Racoon stops without any cause

kalu

hi Metu69salemi
Yes i've checked and double checked the settings.
It works preety fine until racoon stops .
thanks
kalu

Metu69salemi

Is there system logs at the time?

kalu

The IPSec VPN link is running fine now after starting racoon again
don't know when will it get down by it self
Hi Metu69salemi
here is the system log

Aug 3 10:40:47 check_reload_status: Reloading filter
Aug 3 10:40:41 check_reload_status: Syncing firewall
Aug 3 10:40:37 check_reload_status: Syncing firewall
Aug 3 10:40:29 check_reload_status: Syncing firewall
Aug 3 10:40:27 check_reload_status: Syncing firewall
Aug 3 10:39:00 check_reload_status: Reloading filter
Aug 3 10:35:54 check_reload_status: Reloading filter
Aug 3 16:20:44 apinger: alarm canceled: WAN_GW(202.79.51.193) *** delay ***
Aug 3 10:35:12 check_reload_status: Reloading filter
Aug 3 16:20:02 apinger: ALARM: WAN_GW(202.79.51.193) *** delay ***
Aug 3 16:15:42 kernel: pid 10457 (racoon), uid 0: exited on signal 11 (core dumped)
Aug 3 10:24:23 check_reload_status: Syncing firewall
Aug 3 16:09:22 php: /vpn_ipsec_phase2.php: Reloading IPsec tunnel 'ISP-LINK'. Previous IP '202.79.54.197', current IP '202.79.54.197'. Reloading policy
Aug 3 16:06:17 php: /index.php: Successful webConfigurator login for user 'admin' from 10.49.32.162
Aug 3 16:06:17 php: /index.php: Successful webConfigurator login for user 'admin' from 10.49.32.162
Aug 3 16:04:48 php: /index.php: User logged out for user 'admin' from: 10.49.32.162
Aug 3 10:18:42 check_reload_status: Reloading filter
Aug 3 10:18:35 check_reload_status: Syncing firewall
Aug 3 16:03:35 php: /vpn_ipsec_phase2.php: Reloading IPsec tunnel 'IDP-LINK'. Previous IP '202.79.54.209', current IP '202.79.54.209'. Reloading policy
Aug 3 09:45:05 check_reload_status: Reloading filter
Aug 3 09:44:56 check_reload_status: Reloading filter
Aug 3 15:29:55 apinger: alarm canceled: WAN_GW(202.79.51.193) *** delay ***
Aug 3 15:29:46 apinger: ALARM: WAN_GW(202.79.51.193) *** delay ***
Aug 3 15:28:18 php: /status_services.php: Forcefully reloading IPsec racoon daemon
Aug 3 15:06:37 kernel: pid 60568 (racoon), uid 0: exited on signal 11 (core dumped)
Aug 3 15:05:17 php: /status_services.php: Forcefully reloading IPsec racoon daemon
Aug 3 15:03:42 kernel: pid 19710 (racoon), uid 0: exited on signal 11 (core dumped)
Aug 3 15:03:33 php: /status_services.php: Forcefully reloading IPsec racoon daemon
Aug 3 09:16:18 check_reload_status: Reloading filter
Aug 3 15:01:08 apinger: alarm canceled: WAN_GW(202.79.51.193) *** delay ***
Aug 3 09:16:05 check_reload_status: Reloading filter
Aug 3 15:00:55 apinger: ALARM: WAN_GW(202.79.51.193) *** delay ***
Aug 3 14:41:47 kernel: pid 33505 (racoon), uid 0: exited on signal 11 (core dumped)
Aug 3 14:38:44 sshlockout[27588]: sshlockout/webConfigurator v3.0 starting up
Aug 3 14:38:44 sshd[20376]: Accepted keyboard-interactive/pam for admin from 10.49.32.162 port 2498 ssh2
Aug 3 14:37:53 syslogd: kernel boot file is /boot/kernel/kernel
Aug 3 14:37:53 syslogd: exiting on signal 15
Aug 3 14:37:39 syslogd: kernel boot file is /boot/kernel/kernel
Aug 3 14:37:39 syslogd: exiting on signal 15
Aug 3 14:37:37 syslogd: kernel boot file is /boot/kernel/kernel
Aug 3 14:37:37 syslogd: exiting on signal 15
Aug 3 14:34:00 kernel: pid 46139 (racoon), uid 0: exited on signal 11 (core dumped)
Aug 3 14:33:48 kernel: arp: unknown hardware address format (0x1100)
Aug 3 14:27:46 kernel: arp: unknown hardware address format (0x4500)
Aug 3 14:23:14 php: /status_services.php: Forcefully reloading IPsec racoon daemon
Aug 3 14:22:05 apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
Aug 3 08:36:38 check_reload_status: Reloading filter
Aug 3 14:21:29 kernel: vr2: link state changed to DOWN
Aug 3 08:36:29 check_reload_status: Linkup starting vr2
Aug 3 14:21:28 apinger: alarm canceled: WAN_GW(202.79.51.193) *** delay ***

