How to reset Racoon service from command line

Reply to How to reset Racoon service from command line on Thu, 04 Mar 2010 19:46:27 GMT

Vorkbaard — Thu, 04 Mar 2010 19:46:27 GMT

Like a charm, thank you!

Reply to How to reset Racoon service from command line on Thu, 04 Mar 2010 00:43:07 GMT

jimp — Thu, 04 Mar 2010 00:43:07 GMT

It helps when I read the code properly… :)

This works, I tested it just now:

#!/usr/local/bin/php -q
require_once('vpn.inc');

vpn_ipsec_force_reload();
?>

Reply to How to reset Racoon service from command line on Wed, 03 Mar 2010 21:57:09 GMT

Vorkbaard — Wed, 03 Mar 2010 21:57:09 GMT

Same result, sorry. Feel free to try again and I'll happily keep testing but I understand if you have better things to do :)

Thanks again jimp!

Reply to How to reset Racoon service from command line on Wed, 03 Mar 2010 21:43:43 GMT

jimp — Wed, 03 Mar 2010 21:43:43 GMT

Try this:

#!/usr/local/bin/php -q
require_once('vpn.inc');
require_once('config.inc');

vpn_ipsec_configure();
?>

I don't have a spare box with any active IPsec tunnels to try at the moment, but I can see why it might fail without that other file included. (I thought it was pulled in by one of the other files but it may not have been)

Reply to How to reset Racoon service from command line on Wed, 03 Mar 2010 20:41:48 GMT

Vorkbaard — Wed, 03 Mar 2010 20:41:48 GMT

I've created the script and ran it from the command line; it ran without any problems but it doesn't seem to do anything. Nothing gets logged and my connection doesn't get interrupted.

I created the exact same script you wrote up, did the chmod, ran from both SSH connection and the Command-thingie in the web gui, same result, namely nothing.

Am I missing something? Resetting the Racoon service via the Services menu tends to disconnect open tunnels. Thanks so much for your help, it's much appreciated!

/edit
Hey I found a workaround, I can use wget on my Windows server to spider the reset button. Not very elegant but it takes the pressure off.

Reply to How to reset Racoon service from command line on Wed, 03 Mar 2010 14:43:37 GMT

jimp — Wed, 03 Mar 2010 14:43:37 GMT

Technically yes, but I've not had any such problems with the shrew client. However, I also haven't tried to leave it connected for any length of time.

Usually I'll see this kind of thing when connecting to a device like a watchguard firebox, linksys router, etc.

Reply to How to reset Racoon service from command line on Wed, 03 Mar 2010 14:38:19 GMT

Vorkbaard — Wed, 03 Mar 2010 14:38:19 GMT

Thanks for your response, jimp. We're using the Shrew Soft vpn client, do you count that as "third party"? I'll try the Prefer Old IPSec SA option first.

Reply to How to reset Racoon service from command line on Wed, 03 Mar 2010 14:22:19 GMT

jimp — Wed, 03 Mar 2010 14:22:19 GMT

You could try to enable the "Prefer Old IPsec SA" option under System > Advanced. That seems to improve such situations for me when dealing with third-party devices and clients.

If you must reset racoon every night, just make up a small PHP shell script to run vpn_ipsec_configure(); and schedule it via cron.

Something like this should suffice:

/root/resetipsec.php

#!/usr/local/bin/php -q
include 'vpn.inc';

vpn_ipsec_configure();
?>

then chmod a+x /root/resetipsec.php, and try to run it. It should reset all the IPsec tunnels and restart racoon.

You can install the cron package and then add a command to run it nightly at whatever time you like.