Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to reset Racoon service from command line

    Scheduled Pinned Locked Moved IPsec
    9 Posts 2 Posters 16.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vorkbaard
      last edited by

      How can I reset the Racoon service from the command line? I'd like to schedule it to reset every night as it seems to prevent a problem where certain users can make a tunnel but can't send data over it.

      (I know I should look for a solution in stead of a workaround but there's some reasons I don't. I can elaborate on them if you wish.)

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You could try to enable the "Prefer Old IPsec SA" option under System > Advanced. That seems to improve such situations for me when dealing with third-party devices and clients.

        If you must reset racoon every night, just make up a small PHP shell script to run vpn_ipsec_configure(); and schedule it via cron.

        Something like this should suffice:

        /root/resetipsec.php

        #!/usr/local/bin/php -q
        include 'vpn.inc';
        
        vpn_ipsec_configure();
        ?>
        

        then chmod a+x /root/resetipsec.php, and try to run it. It should reset all the IPsec tunnels and restart racoon.

        You can install the cron package and then add a command to run it nightly at whatever time you like.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • V
          Vorkbaard
          last edited by

          Thanks for your response, jimp. We're using the Shrew Soft vpn client, do you count that as "third party"? I'll try the Prefer Old IPSec SA option first.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Technically yes, but I've not had any such problems with the shrew client. However, I also haven't tried to leave it connected for any length of time.

            Usually I'll see this kind of thing when connecting to a device like a watchguard firebox, linksys router, etc.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • V
              Vorkbaard
              last edited by

              I've created the script and ran it from the command line; it ran without any problems but it doesn't seem to do anything. Nothing gets logged and my connection doesn't get interrupted.

              I created the exact same script you wrote up, did the chmod, ran from both SSH connection and the Command-thingie in the web gui, same result, namely nothing.

              Am I missing something? Resetting the Racoon service via the Services menu tends to disconnect open tunnels. Thanks so much for your help, it's much appreciated!

              /edit
              Hey I found a workaround, I can use wget on my Windows server to spider the reset button. Not very elegant but it takes the pressure off.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Try this:

                #!/usr/local/bin/php -q
                require_once('vpn.inc');
                require_once('config.inc');
                
                vpn_ipsec_configure();
                ?>
                

                I don't have a spare box with any active IPsec tunnels to try at the moment, but I can see why it might fail without that other file included. (I thought it was pulled in by one of the other files but it may not have been)

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • V
                  Vorkbaard
                  last edited by

                  Same result, sorry. Feel free to try again and I'll happily keep testing but I understand if you have better things to do :)

                  Thanks again jimp!

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    It helps when I read the code properly… :)

                    This works, I tested it just now:

                    #!/usr/local/bin/php -q
                    require_once('vpn.inc');
                    
                    vpn_ipsec_force_reload();
                    ?>
                    

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • V
                      Vorkbaard
                      last edited by

                      Like a charm, thank you!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.