Bug #11196
closed
IPsec DPD action incorrect on development snapshots
100%
Description
The DPD action isn't correct in several cases on snapshots (swanctl format). For example:
- "none" is not valid, should be "clear"
- "restart" is currently the default, it should be "trap" for policy-based tunnels and "restart" for VTI
- It should mirror the equivalent values for Child SA close action when that is set
Updated by Jim Pingle over 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset d4e1fdeabe85d97228f38994b08b5d39f4c706c2.
Updated by Florin Samareanu over 3 years ago
After going with latest dev I don’t see any duplicate p1s or p2s during the last 24h. My tunnels are mostly using default values (I did change reauth to rekey for phase 1) with vti p2s. Thank you for nailing this.
As a side note, it would be great if p2s would expose the same settings as p1s with regards to reauth/rekey/over time but current setup works well for me too.
Before I would end up with tens of duplicate p2s after a few hours.
Updated by Florin Samareanu over 3 years ago
This was supposed to be a comment for #10176. Apologies.
Updated by Max Leighton over 3 years ago
- Status changed from Feedback to Resolved
Tested on latest build and now see dpd action set to trap, restart, or clear based on the corresponding Child SA close action. Marking the ticket resolved