Project

General

Profile

Actions

Bug #11427

closed

IPSEC Status page shows Connections twice (connected and disconnected)

Added by Stefan Heck about 3 years ago. Updated about 3 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
02/16/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:

Description

Hi,
I have two IPSEC connections, both are running fine.
On the Statuspage, the entries seams to be splittend in a connected and an unconnected party.

He definitions are the same as under 2.4.5. This optical glitch is new.


Files

Actions #1

Updated by Jim Pingle about 3 years ago

  • Status changed from New to Incomplete

You haven't provided nearly enough information. At a minimum, provide the IPsec configuration as well as the output of swanctl --list-conns and swanctl --list-sas

The GUI reports what strongSwan reports, so odds are there isn't anything we can do here, but we can still have a look.

One possible way this kind of thing can happen is if the connections are matching on something dynamic, for example, where the dynamic stub stays in the list but a specific connection shows on its own.

Actions #2

Updated by Denis Grilli about 3 years ago

We are having the same exact issue and despite I cannot provide any configuration at the moment I can provide some insight on the problem:

the ipsec_status.php page contains an array of connected VPNs "$ipsecconnected" populated with connection ids ( the format is not very clear to me) and another array of VPNs from the configuration file (called "$a_phase1").

The id inside the $a_phase1 doesn't match the id inside the $ipsecconnected array. For instance the $ipsecconnected array contains "2000" as connection ID and the $a_phase1 contains "20" for the same exact connection.

Weirdly is the same connection number conn200000 of Stefan who opened this case.

I believe there is some issue on the part of the code that populate the $ipsecconnected" array:

-------------------------
//check which array format
if(isset($ikesa['con-id'])){
$con_id = substr($ikesa['con-id'],3);
}else{
$con_id = filter_var($ikeid, FILTER_SANITIZE_NUMBER_INT);
}
if ($ikesa['version'] == 1) {
$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
$ipsecconnected[$ph1idx] = $ph1idx;
} else {
if (!ipsec_ikeid_used($con_id)) {
// probably a v2 with split connection then
$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
$ipsecconnected[$ph1idx] = $ph1idx;
} else {
$ipsecconnected[$con_id] = $ph1idx = $con_id;
}
}

------------------------------------

but I couldn't figure out yet exactly what is the issue.

Hope this helps.

Actions #3

Updated by Jim Pingle about 3 years ago

  • Status changed from Incomplete to Duplicate

This has been fixed already, see #11435

Actions

Also available in: Atom PDF