Bug #11427
closedIPSEC Status page shows Connections twice (connected and disconnected)
0%
Description
Hi,
I have two IPSEC connections, both are running fine.
On the Statuspage, the entries seams to be splittend in a connected and an unconnected party.
He definitions are the same as under 2.4.5. This optical glitch is new.
Files
Updated by Jim Pingle almost 4 years ago
- Status changed from New to Incomplete
You haven't provided nearly enough information. At a minimum, provide the IPsec configuration as well as the output of swanctl --list-conns
and swanctl --list-sas
The GUI reports what strongSwan reports, so odds are there isn't anything we can do here, but we can still have a look.
One possible way this kind of thing can happen is if the connections are matching on something dynamic, for example, where the dynamic stub stays in the list but a specific connection shows on its own.
Updated by Denis Grilli almost 4 years ago
We are having the same exact issue and despite I cannot provide any configuration at the moment I can provide some insight on the problem:
the ipsec_status.php page contains an array of connected VPNs "$ipsecconnected" populated with connection ids ( the format is not very clear to me) and another array of VPNs from the configuration file (called "$a_phase1").
The id inside the $a_phase1 doesn't match the id inside the $ipsecconnected array. For instance the $ipsecconnected array contains "2000" as connection ID and the $a_phase1 contains "20" for the same exact connection.
Weirdly is the same connection number conn200000 of Stefan who opened this case.
I believe there is some issue on the part of the code that populate the $ipsecconnected" array:
-------------------------//check which array format
if(isset($ikesa['con-id'])){
$con_id = substr($ikesa['con-id'],3);
}else{
$con_id = filter_var($ikeid, FILTER_SANITIZE_NUMBER_INT);
}
if ($ikesa['version'] == 1) {
$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
$ipsecconnected[$ph1idx] = $ph1idx;
} else {
if (!ipsec_ikeid_used($con_id)) {
// probably a v2 with split connection then
$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
$ipsecconnected[$ph1idx] = $ph1idx;
} else {
$ipsecconnected[$con_id] = $ph1idx = $con_id;
}
}
------------------------------------
but I couldn't figure out yet exactly what is the issue.
Hope this helps.
Updated by Jim Pingle almost 4 years ago
- Status changed from Incomplete to Duplicate
This has been fixed already, see #11435