4. How to restart racoon from watchdog script

How to restart racoon from watchdog script

  • T

    Hello,

    If I wanted to set up a watchdog script to restart racoon when it crashes ( perhaps similar to http://petersnotes.blogspot.com/2008/10/watchdog-script-for-process.html ), how would I start racoon from the script?

    If I try to use '/usr/local/sbin/racoon -f /var/etc/racoon.conf' then racoon restarts again when I refresh the webgui 'Services' page (as if pfSense was keeping track of the process numbers), and of course /etc/rc.d/ipsec start doesn't do anything.

    0
  • Rebel Alliance Developer Netgate

    Last week I checked in a shell script on 2.1 that will do this, though it requires other changes on 2.1 to function. Once you're on 2.1 you can just do this:

    pfSsh.php playback svc stop racoon
pfSsh.php playback svc start racoon
    0
  • T

    Ok, great.

    Here is a script that just restarts the whole router if racoon crashes, seems to be working OK for me on 2.0:

    #!/bin/sh

    Find the pid of the process (PPID will be the shell that started it)

    remember no spaces allowed between varnames, just equals sign, and the value

    Script name cannot contain the word racoon in order to to avoid self-triggering

    sleep 30

    FIND_PROC=pgrep racoon

    if FIND_PROC is empty, the process has died; restart it

    if [ -z "${FIND_PROC}" ]; then
         echo racoon failed at date
          nohup  shutdown -r now &
    fi

    exit

    With cron entry:

            • root /root/ipsec-watchdog.sh >> /root/ipsec-watchdog.log

    I put the sleep in to give racoon time to launch when the router boots, before the script checks for it.

    I have a CARP slave that kicks in when the main router is rebooting, so the effect is almost the same as restarting the service.

    0
  • D

    It'd be very helpful to try to understand why racoon is crashing …

    Which version are you running ?

    0
  • T

    Hi,

    I'm running 2.0.2 with racoon 0.8.0.

    The right combination of loss of connectivity to remote endpoints seems to be triggering the crashing.

    I've submitted a bug report here:

    https://sourceforge.net/tracker/?func=detail&aid=3603844&group_id=74601&atid=541482

    I also submitted this to FreeBSD a while ago, but it got closed.  Should I open up a new one?

    http://www.freebsd.org/cgi/query-pr.cgi?pr=168104

    It seems like the more Phase1's not establishing, the more likely racoon is to segfault.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy