Score:0

Custom Service on server 22.04LTS failing due to spawning multiple globalprotect instances

dj flag

I have tested this on several ubuntu 22.04LTS servers (CLI only) and so far proving unstable. I created a new service which runs a shell script to start up Palo Alto Networks globalprotect VPN client and auto-connect back to our data center. The script loops every minute to ping an IP address inside the data center and in the event of failure, reconnect VPN client. I've had several approaches with the code and so far it is unstable. Sometimes it can be stable until I reboot and then it doesn't work. The service or script is spooling up multiple instances of globalprotect client which makes it fail to connect to VPN anymore. Here is the service file:

cat /etc/systemd/system/myVpn.service
[Unit]
Description=My Vpn Connection
Wants=network.target
After=syslog.target network-online.target

[Service]
Type=simple
ExecStart=/usr/local/bin/myvpn.sh
ExecStop=/bin/sh -c 'globalprotect disconnect'
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target

The script is:

cat /usr/local/bin/myvpn.sh
#!/bin/bash

#Variables
ping_targets="x.x.x.x"
failed_hosts=""

#Start gp client vpn and log the event
globalprotect connect -p x.x.x.x -u xxxx

echo "myVpn.service: ## Starting globalprotect ##" | systemd-cat -p info

#Check connectivity every minute
while :

do

TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')

echo "myVpn.service: ${TIMESTAMP} checking opmgr central reachable over vpn" | systemd-cat -p info

   ping -c 1 x.x.x.x > /dev/null
   if [ $? -ne 0 ]; then
      if [ "$failed_hosts" == "" ]; then
         failed_hosts="x.x.x.x"
      else
         failed_hosts="$failed_hosts, 'x.x.x.x'"
      fi
   fi

if [ "$failed_hosts" != "" ]; then
   globalprotect connect -p x.x.x.x -u xxxx
   echo "myVpn.service: ## Reconnecting due to packet loss ##" | systemd-cat -p info
fi

sleep 60

done

I removed usernames and IP addresses and replaced them with x for security reasons. I appreciate any feedback or advise with this. It's frustrating when I had the first test server stable all weekend long and yesterday it also lost vpn connection. Is this better accomplished as a crontab job instead of a service?

Thanks!

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.