Skip to content

How to configure Squid Reverse Proxy

Summary

This article will discuss a cron job that I setup to automatically restart my OpenVPN tunnel should it become disconnected for any reason.

How-To

In order to set this up, ssh into pfSense

Jump into the console and use Vi to create a shell script.

vi chkOvpn.sh

Insert the following script:

#!/usr/bin/env sh
if /sbin/ping -c 3 10.15.0.1; then
    # Success, Nothing to do
    exit 0
else
    # Fail, Reconnect VPN
    /usr/local/sbin/pfSsh.php playback svc restart openvpn client 2
fi
exit 1

Info

The IP address being pinged is the private gateway for the OpenVPN client. Also, the numerical value (ID) for the openvpn client (2) is found in the OpenVPN config files.

/var/etc/openvpn/client{ID}.conf then use ID into script

Make the script executable with chmod +x chkOvpn.sh.

The following should be done in a browser:

  • Open pfSense in a browser and navigate to Services --> Cron --> Settings.
  • Add a new cron job.
/root/chkOvpn.sh > /dev/null
  • Adjust the parameters as needed, although the crontab would look like this:
*/5 * * * * /root/chkOvpn.sh > /dev/null

Adding Healthchecks.io

A worthwhile way to make sure the cron job is running and doesn't silently fail is to have the job ping healthchecks.io each time it runs. The specifics of configuring the check on healthchecks.io is outside the scope of this article. This addition can be done as follows:

  • Create a new check on healthchecks.io
  • Obtain the link it generates for the new job.
  • Go back to pfSense and modify the cron job syntax so that it looks like the following:
/root/chkOvpn.sh > /dev/null && curl -fsS --retry 3 -o /dev/null https://hc-ping.com/86d42dea-ed39-49a8-80a2-79ab6dc8e183
  • Check the healthchecks.io site and make sure the job is pinging successfully.

References