Is it possible to have some kind of watchdog installed on the racoon
service ?
I have scheduled a racoon restart at 4am, and this seems to resolve
the racoon shutdowns that occured sometimes in the week...
But today, racoon ended in the middle of the day - and as such, the
printserver could not connect to the remote printers ofcourse...
Some kind of watchdog, that would automatically restart a service
(eg. racoon in this case), would be some cool solution... the
watchdog should not retry more than 3 times within 10 minutes or so -
as an errorneous config could be the base of this ofcourse...
I tried checking the log; and it seems to be appearing after DPD
detected a dead pear this time... right after that, the printserver
started mailing errors (so I'm sure it happened right after this in
the log)
I currently disabled DPD for this tunnel; I have entered "0" for DPD
(this means disabled - I hope ?)
The FVS-318 on the client site, is also handling DPD - I guess one
site is enough ?
Looks like DPD perfectly worked - detected dead pear.
And it seems that you just stopped receiving anything from remote end.
Can you when it happens the next time do tcpdump on WAN and see
whether there is any communication between these sites?
Evgeny.
PS: as far as I know DPD settings should be identical on both sides of
the tunnel (intervals may differ but both either ON or OFF).
Evengy, thank you for your reply,
But the service racoon has ended (crashed)... I don't think any
ipsec-traffic will be generated after this, will it ? (besides the
end-nodes on the other side trying to connect ofcourse).
And because my printserver started mailing me about offline printers at
around the same time - I gather that racoon ended the same time...
I'm having quite some time issues with this racoon-service, and tried
many things (the restart of racoon around 4am already helped me out a
great deal)
The end nodes are somewhat different, I might have to look to replace
them all...
DLINK DI804 & DLINK DI824VUP+ 3 devices
NETGEAR FVS318GS 3 devices
LINKSYS RV042 3 devices
ALIX board with pfSense embedded 1.2.3 5 devices (including my
home-device that is (this one is running 2.0 beta4))
I'll run over all devices, to make sure DPD is the same as on the
pfSense side.
Setting it to "0" on pfSense disables the DPD detection, right ?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
