Racoon stops without any cause
-
Hi there,
same issue for me : ~160 ipsec tunnels get stopped after some hours.
Could someone just paste the magic script to restart racoon if it's stopped (cron inside) ?edit : error message
Sep 17 08:33:49 pfsense kernel: pid 2238 (racoon), uid 0: exited on signal 11 (core dumped)Edit 2: new crash
System log message : Sep 17 19:07:56 kernel: pid 10333 (racoon), uid 0: exited on signal 11 (core dumped)
Ipsec error message : Sep 17 19:07:56 racoon: [xxx]: [yyy.yyy.yyy.yyy] ERROR: phase1 negotiation failed.Edit 3 : no crash since I disabled badly configured tunnel … will keep you informed and check with V2 Release this week.
So a badly configured tunnel seems to kill racoon ... Will this help ?
-
You might also want to open a ticket with the ipsec-tools developers:
http://sourceforge.net/projects/ipsec-tools/ -
So a badly configured tunnel seems to kill racoon … Will this help ?
What was badly configured? I have noticed that all that had the problem are showing core dumps. Could be bad memory or bad memory management by raccoon. Are there any other packages being used?
-
Hi,
when I said "badly" it was just a way to say that one side was using an ID and not the other side.
Anyway I disabled all the "misconfigured" tunnels but I still get the same problem, even with version 2.0 Release.
Racoon stops once or twice a day. Fortunately some kind of cron restarts it from time to time but looks like a bug.
Where can I find the core dump and who will be interested in debugging it ? -
The problem remains the same : once or twice a day racoon crashes. Fortunately some king of script restarts it after a while. Is the a way to stop this ?
-
@theblast: Can you post your script restart ?
thank you!
-
Hi,
no because I don't know which script it is ! I just wanted to point out that a script does the job. -
Are you running snort or any other packages? What type of hardware do you have? Single/Multiple Core CPU and how much memory?
-
Hi,
Only VPN Client export package is installed.
The hardware :- abit motherboard (2011) / Core I3 intel processor
- Ram 2 Go
- Network : Lan is intel PCI Express Gigabit adapter, others are DLINK DFE 530 Tx 100 mb
-
Except for the DLink, it sounds ideal. Have you run memtest on the machine to make sure memory is good?
-
Except for the DLink, it sounds ideal. Have you run memtest on the machine to make sure memory is good?
Hi Podilarius,
- maybe the d-link is not an ideal choice - I agree
- No, I did not check the memory, nor the hard drive. It really sounds like a bug to me but I'll do the test one of those days.