Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How-to restart RACOON from script?

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      la_bela
      last edited by

      Hi everyone!

      I found BennTech's topic https://forum.pfsense.org/index.php?topic=17243.0 on how to reset/reboot on failure.

      I'd like to ask for help on how to modify this script, if I need to restart the racoon service only, if ping fails.

      The scenario:

      I've two pfSense installation - 2.1.4-RELEASE (amd64) - (physical Dell PCs) in two remote office, and one MS TMG 2010 on Hyper-V in main office.

      The pfSense machines uses IPsec tunnels to main office's two subnets, and the other ends subnet. This is done by three Phase-2 entries.

      On the TMG I've done all the routing and firewall adjustments as necessary. Basically it works for some time, but there is a really annoying thing.

      I don't know if it is the uptime or the amount of data sent/received the tunnel seems working (on the IPsec dashboard I see 3 green up arrows) but I cannot ping to the other subnets. The only solution helped me out is to manually restart the racoon service.

      So I'm searching the forum for days and tested all the suggestions found, but nothing solved the issue. So instead of trying to make IPsec working normally (because I found this in the IPsec troubleshooting: "more research needed for possible solutions" for pfkey Delete. OK, but what?), I'd like to fix this.

      So I finally found BennTech's script, but I'm not familiar with this. How to modify it to only restart the racoon service if one of my three IPs not respond. I don't really need the full restart feature, because I never had to restart pfSense to get the VPN's running.

      I write here, because BennTech added his topic five years ago in General Questions, so maybe I can get some help here with more chance.

      So here is his original, unaltered code:

      #!/bin/sh
      
      #=====================================================================
      # pingtest.sh, v1.0.1
      # Created 2009 by Bennett Lee
      # Released to public domain
      #
      # (1) Attempts to ping several hosts to test connectivity.  After
      #     first successful ping, script exits.
      # (2) If all pings fail, resets interface and retries all pings.
      # (3) If all pings fail again after reset, then reboots pfSense.
      #
      # History
      # 1.0.1   Added delay to ensure interface resets (thx ktims).
      # 1.0.0   Initial release.
      #=====================================================================
      
      #=====================================================================
      # USER SETTINGS
      #
      # Set multiple ping targets separated by space.  Include numeric IPs
      # (e.g., remote office, ISP gateway, etc.) for DNS issues which
      # reboot will not correct.
      ALLDEST="google.com yahoo.com 24.93.40.36 24.93.40.37"
      # Interface to reset, usually your WAN
      BOUNCE=em0
      # Log file
      LOGFILE=/root/pingtest.log
      #=====================================================================
      
      COUNT=1
      while [ $COUNT -le 2 ]
      do
      
      	for DEST in $ALLDEST
      	do
      		#echo `date +%Y%m%d.%H%M%S` "Pinging $DEST" >> $LOGFILE
      		ping -c1 $DEST >/dev/null 2>/dev/null
      		if [ $? -eq 0 ]
      		then
      			#echo `date +%Y%m%d.%H%M%S` "Ping $DEST OK." >> $LOGFILE
      			exit 0
      		fi
      	done
      
      	if [ $COUNT -le 1 ]
      	then
      		echo `date +%Y%m%d.%H%M%S` "All pings failed. Resetting interface $BOUNCE." >> $LOGFILE
      		/sbin/ifconfig $BOUNCE down
      		# Give interface time to reset before bringing back up
      		sleep 10
      		/sbin/ifconfig $BOUNCE up
      		# Give WAN time to establish connection
      		sleep 60
      	else
      		echo `date +%Y%m%d.%H%M%S` "All pings failed twice. Rebooting..." >> $LOGFILE
      		/sbin/shutdown -r now >> $LOGFILE
      		exit 1
      	fi
      
      	COUNT=`expr $COUNT + 1`
      done
      

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.