有些诊所的***连接几乎每隔2天就得重置一下,怎么办呢?而且有的诊所所在区域过于偏僻,只能使用4G上网 偏偏我们的廉价路由器对于动态dns的***支持又很烂,只能使用IP连接。
第一个反应是写个脚本巡回检查,有问题就重置吧。Vyos这个实例本身是基于linux的 但是他把Shell这些命令都移除了,控制台只能输入网络相关的配置命令。不过我可以通过PowerShell的posh-ssh模块远程连接,然后通过ssh的session发送命令是一样的。
if( Test-connection -ComputerName au-svr-dc-01 -Count 3 -Quiet){
Write-Host "Connection to Gladsville is good" -ForegroundColor Green
}
else{
$nopasswd = new-object System.Security.SecureString
$Crendential= New-Object System.Management.Automation.PSCredential ("vyos", $nopasswd)
New-SSHSession –ComputerName 172.16.1.52 -KeyFile ‘c:\temp\vpau.pem‘ -Credential $Crendential
$session = Get-SSHSession -Index 0
$stream = $Session.Session.CreateShellStream("dumb", 0, 0, 0, 0, 1000)
#Invoke-VyOSCommand -Command "show *** ike sa | grep -A5 -B5 Bexley" -Stream $stream
#sleep 4
$command="reset *** ipsec-peer 61.69.91.242"
$stream.write($command)
sleep 2
$stream.read()
Remove-SSHSession -SessionId 0
$Changetime=get-date
"$Changetime Reset tunnel of Gladsvilled" | out-file C:\temp\bexley\logs.txt -Append
}
if(Test-Connection -ComputerName BX-SVR-DCDB-01 -Count 3 -Quiet){
#if connection is fine, ignore
Write-Host "Connection to Bexley is good" -ForegroundColor Green
}
else{
$temp=gc C:\temp\bexley\bexley.txt
$computer=‘bexleyvet.dyndns.org‘
$new=[system.net.Dns]::GetHostAddresses($computer) | select -expand IPaddressTostring
if($temp -eq $new){
Write-Host "IP is the same, will reset tunnel.." -ForegroundColor Yellow
#if IP is the same, simply reset the tunnel
$nopasswd = new-object System.Security.SecureString
$Crendential= New-Object System.Management.Automation.PSCredential ("vyos", $nopasswd)
New-SSHSession –ComputerName 172.16.1.52 -KeyFile ‘c:\temp\vpau.pem‘ -Credential $Crendential
$session = Get-SSHSession -Index 0
$stream = $Session.Session.CreateShellStream("dumb", 0, 0, 0, 0, 1000)
#Invoke-VyOSCommand -Command "show *** ike sa | grep -A5 -B5 Bexley" -Stream $stream
#sleep 4
$command="reset *** ipsec-peer $new"
$stream.write($command)
sleep 2
$stream.read()
Remove-SSHSession -SessionId 0
$Changetime=get-date
"$Changetime Reset tunnel of Bexley" | out-file C:\temp\bexley\logs.txt -Append
}
else{
Write-Host "IP is changed, will create new entry" -ForegroundColor Red
$nopasswd = new-object System.Security.SecureString
$Crendential= New-Object System.Management.Automation.PSCredential ("vyos", $nopasswd)
New-SSHSession –ComputerName 172.16.1.52 -KeyFile ‘c:\temp\vpau.pem‘ -Credential $Crendential
$session = Get-SSHSession -Index 0
$stream = $Session.Session.CreateShellStream("dumb", 0, 0, 0, 0, 1000)
#Invoke-VyOSCommand -Command "config" -Stream $stream
sleep 6
$commands=@(
"config"
"set *** ipsec site-to-site peer $new"
"set *** ipsec site-to-site peer $new authentication mode pre-shared-secret"
"set *** ipsec site-to-site peer $new authentication pre-shared-secret 8M6b111ddd"
