Restart ipsec service on failure

- Check ipsec (Libreswan) service every 15s, and restart if it crashes. This is needed because unlike the Debian-based image, the Alpine-based image does NOT automatically restart the ipsec service on failure. As a result, the VPN stops working until the Docker container is manually restarted.
hwdsl2 · Mar 28, 2022 · 7f2fa15 · 7f2fa15
1 parent 26aa861
commit 7f2fa15
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/run.sh b/run.sh
@@ -567,6 +567,15 @@ if [ "$os_type" = "alpine" ]; then
   rc-status >/dev/null 2>&1
   rc-service ipsec zap >/dev/null
   rc-service ipsec start >/dev/null
+  mkdir -p /etc/crontabs
+  cron_cmd="if rc-service ipsec status 2>&1 | grep -qi crashed; then rc-service ipsec zap; rc-service ipsec start; fi"
+cat > /etc/crontabs/root <<EOF
+* * * * * $cron_cmd
+* * * * * sleep 15; $cron_cmd
+* * * * * sleep 30; $cron_cmd
+* * * * * sleep 45; $cron_cmd
+EOF
+  /usr/sbin/crond -L /dev/null
 else
   service ipsec start >/dev/null 2>&1
 fi