Actions
Bug #12039
closed
Gateway alarm always triggers IPsec restart
Start date:
06/15/2021
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:
Description
There are several issues:
1) '/etc/rc.gateway_alarm' trigger '/etc/rc.newipsecdns' which generate an invalid log message:
IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
- which can confuse users.
This message is only true if IPsec remote-gateway == FQDN and filterdns updates it's IP.
see https://github.com/pfsense/pfsense/blob/eb1305d0736a1d71d1615ca6b19e3f4a917317a0/src/etc/inc/ipsec.inc#L2862
2) It is not necessary to restart IPsec if an alarm is triggered for the Gateway that doesn't affect IPsec connections. It should be more flexible, like '/etc/rc.openvpn'.
3) It's better to create '/etc/rc.ipsec' in the same way as '/etc/rc.openvpn' and use '/etc/rc.newipsecdns' only for filterdns updates.
Updated by Viktor Gurov 
Updated by 
Updated by 
Updated by
Actions