Pause TCP Pings on VPN connection

package.json

@@ -14,6 +14,7 @@
     "dockerode": "~2.2.1",
     "event-stream": "^3.0.20",
     "express": "^4.0.0",
+    "inotify": "^1.4.0",
     "knex": "~0.8.3",
     "lodash": "^3.0.0",
     "mixpanel": "0.0.20",

src/config.coffee

@@ -25,6 +25,7 @@ module.exports = config =
 	appUpdatePollInterval: checkInt(process.env.APPLICATION_UPDATE_POLL_INTERVAL) ? 60000
 	successMessage: 'SUPERVISOR OK'
 	forceApiSecret: process.env.RESIN_SUPERVISOR_SECRET ? null
+	vpnStatusPath: process.env.VPN_STATUS_PATH ? '/mnt/root/run/openvpn/vpn_status'
 
 config.supervisorContainer =
 		Volumes:

src/utils.coffee

@@ -6,6 +6,9 @@ mixpanel = require 'mixpanel'
 networkCheck = require 'network-checker'
 blink = require('blinking')(config.ledFile)
 url = require 'url'
+Inotify = require('inotify').Inotify
+inotify = new Inotify()
+fs = require 'fs'
 
 utils = exports
 
@@ -68,6 +71,7 @@ exports.blink = blink
 
 pauseConnectivityCheck = false
 disableConnectivityCheck = false
+
 # options: An object of net.connect options, with the addition of:
 #	timeout: 10s
 checkHost = (options) ->
@@ -84,6 +88,7 @@ checkHost = (options) ->
 	.catch ->
 		return networkCheck.checkHost(options)
 
+# Custom monitor that uses checkHost function above.
 customMonitor = (options, fn) ->
 	networkCheck.monitor(checkHost, options, fn)
 
@@ -95,8 +100,34 @@ exports.pauseCheck = (pause) ->
 exports.disableCheck = (disable) ->
 	disableConnectivityCheck = disable
 
+# Call back for inotify triggered when the VPN status is changed.
+vpnStatusInotifyCallback = (arg) ->
+	try
+		stats = fs.lstatSync(config.vpnStatusPath+'/active')
+		pauseConnectivityCheck=true
+	catch error
+		pauseConnectivityCheck=false
+
+vpn_status =
+        path: config.vpnStatusPath
+        watch_for: Inotify.IN_DELETE | Inotify.IN_CREATE
+        callback: vpnStatusInotifyCallback
+
+# Helper to create the vpn status path if it does not already exist
+mkdirSync = (path) ->
+	try
+		fs.mkdirSync(path);
+	catch error
+		if error.code != 'EEXIST'
+			throw error
+
+mkdirSync(vpn_status.path)
+
 exports.connectivityCheck = _.once ->
 	parsedUrl = url.parse(config.apiEndpoint)
+	inotify.addWatch(vpn_status)
+	# Manually trigger the call back to detect cases when VPN was switched on before the supervisor starts.
+	vpnStatusInotifyCallback()
 	customMonitor
 		host: parsedUrl.hostname
 		port: parsedUrl.port ? (if parsedUrl.protocol is 'https:' then 443 else 80)

tools/dind/config/openvpn/client.conf.tmpl

@@ -6,6 +6,10 @@ remote-cert-tls server
 ca /etc/openvpn/ca.crt
 auth-user-pass /var/volatile/vpnfile
 auth-retry nointeract
+script-security 2
+up /etc/openvpn/upscript.sh
+up-restart
+down /etc/openvpn/downscript.sh
 
 comp-lzo
 dev tun

tools/dind/config/openvpn/downscript.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+mkdir -p /run/openvpn/vpn_status
+rm -f /run/openvpn/vpn_status/active

tools/dind/config/openvpn/upscript.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+mkdir -p /run/openvpn/vpn_status
+touch  /run/openvpn/vpn_status/active