#!/bin/sh
#
# Copyright (C) 2009 Peter Andersson, peter@it-slav.net
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
#
# Very simple plugin that checks if a ipsec vpn is up between to ip-adresses
# Tested on OpenBSD 4.0
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see .
#
# Example use of this script:
# ./check_ipsecctl 10.1.1.1 10.2.1.1 "VPN HQ"
# OK: VPN HQ is up
#
# ./check_ipsecctl 10.1.1.1 10.2.1.1 "VPN HQ"
# CRITICAL: VPN HQ is down (No IP-SEC VPN from 10.1.1.1 to 10.2.1.1  No IP-SEC VPN from 10.2.1.1 to 10.1.1.1)
#
#
IPSECCTL="/sbin/ipsecctl -s sa"
STATUS=0

LINE1=`$IPSECCTL | grep "from $1 to $2" `
if [ $? -eq 1 ]; then
        STATUS=2;
        OUTPUT1="No IP-SEC VPN from $1 to $2 "
fi

LINE2=`$IPSECCTL | grep "from $2 to $1" `
if [ $? -eq 1 ]; then
        STATUS=2;
        OUTPUT2="No IP-SEC VPN from $2 to $1"
fi

if [ $STATUS -eq 0 ]; then
        echo "OK: $3 is up"
        exit $STATUS
else
        echo "CRITICAL: $3 is down ($OUTPUT1 $OUTPUT2)"
        exit $STATUS
fi