How to restart racoon from watchdog script
-
Hello,
If I wanted to set up a watchdog script to restart racoon when it crashes ( perhaps similar to http://petersnotes.blogspot.com/2008/10/watchdog-script-for-process.html ), how would I start racoon from the script?
If I try to use '/usr/local/sbin/racoon -f /var/etc/racoon.conf' then racoon restarts again when I refresh the webgui 'Services' page (as if pfSense was keeping track of the process numbers), and of course /etc/rc.d/ipsec start doesn't do anything.
-
Last week I checked in a shell script on 2.1 that will do this, though it requires other changes on 2.1 to function. Once you're on 2.1 you can just do this:
pfSsh.php playback svc stop racoon pfSsh.php playback svc start racoon
-
Ok, great.
Here is a script that just restarts the whole router if racoon crashes, seems to be working OK for me on 2.0:
#!/bin/sh
Find the pid of the process (PPID will be the shell that started it)
remember no spaces allowed between varnames, just equals sign, and the value
Script name cannot contain the word racoon in order to to avoid self-triggering
sleep 30
FIND_PROC=
pgrep racoon
if FIND_PROC is empty, the process has died; restart it
if [ -z "${FIND_PROC}" ]; then
echo racoon failed atdate
nohup shutdown -r now &
fiexit
With cron entry:
-
-
-
-
- root /root/ipsec-watchdog.sh >> /root/ipsec-watchdog.log
-
-
-
I put the sleep in to give racoon time to launch when the router boots, before the script checks for it.
I have a CARP slave that kicks in when the main router is rebooting, so the effect is almost the same as restarting the service.
-
-
It'd be very helpful to try to understand why racoon is crashing …
Which version are you running ?
-
Hi,
I'm running 2.0.2 with racoon 0.8.0.
The right combination of loss of connectivity to remote endpoints seems to be triggering the crashing.
I've submitted a bug report here:
https://sourceforge.net/tracker/?func=detail&aid=3603844&group_id=74601&atid=541482
I also submitted this to FreeBSD a while ago, but it got closed. Should I open up a new one?
http://www.freebsd.org/cgi/query-pr.cgi?pr=168104
It seems like the more Phase1's not establishing, the more likely racoon is to segfault.