Project

General

Profile

Actions

Bug #1356

closed

IPSec SPD definitions lost after reboot

Added by Alex Vergilis about 13 years ago. Updated about 13 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
03/15/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

It appeard that if 2.0 RC1 is restarted, all SPD definitions are not available post a reboot. Restart of racoon corrects the issue, and everything works as expected.

The following are the only log entries for IPSec post a reboot.

Mar 15 18:03:56 racoon: [Self]: INFO: a.b.c.d500 used as isakmp port (fd=17)
Mar 15 18:03:56 racoon: INFO: a.b.c.d500 used for NAT-T
Mar 15 18:03:56 racoon: [Self]: INFO: a.b.c.d4500 used as isakmp port (fd=16)
Mar 15 18:03:56 racoon: INFO: a.b.c.d4500 used for NAT-T
Mar 15 18:03:56 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Mar 15 18:03:56 racoon: INFO: (#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
Mar 15 18:03:56 racoon: INFO:
(#)ipsec-tools 0.8.0.RC2 (http://ipsec-tools.sourceforge.net)

Actions #1

Updated by Seth Mos about 13 years ago

Do you use hostnames for your endpoints?

Actions #2

Updated by Charles AMPEAU about 13 years ago

Hi,

I have the same problem here using DNS hostname endpoints using 2.0-RC1 (i386) built on Mon Mar 14 21:48:11 EDT 2011 .

After a reboot, my /var/etc/psk.txt doesn't contain any IP address.

A restart of racoon and tunnels come up.

Hope that helps

Actions #3

Updated by Alex Vergilis about 13 years ago

Yes. Hostnames are used. You can speak with Chris. He knows my IPSec configs.

Actions #4

Updated by Charles AMPEAU about 13 years ago

I have a fix working at home :

In the file /etc/rc.newipsecdns line 47, the check for already running script is always true

So I replaced :

while(stristr(shell_exec("/bin/ps auxww"), "rc.newipsecdns")) {

by

while(substr_count(shell_exec("/bin/ps auxww"), "rc.newipsecdns") > 1) {

Actions #5

Updated by Charles AMPEAU about 13 years ago

Last comment : bug was introduced 14 days ago in e77ecd8e

Actions #6

Updated by Ermal Luçi about 13 years ago

  • Status changed from New to Feedback

Please test latest snapshots a patch has been committed.

Actions #7

Updated by Charles AMPEAU about 13 years ago

I have just tested your patch. This is working!

Better than my quick and dirty patch!

Thanks Ermal!

Actions #8

Updated by Alex Vergilis about 13 years ago

Thank you. Works as expected now.

Actions #9

Updated by Jim Pingle about 13 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF