PowerShell 遠程重置Vyos ×××連接
阿新 • • 發佈:2018-09-20
ces remove rest 1.5 cut 一個 show 除了 explore 豆子最近換了個工作 新公司是個寵物×××集團 這兩年發展很快 在澳洲收購了130多個診所, 但是整合了不到15個。為了節約成本 每個診所用的網絡路由器幾乎都是最便宜的那種,為了和AWS直接建立IPsec 連接,同樣處於節約成本的考慮,我們沒有使用AWS的××× gateway,而是使用的第三方的軟件*** EC2 實例 Vyos。便宜的後果就是網絡不太穩定!我的第一個任務來了,想辦法解決一下不穩定的問題,但是不要提錢買貴設備~
有些診所的***連接幾乎每隔2天就得重置一下,怎麽辦呢?而且有的診所所在區域過於偏僻,只能使用4G上網 偏偏我們的廉價路由器對於動態dns的***支持又很爛,只能使用IP連接。
第一個反應是寫個腳本巡回檢查,有問題就重置吧。Vyos這個實例本身是基於linux的 但是他把Shell這些命令都移除了,控制臺只能輸入網絡相關的配置命令。不過我可以通過PowerShell的posh-ssh模塊遠程連接,然後通過ssh的session發送命令是一樣的。
if( Test-connection -ComputerName au-svr-dc-01 -Count 3 -Quiet){ Write-Host "Connection to Gladsville is good" -ForegroundColor Green } else{ $nopasswd = new-object System.Security.SecureString $Crendential= New-Object System.Management.Automation.PSCredential ("vyos", $nopasswd) New-SSHSession –ComputerName 172.16.1.52 -KeyFile ‘c:\temp\vpau.pem‘ -Credential $Crendential $session = Get-SSHSession -Index 0 $stream = $Session.Session.CreateShellStream("dumb", 0, 0, 0, 0, 1000) #Invoke-VyOSCommand -Command "show *** ike sa | grep -A5 -B5 Bexley" -Stream $stream #sleep 4 $command="reset *** ipsec-peer 61.69.91.242" $stream.write($command) sleep 2 $stream.read() Remove-SSHSession -SessionId 0 $Changetime=get-date "$Changetime Reset tunnel of Gladsvilled" | out-file C:\temp\bexley\logs.txt -Append } if(Test-Connection -ComputerName BX-SVR-DCDB-01 -Count 3 -Quiet){ #if connection is fine, ignore Write-Host "Connection to Bexley is good" -ForegroundColor Green } else{ $temp=gc C:\temp\bexley\bexley.txt $computer=‘bexleyvet.dyndns.org‘ $new=[system.net.Dns]::GetHostAddresses($computer) | select -expand IPaddressTostring if($temp -eq $new){ Write-Host "IP is the same, will reset tunnel.." -ForegroundColor Yellow #if IP is the same, simply reset the tunnel $nopasswd = new-object System.Security.SecureString $Crendential= New-Object System.Management.Automation.PSCredential ("vyos", $nopasswd) New-SSHSession –ComputerName 172.16.1.52 -KeyFile ‘c:\temp\vpau.pem‘ -Credential $Crendential $session = Get-SSHSession -Index 0 $stream = $Session.Session.CreateShellStream("dumb", 0, 0, 0, 0, 1000) #Invoke-VyOSCommand -Command "show *** ike sa | grep -A5 -B5 Bexley" -Stream $stream #sleep 4 $command="reset *** ipsec-peer $new" $stream.write($command) sleep 2 $stream.read() Remove-SSHSession -SessionId 0 $Changetime=get-date "$Changetime Reset tunnel of Bexley" | out-file C:\temp\bexley\logs.txt -Append } else{ Write-Host "IP is changed, will create new entry" -ForegroundColor Red $nopasswd = new-object System.Security.SecureString $Crendential= New-Object System.Management.Automation.PSCredential ("vyos", $nopasswd) New-SSHSession –ComputerName 172.16.1.52 -KeyFile ‘c:\temp\vpau.pem‘ -Credential $Crendential $session = Get-SSHSession -Index 0 $stream = $Session.Session.CreateShellStream("dumb", 0, 0, 0, 0, 1000) #Invoke-VyOSCommand -Command "config" -Stream $stream sleep 6 $commands=@( "config" "set *** ipsec site-to-site