一、需求
根据业务发展需要,公司美国分公司通过vpn拨号与香港机房连接,拨号的客户端既充当了vpn的客户端,同时也将其当作linux网关来用,现只有一台,恐其当机后,美国香港无法联系,遂配置其高可用实现一台机器当机,能够保证另一台机器正常运行。
二、规划
主节点:172.18.5.105
备节点:172.18.5.106
利用keepalived-1.2.8实现两个节点的高可用
配置系统:CentOS5.5
三、步骤
--------------------------------------------------------------------------------
(一)在防火墙中添加允许vrrp和vpn协议的规则
-A RH-Firewall-1-INPUT -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -p ipip -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -p vrrp -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 53 -j ACCEPT
--------------------------------------------------------------------------------
(二)关闭selinux
setenforce 0
--------------------------------------------------------------------------------
(三)同步时间
1、同步时间建立双击互信
#ntpdate +时间服务器
#ssh-keygen -t rsa -P ''
# ssh-copy-id -i .ssh/id_rsa.pub 172.18.5.106
两边都要做,目的是为了,在脚本中能够实现到对方节点执行命令
--------------------------------------------------------------------------------
(四)编译安装keepalived-1.2.8
http://www.keepalived.org/download.html
注意最新的不一定是最好的,所以选择1.2.8
tar xf keepalived-1.2.8.tar.gz
cd keepalived-1.2.8
mkdir -p /data/soft/keepalived
./configure --prefix=/data/soft/keepalived
注意:编译安装之前,可能需要先安装gcc和一些额外的包,请自行解决
make && make install
编译报错
../include/vrrp_ipaddress.h:32:27: error: linux/if_addr.h: No such file or directory
In file included from ../include/vrrp.h:31,
from ../include/smtp.h:34,
from smtp.c:27:
../include/vrrp_ipaddress.h:41: error: field ‘ifa’ has incomplete type
make2: * [smtp.o] Error 1
make2: Leaving directory `/root/keepalived-1.2.7/keepalived/core'
make1: [all] Error 1
make1: Leaving directory `/root/keepalived-1.2.7/keepalived'
make: ** [all] Error 2
原因及解决办法:
这是kernel-headers软件版本过低造成的
yum -y install kernel-headers
问题解决
转移文件到正确的位置
mkdir /etc/keepalived
pwd
/data/soft/keepalived
cp etc/keepalived/keepalived.conf /etc/keepalived/
cp etc/rc.d/init.d/keepalived /etc/init.d/
cp etc/sysconfig/keepalived /etc/sysconfig/
cp sbin/keepalived /usr/sbin/
chkconfig --add keepalived
service keepalived start
Starting keepalived: [ OK ]
chkconfig --add keepalived
chkconfig keepalived on
编译完成,主备节点都编译完成启动没问题后,就要对keepalived做主从配置了。在此之前,我们首先编译安装vpn的客户端。
(五)编译安装pptp-1.7.1
http://pkgs.Fedoraproject.org/repo/pkgs/pptp/
tar xf pptp-1.7.1.tar.gz
cd pptp-1.7.1
make && make install
配置客户端
vim /etc/ppp/peers/vpn
pty "pptp 172.18.8.254 --nolaunchpppd" //vpn服务器的地址,如果是拨远程的,肯定写vpn公网ip
lock
noauth
nobsdcomp
nodeflate
name amos.lu //vpn拨号的用户
remotename vpn //在远程服务器上创建的连接的名字,这两个name要与chap-secrets中的字段保持一致
ipparam vpn //最好与上边名字保持一致
require-mppe-128 //如果远程vpn服务器要求加密,就写,不要求,就不用写了。
vim /etc/ppp/chap-secrets
用户名 remotename 密码 *(默认会给ip)
如果服务器端该用户已经存在,就可以进行拨号连接了。
/usr/sbin/pppd call vpn logfd 1 updetach //这个vpn是/etc/ppp/peers/vpn目录
Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
local IP address 172.18.8.101
remote IP address 172.18.8.254
拨号成功!
