openconnect and ifup on Debian 8

[Olaf Klinke]

Dear list, 

I have a shell script which is referenced by /etc/network/interfaces so
that I can open a connection with ifup:

# /etc/network/interfaces
iface myvpn0 inet manual
        up /root/my-vpn.sh up
        down /root/my-vpn.sh down
        post-up /root/my-vpn.sh configure

The "up" part of the script starts openconnect with the proper
credentials, the "down" part sends SIGINT to the openconnect process and
the "configure" part alters the routes, which I believe are
ill-specified by the Cisco server. 

Now here's the catch: The server will terminate the connection when
there is no traffic for 15 minutes. 

# openconnect output
Received server disconnect: b0 'Idle Timeout'
Send BYE packet: Server request
RTNETLINK answers: No such process
RTNETLINK answers: No such process
RTNETLINK answers: No such process
Session terminated by server; exiting.

In that case, openconnect exits but ifup still thinks that myvpn0 is
configured. I need the connection to stay open no matter what, or
re-open from userspace. 

I have a script keepalive.py that sends some packets across the tunnel
every 3 minutes, and exits with code 1 if the socket times out. 

How could I achieve that the interface goes up again if the server
closes the tunnel? I understand that the post-up command must terminate,
so a monitoring script should not be placed there. 

Currently my idea is that post-up triggers a script, say monitor.sh,
which itself will launch keepalive.py. When keepalive.py exits with
status 1, monitor.sh will call ifdown myvpn0 to mark the interface as
unconfigured, then call ifup myvpn0 and exit. Should this be placed
in /etc/network/if-up.d/ ? 

Thanks in advance,
Olaf
-- 
Lackmann Phymetric GmbH
Vattmannstraße 6
33100 Paderborn
Tel +49 5251 68258-16
Fax +49 5251 68258-49
Handelsregister:
Amtsgericht Paderborn HRB 1923
Steuer-Nr.: 339/5830/0191