Actions
Bug #10842
closed
Not destroying VTI interfaces when booting before creating a new one
Start date:
08/19/2020
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
All
Description
During the booting process, we call interface_ipsec_vti_configure() from interfaces.inc multiple times :
And this command takes around 20s to return this error on our hardware which is a long time, especially during the booting process.
in interfaces.inc as it looks like it is solving the issue properly.
- From interfaces_configures() (once)
- From vpn_ipsec_configure() (up to twice)
When create the VTI interface we destroy it beforehand if it exists AND the system is not booting. That results in interface creation attempts when it already exists. An error ensues :
rc.bootup: The command '/sbin/ifconfig 'ipsec1000' create reqid '1000'' returned exit code '1', the output was 'ifconfig: create: bad value'
And this command takes around 20s to return this error on our hardware which is a long time, especially during the booting process.
Is there a specific reason to not destroy the interface when the system is booting ?
I suggest removing the !platform_booting() from
if (!platform_booting() && does_interface_exist($ipsecif)) {
mwexec("/sbin/ifconfig " . escapeshellarg($ipsecif) . " destroy", false);
}
mwexec("/sbin/ifconfig " . escapeshellarg($ipsecif) . " create reqid " . escapeshellarg($ipsecifnum), false);
in interfaces.inc as it looks like it is solving the issue properly.
Updated by 
Updated by 
Updated by Viktor Gurov 
Updated by 
Updated by Anonymous
Actions