Metu69salemi

Kalu:
if you're sure that p1 & p2 settings are right, then this log doesn't say anything to me.
It just shows that it's not liking how the racoon itself works(or not) by killing that process. maybe some developers could help reading this log

stemond

i have same issue :(
Racoon stop withou causes and drops all IPSEC tunnels.

i am using Pfsense 2.0 RC3 and it happens without PPTP tunnel

this is my log, have you any hint ???

 Sep 8 09:58:48 	php: /status_services.php: Forcefully reloading IPsec racoon daemon
[b]Sep 8 09:52:28 kernel: pid 23362 (racoon), uid 0: exited on signal 11 (core dumped)[/b]
Sep 8 09:50:04 	kernel: arp: 192.168.126.13 moved from 00:01:02:f9:ea:55 to 00:08:02:45:32:42 on le0
Sep 8 09:30:04 	kernel: arp: 192.168.126.13 moved from 00:01:02:f9:ea:55 to 00:08:02:45:32:42 on le0
Sep 8 09:30:04 	kernel: arp: 192.168.126.13 moved from 00:08:02:45:32:42 to 00:01:02:f9:ea:55 on le0
Sep 8 09:10:04 	kernel: arp: 192.168.126.13 moved from 00:01:02:f9:ea:55 to 00:08:02:45:32:42 on le0

S.

TheBlast

Hi there,
same issue for me : ~160 ipsec tunnels get stopped after some hours.
Could someone just paste the magic script to restart racoon if it's stopped (cron inside) ?

edit : error message
Sep 17 08:33:49 pfsense kernel: pid 2238 (racoon), uid 0: exited on signal 11 (core dumped)

Edit 2: new crash
System log message : Sep 17 19:07:56 kernel: pid 10333 (racoon), uid 0: exited on signal 11 (core dumped)
Ipsec error message : Sep 17 19:07:56 racoon: [xxx]: [yyy.yyy.yyy.yyy] ERROR: phase1 negotiation failed.

Edit 3 : no crash since I disabled badly configured tunnel … will keep you informed and check with V2 Release this week.

So a badly configured tunnel seems to kill racoon ... Will this help ?

dhatz

You might also want to open a ticket with the ipsec-tools developers:
http://sourceforge.net/projects/ipsec-tools/

podilarius

@TheBlast:

So a badly configured tunnel seems to kill racoon … Will this help ?

What was badly configured? I have noticed that all that had the problem are showing core dumps. Could be bad memory or bad memory management by raccoon. Are there any other packages being used?

TheBlast

Hi,
when I said "badly" it was just a way to say that one side was using an ID and not the other side.
Anyway I disabled all the "misconfigured" tunnels but I still get the same problem, even with version 2.0 Release.
Racoon stops once or twice a day. Fortunately some kind of cron restarts it from time to time but looks like a bug.
Where can I find the core dump and who will be interested in debugging it ?

TheBlast

The problem remains the same : once or twice a day racoon crashes. Fortunately some king of script restarts it after a while. Is the a way to stop this ?

stemond

@theblast: Can you post your script restart ?

thank you!

TheBlast

Hi,
no because I don't know which script it is ! I just wanted to point out that a script does the job.

podilarius

Are you running snort or any other packages? What type of hardware do you have? Single/Multiple Core CPU and how much memory?

TheBlast

Hi,
Only VPN Client export package is installed.
The hardware :

• abit motherboard (2011) / Core I3 intel processor
• Ram 2 Go
• Network : Lan is intel PCI Express Gigabit adapter, others are DLINK DFE 530 Tx 100 mb

podilarius

Except for the DLink, it sounds ideal. Have you run memtest on the machine to make sure memory is good?

TheBlast

@podilarius:

Except for the DLink, it sounds ideal. Have you run memtest on the machine to make sure memory is good?

Hi Podilarius,

• maybe the d-link is not an ideal choice - I agree
• No, I did not check the memory, nor the hard drive. It really sounds like a bug to me but I'll do the test one of those days.