主从节点同样配置就行
(六)高可用配置的实现
主节点配置文件
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from amos.lu@sky-mobi.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script monitor {
script "nohup /etc/keepalived/monitor.sh 2> /root/error.log & &> /dev/null"
interval 20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.5.10
}
track_script {
monitor
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
监控脚本
# vim/etc/keepalived/monitor.sh
#!/bin/bash
function start_pppd(){
/sbin/ip addr show |grep "172.18.5.10/32" &> /dev/null
if [ $? -eq 0 ];then
ssh 172.18.5.104 "killall -0 pppd&> /dev/null ;[ $? -eq 0 ] && killall pppd &>/dev/null"
sleep 3
killall -0 pppd &> /dev/null
if [ $? -eq 1 ];then
/usr/sbin/pppd call vpn logfd 1 updetach&> /dev/null
sleep 10
killall -0 pppd &> /dev/null
if [ $? -eq 1 ];then
service keepalived stop
fi
fi
fi
}
function add_route(){
killall -0 pppd &> /dev/null
if [ $? -eq 0 ];then
PPP=`ifconfig | grep ppp | awk -F' ' '{print$1}'`
ip route show table main | grep"172.18.8.0/24" &> /dev/null
if [ $? -ne 0 ];then
ip route add 172.18.8.0/24 via172.18.8.254 dev $PPP &>/dev/null
fi
fi
}
start_pppd
sleep 5
add_route
从节点配置文件
#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from amos.lu@sky-mobi.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script monitor {
script "nohup /etc/keepalived/monitor.sh 2> /root/error.log & &> /dev/null"
interval 20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 200
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.5.10
}
track_script {
monitor
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
监控脚本
# vim /etc/keepalived/monitor.sh
#!/bin/bash
function start_pptp(){
/sbin/ip addr show |grep "172.18.5.10/32" &> /dev/null
if [ $? -eq 0 ];then
ssh 172.18.5.106 "killall -0 pppd&> /dev/null ;[ $? -eq 0 ] && killall pppd &>/dev/null"
sleep 3
killall -0 pppd &> /dev/null
if [ $? -ne 0 ];then
/usr/sbin/pppd call vpn logfd 1 updetach&> /dev/null
sleep 10
killall -0 pppd &> /dev/null
if [ $? -ne 0 ];then
service keepalived stop
fi
fi
fi
}
function add_route(){
killall -0 pppd &> /dev/null
if [ $? -eq 0 ];then
PPP=`ifconfig | grep ppp | awk -F' ''{print $1}'`
ip route show table main | grep"172.18.8.0/24" &> /dev/null
if [ $? -ne 0 ];then
ip route add 172.18.8.0/24 via172.18.8.254 dev $PPP &> /dev/null
fi
fi
}
start_pptp
sleep 5
add_route
3.5、实现了什么?
两个节点同时启动keepalived
观察主节点
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:b3:71:ec brd ff:ff:ff:ff:ff:ff
inet 172.18.5.106/24 brd 172.18.5.255 scope global eth0
inet 172.18.5.10/32 scope global eth0 -------------------------》vip
inet6 fe80::250:56ff:feb3:71ec/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast qlen 3
link/ppp
inet 172.18.8.97 peer 172.18.8.254/32 scope global ppp0-------------------》拨号成功
ip route show table main
172.18.8.254 via 172.18.5.1 dev eth0 src 172.18.5.106
172.18.8.254 dev ppp0 proto kernel scope link src 172.18.8.97
172.18.5.0/24 dev eth0 proto kernel scope link src 172.18.5.106
172.18.8.0/24 via 172.18.8.254 dev ppp0 -----------------> 脚本中实现的路由策略
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
