Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Scripting on

Posted on 2014-11-23
7
Medium Priority
?
114 Views
Last Modified: 2014-12-13
I put a Sonicwall TZ215 in for a site to site VPN connection to Amazon. After support calls with Sonicwall and AWS support, I learned that AWS tears down the tunnel after so many minutes without "interesting" traffic. Then I noticed that about every 24 hours all connections would quit working through the tunnel. The AWS side and the Sonicwall side of the tunnel were reporting the tunnel up, but no traffic was passing. I need to be able to schedule a script that resets the tunnel everyday at 6 AM. I found this script on one of the forum sites but am unsure of how to go about implementing. I downloaded Cygwin Terminal and placed it on one of the local servers that sits at our site. Is this the correct thing to do? How do I go about running the script on a Windows 2008 server so that the script hits the Sonicwall and keeps the tunnel up.

The bash script I found is as follows:

#! /bin/bash

(echo -e 'YOURPASSWORD'; sleep 2; echo 'configure'; sleep 2; echo 'y'; sleep 2; echo 'vpn'; sleep 2; echo 'policy tunnel-interface "NAMEOFVPNPOLICY"'; sleep 2; echo 'no enable'; sleep 2; echo 'commit'; sleep 2; echo 'enable'; sleep 2; echo 'commit'; sleep 2; echo 'exit'; sleep 2; echo 'exit'; sleep 2; echo 'exit'; sleep 2; echo 'exit'; sleep 2) | ssh -t -t SONICWALLUSERNAME@192.168.1.100
0
Comment
Question by:nybyte
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 64

Expert Comment

by:btan
ID: 40462151
Supposedly , from Sonicwall, checking the "Enable Keep Alive" enabled should at least alleviate the sporadic dropping to get things got more stable. Also noticed that you have posted into AWS forum with regards to this matter for advices and hear off nothing. Running script per se doesnt seems a long term solution if heartbeat is really essential for AWS connection.

In fact, technically no tunnel will stay up 24x7. That's part of IPSec. You have a max lifetime (or max traffic) as part of the SA before it rekeys. Also there should not be any delay during the rekeying stage. It is still the IKE keepalives that keep thing running and do make sure the same timer value for both setup match in either end of the proposal exchange.

Nonetheless, you may also catch a technote configuration for Sonicwall tunnel to AWS and vice versa
http://www.sonicwall.com/downloads/Configuring_SonicOS_for_Amazon_VPC_Technote.pdf
Note: VPC requires a customer gateway to configure 2 route based VPN tunnels for each instance of dynamic route based VPNs at VPC. So there needs to be 2 tunnel interface VPNs and 2 tunnel interfaces, each with its own BGP configuration.

• VPN gateway on a secondary WAN interface, in the same VPC. VPNs are deployed on one interface only in a single VPC.
• The SonicWALL firewall for Amazon VPC cannot be deployed behind a NAT device. Amazon does not
support NAT traversal.
• Some platforms may require an expanded license for BGP support, required for a dynamic route-based
VPN.
0
 

Author Comment

by:nybyte
ID: 40462163
I have the Keep Alive enabled along with the DPD for phase 1 and 2 but every morning the VPN connection has dropped. I followed the link you posted to get the VPN tunnel up originally and have talked to AWS support many times. They now want to close the ticket because they cannot figure out why it drops or so they say. The script is something I found on one of the AWS forums and would like to implement that but am unsure of exactly how to do it.
0
 
LVL 64

Expert Comment

by:btan
ID: 40462175
if you are interested in the script, there is one EE posting that may be of interest (stated Sonicwall dropping vpn)
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_26761709.html
Here's what I've done to keep the tunnel up and running and create "interesting traffic." This batch file sends a ping (I have mine scheduled for every 5 minutes) and copies a small PNG image to a share on the server. If the ping fails it immediately sends an email with the VB Script email.vbs telling me it's down.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 22

Expert Comment

by:eeRoot
ID: 40463853
A common (but not ideal) trick to keeping a tunnel up is to schedule a file transfer or some other job to move a good amount of data once an hour.  Some firewalls do not consider pings to be "interesting traffic" so you may have better success with an actual file transfer.
0
 

Author Comment

by:nybyte
ID: 40470782
I spoke to Sonicwall's support team and they created a new firmware package that is suppose to take care of the AWS VPN issue. I am going to apply this firmware on Dec 1st and will update on if this does in fact take care of the issue.
0
 

Accepted Solution

by:
nybyte earned 0 total points
ID: 40487509
UPDATE - The firmware that Sonicwall supplied fixed the VPN issue.
0
 

Author Closing Comment

by:nybyte
ID: 40497751
The firmware that Sonicwall provided was the firmware in fact that fixed the issue. The VPN has been up for 7 straight days without an issue and it has never stayed up that long.
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question