Project

General

Profile

Actions
Copy link

Bug #14865

open

Saving TINC VPN settings on a CARP Primary causes TINC to start on the Secondary

Added by Matthew Latin 7 months ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Tinc
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.7.0
Affected Plus Version:
Affected Architecture:

Description

When anything triggers a configuration save or if the TINC VPN configuration is saved on the CARP Primary Firewall, this causes TINC to start up on the CARP Backup firewall, causing all kinds of conflicts in TINC due to two instances running at the same time.

It's down to this line in tinc.inc - https://github.com/pfsense/FreeBSD-ports/blob/91e12e742d1e7752f0f0ef302066d034dc5048c8/security/pfSense-pkg-tinc/files/usr/local/pkg/tinc.inc#L159

Since there isn't a check to see if we are currently a CARP backup, we un-conditionally start up the service, even when we shouldn't be starting it.

A check should be added to this start up code section to make sure we aren't a CARP backup before starting the service.

Actions
Copy link
 #1

Updated by Kris Phillips 5 months ago

  • Priority changed from High to Normal
Actions
Copy link

Also available in: Atom PDF