169.254.0.0/16 dev eth0 scope link
default via 172.18.5.1 dev eth0
停掉主节点
观察备节点
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:b3:7d:3a brd ff:ff:ff:ff:ff:ff
inet 172.18.5.104/24 brd 172.18.5.255 scope global eth0
inet 172.18.5.10/32 scope global eth0-----------------》vip转移过来了
inet6 fe80::250:56ff:feb3:7d3a/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
27: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast qlen 3
link/ppp
inet 172.18.8.97 peer 172.18.8.254/32 scope global ppp0-------------------》拨号成功
ip route show table main
172.18.8.254 dev ppp0 proto kernel scope link src 172.18.8.97
172.18.5.0/24 dev eth0 proto kernel scope link src 172.18.5.104
172.18.8.0/24 via 172.18.8.254 dev ppp0 --------------------》脚本中实现的路由策略
169.254.0.0/16 dev eth0 scope link
default via 172.18.5.1 dev eth0
(七)遇到的问题
1、vpn拨号不通;
2、后台sleep进程太多,造成cpu负载特别高
分析原因:
开始配置keepalived配置文件,脚本应用的时候这么写
vrrp_script monitor {
cript "/etc/keepalived/monitor.sh "
interval 20
}
这样写,启动keepalived后,日志老是报故障,可能是脚本程序中断造成的,后改成:
vrrp_script monitor {
script "while true;do /etc/keepalived/monitor.sh 2> /root/error.log ;done & &> /dev/null"
interval 20
}
这样导致cpu负载老高了,又改成现在的模样:
vrrp_script monitor {
script "nohup /etc/keepalived/monitor.sh 2> /root/error.log & &> /dev/null"
interval 20
}
重启系统后,所有问题都迎刃而解,包括之前后台运行的几百个sleep进程也都消失不见,和vpn拨号拨不通的问题也得到了解决。
以上是基于pptp协议实现的,下面来说下基于gre协议实现的方式。
一、当vip是内网ip时,此时需要对本地和远程的主机建立互信,因为过程中需要修改对端远程主机上建立隧道的脚本。下面只说配置文件,软件的安装都跟上面一样。
基于gre协议实现
主节点:
1.keepalived.conf文件
! Configuration File for keepalived
global_defs {
notification_email {
amos.lu@sky-mobi.com
}
notification_email_from amos.lu@sky-mobi.com
smtp_server hzmx.sky-mobi.com
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script monitor {
script "nohup /etc/keepalived/monitor.sh 2> /root/error.log & &> /dev/null"
interval 3
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.5.10
}
track_script {
monitor
}
}
2.Monitor.sh文件
#!/bin/bash
HASSH=172.18.5.104
ETH=172.18.50.10/24
SELF=172.18.5.106
REMOTE=172.18.3.222
VIP=172.18.5.10/32
/sbin/ip addr show | grep $VIP &> /dev/null
if [ $? -eq 0 ];then
ssh $HASSH " [ `ifconfig | grep -c tun253` -eq 1 ] && { /etc/keepalived/gre.sh down ;ifconfig eth0:1 down &> /dev/null; }"
sleep 10
ssh $REMOTE "grep -c $HASSH /etc/keepalived/gre.sh && { /etc/keepalived/gre.sh down;sed -i "s/$HASSH/$SELF/" /etc/keepalived/gre.sh;/etc/keepalived/gre.sh &> /dev/nul
l; }"
if [ `ifconfig | grep -c tun253` -eq 0 ];then
/etc/keepalived/gre.sh &> /dev/null
/sbin/ifconfig eth0:1 $ETH up
fi
if [ `ifconfig | grep -c eth0:1` -eq 0 ];then
/sbin/ifconfig eth0:1 $ETH up
fi
fi
3.gre.sh文件
REMOTE_ADDR='172.18.3.222'
LOCAL_ADDR='172.18.5.106'
LOCAL_DEV='eth0'
TUN_NAME='tun253'
MODE='gre' # ipip gre
TUN_IPADDR='192.168.80.254'
TUN_GATEWAY='192.168.80.253'
ACTION="up"
if (($# != 0)); then
if [ "$1" != "up" -a "$1" != "down" ]; then
echo "error"
exit 1
else
ACTION="$1"
fi
fi
if ((`lsmod | grep -c "ip_gre"` == 0));then
modprobe ip_gre
fi
if [ "${ACTION}" = "up" ]; then
if ((`ifconfig | grep -c ${TUN_NAME}` > 0)); then
exit 1
fi
