Update Networking/Sophos/Site-to-Site VPNs/IPSec/Automatic Tunnel Resetting.md

2024-09-12 19:31:02 -06:00
parent 72cbedc0f1
commit 95c2a405fb
1 changed files with 39 additions and 28 deletions
--- a/Networking/Sophos/Site-to-Site
+++ b/Networking/Sophos/Site-to-Site
@ -8,50 +8,61 @@
 ## Configure Sophos XGS Firewall ACLs
 You need to configure a user account that will be specifically used for leveraging the API controls that allow resetting the VPN tunnel(s).  At this stage, you need to log into your Sophos XGS Firewall 

+## Choose a Server to Put Script On
+It is important to choose a server/device that is able to communicate with the devices on the remote end of the tunnel.  If it cannot ping the remote device(s), it will assume that the tunnel is offline and do an infinite loop of restarting the VPN tunnel.  
+
 ## Prepare the Script Folder
 You need a place to put the script (and if on Windows, `curl.exe`).  Follow the instructions specific to your platform below:

 === "Windows"
    Download `curl.exe` from this location: [Download](https://curl.se/windows/dl-8.10.0_1/curl-8.10.0_1-win64-mingw.zip) and place it somewhere on the operating system, such as `C:\Scripts\VPN_Tunnel_Checker`.  Then copy this script into that same folder and call it `Tunnel_Checker.ps1` with the content below:

+    !!! note "Curl Files Extraction"
+        You will want to extract all of the files included in the zip file's `bin` folder.  Specifically, copy the following files into the `C:\Scripts\VPN_Tunnel_Checker` folder:
+        
+        - `curl.exe`
+        - `curl-ca-bundle`
+        - `libcurl-x64.def`
+        - `libcurl-x64.dll`
+
    ``` powershell
-        function Reset-VPN-Tunnel {
-        Write-Host "VPN Tunnel Broken - Bringing VPN Tunnel Down..."
-        .\curl -k https://172.16.16.16:4444/webconsole/APIController?reqxml=<Request><Login><Username>TunnelCheckerAPIUser</Username><Password>01_placeholder_PASSWORD_here_02</Password></Login><Set><VPNIPSecConnection><DeActive><Name>VPN_TUNNEL_NAME</Name></DeActive></VPNIPSecConnection></Set></Request>
+    function Reset-VPN-Tunnel {
+    Write-Host "VPN Tunnel Broken - Bringing VPN Tunnel Down..."
+    .\curl -k https://172.16.16.16:4444/webconsole/APIController?reqxml=<Request><Login><Username>TunnelCheckerAPIUser</Username><Password>01_placeholder_PASSWORD_here_02</Password></Login><Set><VPNIPSecConnection><DeActive><Name>VPN_TUNNEL_NAME</Name></DeActive></VPNIPSecConnection></Set></Request>

-        Start-Sleep -Seconds 5
+    Start-Sleep -Seconds 5

-        Write-Host "Bringing VPN Tunnel Up..."
-        .\curl -k https://172.16.16.16:4444/webconsole/APIController?reqxml=<Request><Login><Username>TunnelCheckerAPIUser</Username><Password>01_placeholder_PASSWORD_here_02</Password></Login><Set><VPNIPSecConnection><Active><Name>VPN_TUNNEL_NAME</Name></Active></VPNIPSecConnection></Set></Request>
+    Write-Host "Bringing VPN Tunnel Up..."
+    .\curl -k https://172.16.16.16:4444/webconsole/APIController?reqxml=<Request><Login><Username>TunnelCheckerAPIUser</Username><Password>01_placeholder_PASSWORD_here_02</Password></Login><Set><VPNIPSecConnection><Active><Name>VPN_TUNNEL_NAME</Name></Active></VPNIPSecConnection></Set></Request>
+    }
+
+    function Check-VPN-Tunnel {
+    # Server Connectivity Check
+    Write-Host "Checking Tunnel Connection to PLACEHOLDER..."
+    if (-not (Test-Connection '10.0.0.29' -Quiet)) {
+            Reset-VPN-Tunnel
        }

-        function Check-VPN-Tunnel {
-        # Server Connectivity Check
-        Write-Host "Checking Tunnel Connection to PLACEHOLDER..."
-        if (-not (Test-Connection '10.0.0.29' -Quiet)) {
-                Reset-VPN-Tunnel
-            }
-
-        # Server Connectivity Check
-        Write-Host "Checking Tunnel Connection to PLACEHOLDER..."
-        if (-not (Test-Connection '10.0.0.30' -Quiet)) {
-                Reset-VPN-Tunnel
-            }
+    # Server Connectivity Check
+    Write-Host "Checking Tunnel Connection to PLACEHOLDER..."
+    if (-not (Test-Connection '10.0.0.30' -Quiet)) {
+            Reset-VPN-Tunnel
        }
+    }

-        function Trace-VPN-Tunnel {
-            Write-Host "Tracing Path to PLACEHOLDER:"
-            pathping -n -w 500 -p 100 10.0.0.29
+    function Trace-VPN-Tunnel {
+        Write-Host "Tracing Path to PLACEHOLDER:"
+        pathping -n -w 500 -p 100 10.0.0.29

-            Write-Host "Tracing Path to PLACEHOLDER:"
-            pathping -n -w 500 -p 100 10.0.0.30
-        }
+        Write-Host "Tracing Path to PLACEHOLDER:"
+        pathping -n -w 500 -p 100 10.0.0.30
+    }

-        CD "C:\Scripts\VPN_Tunnel_Checker"
-        Check-VPN-Tunnel
+    CD "C:\Scripts\VPN_Tunnel_Checker"
+    Check-VPN-Tunnel

-        #Write-Host "Checking Tunnel Quality After Running Script..."
-        #Trace-VPN-Tunnel
+    #Write-Host "Checking Tunnel Quality After Running Script..."
+    #Trace-VPN-Tunnel
    ```
        
 === "Linux"