut -f 1 -d \/ | cut -f 1,2,3 -d ." % peer).split('\n')[0] + '.1'
                saa = sa(peer).split(' ')
                if (len(saa) < 2):
                        status = "NOT CONNECTED"
                        ike = "UNKNOWN"
                else:
                        status = saa[1]
                        ike = saa[2]
                color = green
                if not os.system('ping -c 1 -i 0.3 -W 1 %s > /dev/null' % ip) == 0:
                        color = red

                print('%s %s route for peer %s is %s over %s.%s' % (make_color(color), ip, peer, status, ike, make_color(reset)))

doloop()