How-to restart RACOON from script?
-
Hi everyone!
I found BennTech's topic https://forum.pfsense.org/index.php?topic=17243.0 on how to reset/reboot on failure.
I'd like to ask for help on how to modify this script, if I need to restart the racoon service only, if ping fails.
The scenario:
I've two pfSense installation - 2.1.4-RELEASE (amd64) - (physical Dell PCs) in two remote office, and one MS TMG 2010 on Hyper-V in main office.
The pfSense machines uses IPsec tunnels to main office's two subnets, and the other ends subnet. This is done by three Phase-2 entries.
On the TMG I've done all the routing and firewall adjustments as necessary. Basically it works for some time, but there is a really annoying thing.
I don't know if it is the uptime or the amount of data sent/received the tunnel seems working (on the IPsec dashboard I see 3 green up arrows) but I cannot ping to the other subnets. The only solution helped me out is to manually restart the racoon service.
So I'm searching the forum for days and tested all the suggestions found, but nothing solved the issue. So instead of trying to make IPsec working normally (because I found this in the IPsec troubleshooting: "more research needed for possible solutions" for pfkey Delete. OK, but what?), I'd like to fix this.
So I finally found BennTech's script, but I'm not familiar with this. How to modify it to only restart the racoon service if one of my three IPs not respond. I don't really need the full restart feature, because I never had to restart pfSense to get the VPN's running.
I write here, because BennTech added his topic five years ago in General Questions, so maybe I can get some help here with more chance.
So here is his original, unaltered code:
#!/bin/sh #===================================================================== # pingtest.sh, v1.0.1 # Created 2009 by Bennett Lee # Released to public domain # # (1) Attempts to ping several hosts to test connectivity. After # first successful ping, script exits. # (2) If all pings fail, resets interface and retries all pings. # (3) If all pings fail again after reset, then reboots pfSense. # # History # 1.0.1 Added delay to ensure interface resets (thx ktims). # 1.0.0 Initial release. #===================================================================== #===================================================================== # USER SETTINGS # # Set multiple ping targets separated by space. Include numeric IPs # (e.g., remote office, ISP gateway, etc.) for DNS issues which # reboot will not correct. ALLDEST="google.com yahoo.com 24.93.40.36 24.93.40.37" # Interface to reset, usually your WAN BOUNCE=em0 # Log file LOGFILE=/root/pingtest.log #===================================================================== COUNT=1 while [ $COUNT -le 2 ] do for DEST in $ALLDEST do #echo `date +%Y%m%d.%H%M%S` "Pinging $DEST" >> $LOGFILE ping -c1 $DEST >/dev/null 2>/dev/null if [ $? -eq 0 ] then #echo `date +%Y%m%d.%H%M%S` "Ping $DEST OK." >> $LOGFILE exit 0 fi done if [ $COUNT -le 1 ] then echo `date +%Y%m%d.%H%M%S` "All pings failed. Resetting interface $BOUNCE." >> $LOGFILE /sbin/ifconfig $BOUNCE down # Give interface time to reset before bringing back up sleep 10 /sbin/ifconfig $BOUNCE up # Give WAN time to establish connection sleep 60 else echo `date +%Y%m%d.%H%M%S` "All pings failed twice. Rebooting..." >> $LOGFILE /sbin/shutdown -r now >> $LOGFILE exit 1 fi COUNT=`expr $COUNT + 1` doneThanks