M0n0wall IPSEC VPN Auto Updater

This is a PHP script that will automatically update the setup for a specific IPSEC VPN.


M0n0wall currently does not support an IPSEC tunnel where one or both ends are dynamic IP address*. Along with the dynamic DNS service that is built into m0n0wall, this PHP script can let you setup an IPSEC tunnel between a static-dynamic or dynamic-dynamic ip address.


How it works

The PHP script checks to see if IP address of the dynamic DNS host name has changed from the last time it was checked. If the IP address is different, the PHP script will log the new IP address to a file. The script will then send an HTTP POST request to the m0n0wall web based IPSEC admin page to update the remote gateway's IP address. If this was successful, another POST request will be sent to apply the changes. The PHP script can be setup to run as a cron job to run every five minutes.



The IPSEC update script was tested with m0nwall 1.2, FreeBSD 6.2, Apache 2.2, and PHP 5.2. The minimum requirements are:

  • PHP 5.2
  • m0n0wall 1.2 (Also tested and working on version 1.3*)
  • Cron
  • Dynamic DNS hostname

How to use (the easy way)

The easiest way to set this up is to get a FreeBSD or Windows machine and install PHP 5.2 as a CLI. These instructions assume that you are using FreeBSD 6.2 and that you already setup a dynamic DNS hostname for the m0n0wall(s) with the dynamic IP address.

  1. Login as root and go to the php5 port directory
    cd /usr/ports/lang/php5
  2. Configure the make options
    and select the option to build the CLI
    (put an X in the option that says
    "Build CLI version"). If your not using Apache, make sure you unselect the Apache and CGI options.
    make config
  3. Make and install the PHP5 port, if you receive any errors, make sure you do not already have the port installed
    make install
  4. After the port has been installed, you no longer need to be root. You can login as a regular user.
  5. Copy the "ipsecUpdate.php"
    script to your home directory. You can do this via SSH with WinSCP or use the built in fetch command.
    Then run the following commands to extract the script from the archive.
    cd ~

    fetch http://www.unibia.net/dev/downloads/ipsecUpdate.tgz

    tar xfvz ipsecUpdate.tgz

    rm ipsecUpdate.tgz

  6. Create a sub directory named "phpProgram_datafiles" in the same location to have the ipsecUpdate.php script. This is where the script will store the IP address of the dynamic DNS host.
    cd ~

    mkdir phpProgram_datafiles
  7. FreeBSD comes with an Easy Editor. We will use that instead of vi. To switch the default editor type in:
    export EDITOR=ee
  8. Open up the ipsecUpdate.php script using the default editor and adjust the settings in the script. The sections that you need to modify are outlined in "*". Important areas include the address, username, and password to your m0n0wall, DNS hostname of the dynamic gateway, and the IPSEC tunnel information. When your done adjusting those settings, press ESC and save the file.
    edit ipsecUpdate.php
  9. Now we add the cron job to automatically run the script. Open up your crontab file by typing in
    crontab -e
  10. Add the following line to your crontab file.
    This will run the update script every minute and produce no output.
    When finished, press ESC on your keyboard and save the file.
    * * * * * cd ~ && /usr/local/bin/php ipsecUpdate.php >> /dev/null
  11. If both ends of the IPSEC tunnel are dynamic IP's, you will need to setup a similar system at the other end.


Getting Help

If your having trouble getting this to work, you can post a question in the web forums or submit a bug report or feature request at the Source Forge project page


Where to get it

The script can be downloaded from here.