Scripting on

I put a Sonicwall TZ215 in for a site to site VPN connection to Amazon. After support calls with Sonicwall and AWS support, I learned that AWS tears down the tunnel after so many minutes without "interesting" traffic. Then I noticed that about every 24 hours all connections would quit working through the tunnel. The AWS side and the Sonicwall side of the tunnel were reporting the tunnel up, but no traffic was passing. I need to be able to schedule a script that resets the tunnel everyday at 6 AM. I found this script on one of the forum sites but am unsure of how to go about implementing. I downloaded Cygwin Terminal and placed it on one of the local servers that sits at our site. Is this the correct thing to do? How do I go about running the script on a Windows 2008 server so that the script hits the Sonicwall and keeps the tunnel up.

The bash script I found is as follows:

#! /bin/bash

(echo -e 'YOURPASSWORD'; sleep 2; echo 'configure'; sleep 2; echo 'y'; sleep 2; echo 'vpn'; sleep 2; echo 'policy tunnel-interface "NAMEOFVPNPOLICY"'; sleep 2; echo 'no enable'; sleep 2; echo 'commit'; sleep 2; echo 'enable'; sleep 2; echo 'commit'; sleep 2; echo 'exit'; sleep 2; echo 'exit'; sleep 2; echo 'exit'; sleep 2; echo 'exit'; sleep 2) | ssh -t -t SONICWALLUSERNAME@192.168.1.100
nybyteAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Supposedly , from Sonicwall, checking the "Enable Keep Alive" enabled should at least alleviate the sporadic dropping to get things got more stable. Also noticed that you have posted into AWS forum with regards to this matter for advices and hear off nothing. Running script per se doesnt seems a long term solution if heartbeat is really essential for AWS connection.

In fact, technically no tunnel will stay up 24x7. That's part of IPSec. You have a max lifetime (or max traffic) as part of the SA before it rekeys. Also there should not be any delay during the rekeying stage. It is still the IKE keepalives that keep thing running and do make sure the same timer value for both setup match in either end of the proposal exchange.

Nonetheless, you may also catch a technote configuration for Sonicwall tunnel to AWS and vice versa
http://www.sonicwall.com/downloads/Configuring_SonicOS_for_Amazon_VPC_Technote.pdf
Note: VPC requires a customer gateway to configure 2 route based VPN tunnels for each instance of dynamic route based VPNs at VPC. So there needs to be 2 tunnel interface VPNs and 2 tunnel interfaces, each with its own BGP configuration.

• VPN gateway on a secondary WAN interface, in the same VPC. VPNs are deployed on one interface only in a single VPC.
• The SonicWALL firewall for Amazon VPC cannot be deployed behind a NAT device. Amazon does not
support NAT traversal.
• Some platforms may require an expanded license for BGP support, required for a dynamic route-based
VPN.
0
nybyteAuthor Commented:
I have the Keep Alive enabled along with the DPD for phase 1 and 2 but every morning the VPN connection has dropped. I followed the link you posted to get the VPN tunnel up originally and have talked to AWS support many times. They now want to close the ticket because they cannot figure out why it drops or so they say. The script is something I found on one of the AWS forums and would like to implement that but am unsure of exactly how to do it.
0
btanExec ConsultantCommented:
if you are interested in the script, there is one EE posting that may be of interest (stated Sonicwall dropping vpn)
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_26761709.html
Here's what I've done to keep the tunnel up and running and create "interesting traffic." This batch file sends a ping (I have mine scheduled for every 5 minutes) and copies a small PNG image to a share on the server. If the ping fails it immediately sends an email with the VB Script email.vbs telling me it's down.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

eeRootCommented:
A common (but not ideal) trick to keeping a tunnel up is to schedule a file transfer or some other job to move a good amount of data once an hour.  Some firewalls do not consider pings to be "interesting traffic" so you may have better success with an actual file transfer.
0
nybyteAuthor Commented:
I spoke to Sonicwall's support team and they created a new firmware package that is suppose to take care of the AWS VPN issue. I am going to apply this firmware on Dec 1st and will update on if this does in fact take care of the issue.
0
nybyteAuthor Commented:
UPDATE - The firmware that Sonicwall supplied fixed the VPN issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nybyteAuthor Commented:
The firmware that Sonicwall provided was the firmware in fact that fixed the issue. The VPN has been up for 7 straight days without an issue and it has never stayed up that long.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.