Watchdog?



  • Is there anyway to install Watchdog functionallity on Pfsense 2.2 ? I want to achive function to restart the hardware then WAN link is down.


  • LAYER 8 Global Moderator

    Seems a bit of overkill ;)  And kind of hard on the equipment if you have any sort of extended outage..



  • Overkill. Why?
    If the router looses WAN connection, I want it to be automatically restored when I am not at home..



  • Sorry, why would you want to reboot the entire firewall, is that the only way of bringing the link up (instead of Dial on demand with a pinger etc)?



  • Dial on demand.. that's new information for me. The line is fiber..

    Why i want it to be restarted compeltely: The router is running is a VPN-client, all traffic is routed via the external vpn source. If the VPN provider has problems, and
    later when the VPN service is UP again there can be scenarios when the router has to be restarted..


  • LAYER 8 Global Moderator

    Never seen a situation that a loss of a connection be it connection to the interface direct or vpn connection would require a reboot of the hardware.  If that is the case something is clearly wrong.

    Worse case scenario would be a restart of say the vpn connection once the actual wan connection is back up and you can reach the vpn.. There is currently a watchdog package that you can use to restart services if say the service crashes.  I have it running on my freerad service, vpn both server and client, sshd, etc.  Reboot of the "firewall" for anything other than a kernel update or replacement of actual hardware seems wrong direction to me..

    Lets say the vpn connection goes down because the provider has an issue, or let say there is just a connectivity issue to them either at your local end or somewhere in the internet… a reboot of your firewall seems a drastic measure.. Why can the vpnclient just continue to retry to reconnect?  The Infinitely resolve server settings should do that..



  • I addition to what johnpoz said, I've never seen watchdog functions that reboot hardware on software events.
    In hardware, watchdog means special chip that starts the timer and resets the CPU or the main processing unit, when desired watchdog time is reached. The OS must reset timer before it reached or reset occurs. This functionality is not implemented in pfSense but it can be added by free-ipmi package, for example.

    I think hypernative just wants some script that will correctly reboot router on a event, that is a little bit strange, but sometimes it is really simplest solution…



  • @hypernative:

    Dial on demand.. that's new information for me. The line is fiber..

    Why i want it to be restarted compeltely: The router is running is a VPN-client, all traffic is routed via the external vpn source. If the VPN provider has problems, and
    later when the VPN service is UP again there can be scenarios when the router has to be restarted..

    Well I was referring to reauthorizing PPOE (if you were using it), and again, can't you build an IPSEC tunnel on the pfsense directly to the remote end, that would bring the tunnel up when it sees interesting traffic instead of involving another random bit of hardware running it's own VPN client?


Log in to reply