Project

General

Profile

Actions

Bug #10351

closed

Saving IPSEC connection breaks FRR BGP on VTI interfaces

Added by Steven Brown about 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
03/17/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4-p3
Affected Architecture:

Description

I believe this is related to Bug #9668.

When editing a Phase 1 IPSEC connection and clicking save and then apply, the FRR BGP on VTI interfaces will break.

I've applied the patch ID 7ba8d654582d452103c78faf63bacd4385177537 to the system and it does not fix the problem.

If I manually run /etc/rc.newipsecdns from the CLI while in a failed state, the FRR BGP will eventually restart, such that I believe a callback to ipsec_reload_package_hook() is needed somewhere else.

Actions #1

Updated by Steven Brown about 2 years ago

I should have made it clearer that /etc/rc.newipsecdns is run post-patch.

Actions #2

Updated by Jim Pingle about 2 years ago

  • Category set to IPsec
Actions #4

Updated by Jim Pingle about 2 years ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.5.0
Actions #5

Updated by Renato Botelho about 2 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #6

Updated by Jim Pingle about 2 years ago

  • Target version changed from 2.5.0 to 2.4.5-p1
Actions #7

Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Resolved

This appears to be doing as much as it can. There may be other similar/related issues but this specific case appears to be OK.

For the other problems, they should be opened as separate issues if they persist.

Actions

Also available in: Atom PDF