When restarting IPsec connection racoon give up if stale socket file
/tmp/.racoon exists. This prevent IPsec to work after unexpected racoon die
(racoon crash, server crash, sigkill when machine went down and racoon did not
exit via sigterm etc).
The ifup-ipsec script should check for stale socket and remove it if no racoon
copy is running or racoon should handle this issue by itself.
This arised after http://rhn.redhat.com/errata/RHBA-2004-513.html (bug #129611)
This is a problem in ipsec-tools-0.2.5-0.6 (RHEL3) and also in
ipsec-tools-0.3.3-5.6 (RHEL4) which use the /tmp/.racoon socket file
(I test for socket and remove it before racoon starts). The better way
should be that racoon handle it by itself.
The ipsec-tools-0.5-1.RHEL4 do not have this problem, but use now the
/var/racoon/racoon.sock socket file. I see it during test of
ipsec-tools-0.5-1.RHEL4 in #145424.
It *should* be fixed in 0.3.3-5.6.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.