"set *** ipsec site-to-site peer $new connection-type respond"
"set *** ipsec site-to-site peer $new default-esp-group AWSGL"
"set *** ipsec site-to-site peer $new description Bexley"
"set *** ipsec site-to-site peer $new ike-group AWSGL"
"set *** ipsec site-to-site peer $new local-address 172.16.1.52"
"set *** ipsec site-to-site peer $new tunnel 0 local prefix 172.16.0.0/16"
"set *** ipsec site-to-site peer $new tunnel 0 remote prefix 10.2.2.0/24"
"set *** ipsec site-to-site peer $new authentication id 54.66.164.57"
"del *** ipsec site-to-site peer $temp"
"commit"
"save"
"exit"
)
foreach ($command in $commands){
#Invoke-VyOSCommand -Command $command -Stream $stream
$stream.write($command+"`n")
$stream.read()
sleep 2
}
$stream.write("show *** ike sa | grep -A5 -B5 Bexley")
$Changetime=get-date
"$Changetime IP Address is changed from $temp to $new" | out-file C:\temp\bexley\logs.txt -Append
$new | out-file C:\temp\bexley\bexley.txt
Remove-SSHSession -SessionId 0
}
}执行上面的脚本 每分钟跑一次,可以看见日志他会自动根据IP的变化自动配置vyos或者进行reset
09/19/2018 08:59:32 IP Address is changed from 123.209.234.194 to 123.209.111.152
09/19/2018 16:22:59 Reset tunnel of Bexley
09/19/2018 16:39:56 Reset tunnel of Gladsvilledaws的服务器这边可以自动重置了 但是诊所那头的路由器时不时也得重置一下。前面说了 廉价路由器嘛,不支持ssh,不支持api,只有一个网页可以进行配置。一时半刻想不出太好的方法,爬虫的话,Python scrapy好像有点小题大做,后来干脆用IE com来模拟一下网页操作好了。
测试工作之后就扔到计划任务里面跑就是了
get-process -Name iexplore | Stop-Process
$Url = "https://10.2.2.1”
$Username=”cccc”
$Password=”22222333”
$IE = New-Object -com internetexplorer.application;
# $IE.visible = $true;
$IE.navigate($url);
# Wait a few seconds and then launch the executable.
while ($IE.Busy -eq $true)
{
Start-Sleep -s 2;
}
#
#if($IE.Document.url -match "invalidcert"){
Write-Host "Bypass SSL Error Page" -ForegroundColor Cyan
$link=$IE.Document.getElementsByTagName(‘A‘) | Where-Object{$_.id -eq ‘overridelink‘}
Write-Host "Loading Login page "
$link.click()
Start-Sleep -s 3
#}
$document = $ie.Document
$form = $document.forms[0]
$inputs = $form.getElementsByTagName("input")
($inputs | where {$_.name -eq "username"}).value = $Username
($inputs | where {$_.name -eq "Password"}).value = $Password
($inputs | where {$_.name -eq "login"}).click()
while ($IE.Busy -eq $true)
{
Start-Sleep -s 2;
}
$IE.navigate(‘https://10.2.2.1/***_summary.htm‘)
$document = $ie.Document
Start-Sleep -s 5
$form = $document.forms[0]
$tables = $form.getElementsByTagName("table")
$table=($tables | where {$_.id -eq "tblonetoone"})
$button=$table[0].getElementsByClassName("STbutton")
"Click once"
$button[1].click()
$changetime=get-date
"$changetime Reset ××× connection " | Out-File c:\temp\logs.txt -Append基本上我的结局方案就暂时这样了,AWS的服务器和路由器两头都靠脚本不停的扫描,一旦发现***中断 就进行重置和配置。出了问题大概30秒内也能自动回复。按照我老板的话说,如果咱们买个5000刀的设备,那么肯定是要求0中断,不过咱用的是300刀的设备,那么每年重启个几次,或者有些网络不稳定也是okay的啦~
原文:http://blog.51cto.com/beanxyz/2177334