This is a PHP script that will automatically update the setup for a specific IPSEC VPN.
M0n0wall currently does not support an IPSEC tunnel where one or both ends are dynamic IP address*. Along with the dynamic DNS service that is built into m0n0wall, this PHP script can let you setup an IPSEC tunnel between a static-dynamic or dynamic-dynamic ip address.
How it works
The PHP script checks to see if IP address of the dynamic DNS host name has changed from the last time it was checked. If the IP address is different, the PHP script will log the new IP address to a file. The script will then send an HTTP POST request to the m0n0wall web based IPSEC admin page to update the remote gateway's IP address. If this was successful, another POST request will be sent to apply the changes. The PHP script can be setup to run as a cron job to run every five minutes.
The IPSEC update script was tested with m0nwall 1.2, FreeBSD 6.2, Apache 2.2, and PHP 5.2. The minimum requirements are:
- PHP 5.2
- m0n0wall 1.2 (Also tested and working on version 1.3*)
- Dynamic DNS hostname
How to use (the easy way)
The easiest way to set this up is to get a FreeBSD or Windows machine and install PHP 5.2 as a CLI. These instructions assume that you are using FreeBSD 6.2 and that you already setup a dynamic DNS hostname for the m0n0wall(s) with the dynamic IP address.
- Login as root and go to the php5 port directory
- Configure the make options
and select the option to build the CLI
(put an X in the option that says
"Build CLI version"). If your not using Apache, make sure you unselect the Apache and CGI options.make config
- Make and install the PHP5 port, if you receive any errors, make sure you do not already have the port installed
- After the port has been installed, you no longer need to be root. You can login as a regular user.
- Copy the "ipsecUpdate.php"
script to your home directory. You can do this via SSH with WinSCP or use the built in fetch command.
Then run the following commands to extract the script from the archive.cd ~
tar xfvz ipsecUpdate.tgz
- Create a sub directory named "phpProgram_datafiles" in the same location to have the ipsecUpdate.php script. This is where the script will store the IP address of the dynamic DNS host.
- FreeBSD comes with an Easy Editor. We will use that instead of vi. To switch the default editor type in:
- Open up the ipsecUpdate.php script using the default editor and adjust the settings in the script. The sections that you need to modify are outlined in "*". Important areas include the address, username, and password to your m0n0wall, DNS hostname of the dynamic gateway, and the IPSEC tunnel information. When your done adjusting those settings, press ESC and save the file.
- Now we add the cron job to automatically run the script. Open up your crontab file by typing in
- Add the following line to your crontab file.
This will run the update script every minute and produce no output.
When finished, press ESC on your keyboard and save the file.* * * * * cd ~ && /usr/local/bin/php ipsecUpdate.php >> /dev/null
- If both ends of the IPSEC tunnel are dynamic IP's, you will need to setup a similar system at the other end.
Where to get it
The script can be downloaded from here.