On 10-11-26 03:25 PM, Michel Servaes wrote:
Is it possible to have some kind of watchdog installed on the racoon
service ?
I have scheduled a racoon restart at 4am, and this seems to resolve
the racoon shutdowns that occured sometimes in the week...
But today, racoon ended in the middle of the day - and as such, the
printserver could not connect to the remote printers ofcourse...
Some kind of watchdog, that would automatically restart a service (eg.
racoon in this case), would be some cool solution... the watchdog
should not retry more than 3 times within 10 minutes or so - as an
errorneous config could be the base of this ofcourse...
I tried checking the log; and it seems to be appearing after DPD
detected a dead pear this time... right after that, the printserver
started mailing errors (so I'm sure it happened right after this in
the log)
The ip 194.23.45.67 is the main-site
The ip 84.23.45.67 is the client-site... an FVS-318G.
I currently disabled DPD for this tunnel; I have entered "0" for DPD
(this means disabled - I hope ?)
The FVS-318 on the client site, is also handling DPD - I guess one
site is enough ?
Looks like DPD perfectly worked - detected dead pear.
And it seems that you just stopped receiving anything from remote end.
Can you when it happens the next time do tcpdump on WAN and see whether
there is any communication between these sites?
Evgeny.
PS: as far as I know DPD settings should be identical on both sides of
the tunnel (intervals may differ but both either ON or OFF).
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