ip tunnel add ${TUN_NAME} mode ${MODE} remote ${REMOTE_ADDR} local ${LOCAL_ADDR} dev ${LOCAL_DEV} ttl 64
ip link set ${TUN_NAME} up
ip addr add ${TUN_IPADDR} dev ${TUN_NAME}
ip route add ${TUN_GATEWAY} dev ${TUN_NAME}
if ((`ip route show | grep -c 172.18.30.0/24` > 0));then
exit 1
fi
ip route add 172.18.30.0/24 via $TUN_IPADDR
fi
if [ "${ACTION}" = "down" ]; then
if ((`ifconfig | grep -c ${TUN_NAME}` > 0)); then
echo "down ${TUN_NAME}"
ip link set ${TUN_NAME} down
ip tunnel del ${TUN_NAME}
fi
fi
备用节点
1.keepalived.conf文件
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from amos.lu@sky-mobi.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script monitor {
script "nohup /etc/keepalived/monitor.sh 2> /root/error.log & &> /dev/null"
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.5.10
}
track_script {
monitor
}
}
2.monitor.sh文件
#!/bin/bash
HASSH=172.18.5.106
ETH=172.18.50.10/24
SELF=172.18.5.104
REMOTE=172.18.3.222
VIP=172.18.5.10/32
/sbin/ip addr show | grep $VIP &> /dev/null
if [ $? -eq 0 ];then
ssh $HASSH " [ `ifconfig | grep -c tun253` -eq 1 ] && { /etc/keepalived/gre.sh down ;ifconfig eth0:1 down &> /dev/null; }"
sleep 10
ssh $REMOTE "grep -c "$HASSH" /etc/keepalived/gre.sh && { /etc/keepalived/gre.sh down;sed -i "s/$HASSH/$SELF/" /etc/keepalived/gre.sh;/etc/keepalived/gre.sh &> /dev/n
ull; }"
if [ `ifconfig | grep -c tun253` -eq 0 ];then
/etc/keepalived/gre.sh &> /dev/null
/sbin/ifconfig eth0:1 $ETH up
fi
if [ `ifconfig | grep -c eth0:1` -eq 0 ];then
/sbin/ifconfig eth0:1 $ETH up
fi
fi
3.gre.sh文件
REMOTE_ADDR='172.18.3.222'
LOCAL_ADDR='172.18.5.104'
LOCAL_DEV='eth0'
TUN_NAME='tun253'
MODE='gre' # ipip gre
TUN_IPADDR='192.168.80.254'
TUN_GATEWAY='192.168.80.253'
ACTION="up"
if (($# != 0)); then
if [ "$1" != "up" -a "$1" != "down" ]; then
echo "error"
exit 1
else
ACTION="$1"
fi
fi
if ((`lsmod | grep -c "ip_gre"` == 0));then
modprobe ip_gre
fi
if [ "${ACTION}" = "up" ]; then
if ((`ifconfig | grep -c ${TUN_NAME}` > 0)); then
exit 1
fi
ip tunnel add ${TUN_NAME} mode ${MODE} remote ${REMOTE_ADDR} local ${LOCAL_ADDR} dev ${LOCAL_DEV} ttl 64
ip link set ${TUN_NAME} up
ip addr add ${TUN_IPADDR} dev ${TUN_NAME}
ip route add ${TUN_GATEWAY} dev ${TUN_NAME}
if ((`ip route show | grep -c 172.18.30.0/24` > 0));then
exit 1
fi
ip route add 172.18.30.0/24 via $TUN_IPADDR
fi
if [ "${ACTION}" = "down" ]; then
if ((`ifconfig | grep -c ${TUN_NAME}` > 0)); then
echo "down ${TUN_NAME}"
ip link set ${TUN_NAME} down
ip tunnel del ${TUN_NAME}
fi
fi
二、当vip是公网ip时,基于gre协议实现
主节点keepalived文件
! Configuration File for keepalived
global_defs {
notification_email {
amos.lu@sky-mobi.com
}
notification_email_from amos.lu@sky-mobi.com
smtp_server hzmx.sky-mobi.com
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script monitor {
script "nohup /etc/keepalived/monitor.sh 2> /root/error.log & &> /dev/null"
interval 3
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.1.222
}
track_script {
monitor
}
}
主节点monitor.sh监控脚本
#!/bin/bash
HASSH=172.18.5.104
ETH=172.18.50.10/24
REMOTE=172.18.3.222
VIP=172.18.1.222/32
/sbin/ip addr show | grep $VIP &> /dev/null
