Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to restart racoon from watchdog script

    Scheduled Pinned Locked Moved IPsec
    5 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ttblum
      last edited by

      Hello,

      If I wanted to set up a watchdog script to restart racoon when it crashes ( perhaps similar to http://petersnotes.blogspot.com/2008/10/watchdog-script-for-process.html ), how would I start racoon from the script?

      If I try to use '/usr/local/sbin/racoon -f /var/etc/racoon.conf' then racoon restarts again when I refresh the webgui 'Services' page (as if pfSense was keeping track of the process numbers), and of course /etc/rc.d/ipsec start doesn't do anything.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Last week I checked in a shell script on 2.1 that will do this, though it requires other changes on 2.1 to function. Once you're on 2.1 you can just do this:

        pfSsh.php playback svc stop racoon
        pfSsh.php playback svc start racoon
        

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          ttblum
          last edited by

          Ok, great.

          Here is a script that just restarts the whole router if racoon crashes, seems to be working OK for me on 2.0:

          #!/bin/sh

          Find the pid of the process (PPID will be the shell that started it)

          remember no spaces allowed between varnames, just equals sign, and the value

          Script name cannot contain the word racoon in order to to avoid self-triggering

          sleep 30

          FIND_PROC=pgrep racoon

          if FIND_PROC is empty, the process has died; restart it

          if [ -z "${FIND_PROC}" ]; then
               echo racoon failed at date
                nohup  shutdown -r now &
          fi

          exit

          With cron entry:

                  • root /root/ipsec-watchdog.sh >> /root/ipsec-watchdog.log

          I put the sleep in to give racoon time to launch when the router boots, before the script checks for it.

          I have a CARP slave that kicks in when the main router is rebooting, so the effect is almost the same as restarting the service.

          1 Reply Last reply Reply Quote 0
          • D
            dhatz
            last edited by

            It'd be very helpful to try to understand why racoon is crashing …

            Which version are you running ?

            1 Reply Last reply Reply Quote 0
            • T
              ttblum
              last edited by

              Hi,

              I'm running 2.0.2 with racoon 0.8.0.

              The right combination of loss of connectivity to remote endpoints seems to be triggering the crashing.

              I've submitted a bug report here:

              https://sourceforge.net/tracker/?func=detail&aid=3603844&group_id=74601&atid=541482

              I also submitted this to FreeBSD a while ago, but it got closed.  Should I open up a new one?

              http://www.freebsd.org/cgi/query-pr.cgi?pr=168104

              It seems like the more Phase1's not establishing, the more likely racoon is to segfault.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.