peer $new" "set *** ipsec site-to-site peer $new authentication mode pre-shared-secret" "set *** ipsec site-to-site peer $new authentication pre-shared-secret 8M6b111ddd" "set *** ipsec site-to-site peer $new connection-type respond" "set *** ipsec site-to-site peer $new default-esp-group AWSGL" "set *** ipsec site-to-site peer $new description Bexley" "set *** ipsec site-to-site peer $new ike-group AWSGL" "set *** ipsec site-to-site peer $new local-address 172.16.1.52" "set *** ipsec site-to-site peer $new tunnel 0 local prefix 172.16.0.0/16" "set *** ipsec site-to-site peer $new tunnel 0 remote prefix 10.2.2.0/24" "set *** ipsec site-to-site peer $new authentication id 54.66.164.57" "del *** ipsec site-to-site peer $temp" "commit" "save" "exit" ) foreach ($command in $commands){ #Invoke-VyOSCommand -Command $command -Stream $stream $stream.write($command+"`n") $stream.read() sleep 2 } $stream.write("show *** ike sa | grep -A5 -B5 Bexley") $Changetime=get-date "$Changetime IP Address is changed from $temp to $new" | out-file C:\temp\bexley\logs.txt -Append $new | out-file C:\temp\bexley\bexley.txt Remove-SSHSession -SessionId 0 } }
執行上面的腳本 每分鐘跑一次,可以看見日誌他會自動根據IP的變化自動配置vyos或者進行reset
09/19/2018 08:59:32 IP Address is changed from 123.209.234.194 to 123.209.111.152
09/19/2018 16:22:59 Reset tunnel of Bexley
09/19/2018 16:39:56 Reset tunnel of Gladsvilled
aws的服務器這邊可以自動重置了 但是診所那頭的路由器時不時也得重置一下。前面說了 廉價路由器嘛,不支持ssh,不支持api,只有一個網頁可以進行配置。一時半刻想不出太好的方法,爬蟲的話,Python scrapy好像有點小題大做,後來幹脆用IE com來模擬一下網頁操作好了。
測試工作之後就扔到計劃任務裏面跑就是了
get-process -Name iexplore | Stop-Process
$Url = "https://10.2.2.1”
$Username=”cccc”
$Password=”22222333”
$IE = New-Object -com internetexplorer.application;
# $IE.visible = $true;
$IE.navigate($url);
# Wait a few seconds and then launch the executable.
while ($IE.Busy -eq $true)
{
Start-Sleep -s 2;
}
#
#if($IE.Document.url -match "invalidcert"){
Write-Host "Bypass SSL Error Page" -ForegroundColor Cyan
$link=$IE.Document.getElementsByTagName(‘A‘) | Where-Object{$_.id -eq ‘overridelink‘}
Write-Host "Loading Login page "
$link.click()
Start-Sleep -s 3
#}
$document = $ie.Document
$form = $document.forms[0]
$inputs = $form.getElementsByTagName("input")
($inputs | where {$_.name -eq "username"}).value = $Username
($inputs | where {$_.name -eq "Password"}).value = $Password
($inputs | where {$_.name -eq "login"}).click()
while ($IE.Busy -eq $true)
{
Start-Sleep -s 2;
}
$IE.navigate(‘https://10.2.2.1/***_summary.htm‘)
$document = $ie.Document
Start-Sleep -s 5
$form = $document.forms[0]
$tables = $form.getElementsByTagName("table")
$table=($tables | where {$_.id -eq "tblonetoone"})
$button=$table[0].getElementsByClassName("STbutton")
"Click once"
$button[1].click()
$changetime=get-date
"$changetime Reset ××× connection " | Out-File c:\temp\logs.txt -Append
基本上我的結局方案就暫時這樣了,AWS的服務器和路由器兩頭都靠腳本不停的掃描,一旦發現***中斷 就進行重置和配置。出了問題大概30秒內也能自動回復。按照我老板的話說,如果咱們買個5000刀的設備,那麽肯定是要求0中斷,不過咱用的是300刀的設備,那麽每年重啟個幾次,或者有些網絡不穩定也是okay的啦~
PowerShell 遠程重置Vyos ×××連接