if [ $? -eq 0 ];then
ssh $HASSH " ifconfig | grep -c tun253 && { /etc/keepalived/gre.sh down ;ifconfig eth0:1 down &> /dev/null; }"
sleep 10
if [ `ifconfig | grep -c tun253` -eq 0 ];then
/etc/keepalived/gre.sh &> /dev/null
/sbin/ifconfig eth0:1 $ETH up
fi
if [ `ifconfig | grep -c eth0:1` -eq 0 ];then
/sbin/ifconfig eth0:1 $ETH up
fi
fi
主节点监控脚本中需要执行的打通隧道的脚本gre.sh
REMOTE_ADDR='172.18.3.222'
LOCAL_ADDR='172.18.1.222'
LOCAL_DEV='eth0'
TUN_NAME='tun253'
MODE='gre' # ipip gre
TUN_IPADDR='192.168.80.254'
TUN_GATEWAY='192.168.80.253'
ACTION="up"
if (($# != 0)); then
if [ "$1" != "up" -a "$1" != "down" ]; then
echo "error"
exit 1
else
ACTION="$1"
fi
fi
if ((`lsmod | grep -c "ip_gre"` == 0));then
modprobe ip_gre
fi
if [ "${ACTION}" = "up" ]; then
if ((`ifconfig | grep -c ${TUN_NAME}` > 0)); then
exit 1
fi
ip tunnel add ${TUN_NAME} mode ${MODE} remote ${REMOTE_ADDR} local ${LOCAL_ADDR} dev ${LOCAL_DEV} ttl 64
ip link set ${TUN_NAME} up
ip addr add ${TUN_IPADDR} dev ${TUN_NAME}
ip route add ${TUN_GATEWAY} dev ${TUN_NAME}
if ((`ip route show | grep -c 172.18.30.0/24` > 0));then
exit 1
fi
ip route add 172.18.30.0/24 via $TUN_IPADDR
fi
if [ "${ACTION}" = "down" ]; then
if ((`ifconfig | grep -c ${TUN_NAME}` > 0)); then
echo "down ${TUN_NAME}"
ip link set ${TUN_NAME} down
ip tunnel del ${TUN_NAME}
fi
fi
备用节点
keepalived.conf文件
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from amos.lu@sky-mobi.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script monitor {
script "nohup /etc/keepalived/monitor.sh 2> /root/error.log & &> /dev/null"
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.1.222
}
track_script {
monitor
}
}
监控脚本monitor.sh
#!/bin/bash
HASSH=172.18.5.106
ETH=172.18.50.10/24
REMOTE=172.18.3.222
VIP=172.18.1.222/32
/sbin/ip addr show | grep $VIP &> /dev/null
if [ $? -eq 0 ];then
ssh $HASSH " ifconfig | grep -c tun253 && { /etc/keepalived/gre.sh down ;ifconfig eth0:1 down &> /dev/null; }"
sleep 10
if [ `ifconfig | grep -c tun253` -eq 0 ];then
/etc/keepalived/gre.sh &> /dev/null
/sbin/ifconfig eth0:1 $ETH up
fi
if [ `ifconfig | grep -c eth0:1` -eq 0 ];then
/sbin/ifconfig eth0:1 $ETH up
fi
fi
隧道脚本gre.sh
REMOTE_ADDR='172.18.3.222'
LOCAL_ADDR='172.18.1.222'
LOCAL_DEV='eth0'
TUN_NAME='tun253'
MODE='gre' # ipip gre
TUN_IPADDR='192.168.80.254'
TUN_GATEWAY='192.168.80.253'
ACTION="up"
if (($# != 0)); then
if [ "$1" != "up" -a "$1" != "down" ]; then
echo "error"
exit 1
else
ACTION="$1"
fi
fi
if ((`lsmod | grep -c "ip_gre"` == 0));then
modprobe ip_gre
fi
if [ "${ACTION}" = "up" ]; then
if ((`ifconfig | grep -c ${TUN_NAME}` > 0)); then
exit 1
fi
ip tunnel add ${TUN_NAME} mode ${MODE} remote ${REMOTE_ADDR} local ${LOCAL_ADDR} dev ${LOCAL_DEV} ttl 64
ip link set ${TUN_NAME} up
ip addr add ${TUN_IPADDR} dev ${TUN_NAME}
ip route add ${TUN_GATEWAY} dev ${TUN_NAME}
if ((`ip route show | grep -c 172.18.30.0/24` > 0));then
exit 1
fi
ip route add 172.18.30.0/24 via $TUN_IPADDR
fi
if [ "${ACTION}" = "down" ]; then
if ((`ifconfig | grep -c ${TUN_NAME}` > 0)); then
echo "down ${TUN_NAME}"
ip link set ${TUN_NAME} down
ip tunnel del ${TUN_NAME}
fi
fi