How-to restart RACOON from script?

la_bela

Hi everyone!

I found BennTech's topic https://forum.pfsense.org/index.php?topic=17243.0 on how to reset/reboot on failure.

I'd like to ask for help on how to modify this script, if I need to restart the racoon service only, if ping fails.

The scenario:

I've two pfSense installation - 2.1.4-RELEASE (amd64) - (physical Dell PCs) in two remote office, and one MS TMG 2010 on Hyper-V in main office.

The pfSense machines uses IPsec tunnels to main office's two subnets, and the other ends subnet. This is done by three Phase-2 entries.

On the TMG I've done all the routing and firewall adjustments as necessary. Basically it works for some time, but there is a really annoying thing.

I don't know if it is the uptime or the amount of data sent/received the tunnel seems working (on the IPsec dashboard I see 3 green up arrows) but I cannot ping to the other subnets. The only solution helped me out is to manually restart the racoon service.

So I'm searching the forum for days and tested all the suggestions found, but nothing solved the issue. So instead of trying to make IPsec working normally (because I found this in the IPsec troubleshooting: "more research needed for possible solutions" for pfkey Delete. OK, but what?), I'd like to fix this.

So I finally found BennTech's script, but I'm not familiar with this. How to modify it to only restart the racoon service if one of my three IPs not respond. I don't really need the full restart feature, because I never had to restart pfSense to get the VPN's running.

I write here, because BennTech added his topic five years ago in General Questions, so maybe I can get some help here with more chance.

So here is his original, unaltered code:

#!/bin/sh

#=====================================================================
# pingtest.sh, v1.0.1
# Created 2009 by Bennett Lee
# Released to public domain
#
# (1) Attempts to ping several hosts to test connectivity.  After
#     first successful ping, script exits.
# (2) If all pings fail, resets interface and retries all pings.
# (3) If all pings fail again after reset, then reboots pfSense.
#
# History
# 1.0.1   Added delay to ensure interface resets (thx ktims).
# 1.0.0   Initial release.
#=====================================================================

#=====================================================================
# USER SETTINGS
#
# Set multiple ping targets separated by space.  Include numeric IPs
# (e.g., remote office, ISP gateway, etc.) for DNS issues which
# reboot will not correct.
ALLDEST="google.com yahoo.com 24.93.40.36 24.93.40.37"
# Interface to reset, usually your WAN
BOUNCE=em0
# Log file
LOGFILE=/root/pingtest.log
#=====================================================================

COUNT=1
while [ $COUNT -le 2 ]
do

	for DEST in $ALLDEST
	do
		#echo `date +%Y%m%d.%H%M%S` "Pinging $DEST" >> $LOGFILE
		ping -c1 $DEST >/dev/null 2>/dev/null
		if [ $? -eq 0 ]
		then
			#echo `date +%Y%m%d.%H%M%S` "Ping $DEST OK." >> $LOGFILE
			exit 0
		fi
	done

	if [ $COUNT -le 1 ]
	then
		echo `date +%Y%m%d.%H%M%S` "All pings failed. Resetting interface $BOUNCE." >> $LOGFILE
		/sbin/ifconfig $BOUNCE down
		# Give interface time to reset before bringing back up
		sleep 10
		/sbin/ifconfig $BOUNCE up
		# Give WAN time to establish connection
		sleep 60
	else
		echo `date +%Y%m%d.%H%M%S` "All pings failed twice. Rebooting..." >> $LOGFILE
		/sbin/shutdown -r now >> $LOGFILE
		exit 1
	fi

	COUNT=`expr $COUNT + 1`
done

Thanks