IPsec status tunnel descriptions are incorrect
Moving from internal Redmine since this affects CE and Plus and isn't hardware-dependent.
I'm currently seeing wrong tunnel descriptions for site to site ipsec tunnels under 'status > ipsec'.
built on Thu Apr 29 12:02:40 EDT 2021
Attached are images which indicate what I'm talking about.
I've seen this for at least a few weeks since I've been testing dev builds.
It survives reboots, and upgrades, and I see the wrong tunnel name with 'ipsec statusall' as well.
See NG 6284 for the attachments.
Probably something with the shift in numbering that Renato recently worked on (#11794). In the status output that cjl tunnel is "con8" which normally would be associated with the P1 that has an ikeid of 8, but the tunnel with an ikeid of 8 is Bob. So somehow it's not forming the expected connection numbers or it's not properly checking against the right reverse mapping when doing the status.
#3 Updated by Chris Linstruth 12 days ago
- File Screen Shot 2021-06-04 at 9.32.55 AM.png Screen Shot 2021-06-04 at 9.32.55 AM.png added
- File Screen Shot 2021-06-04 at 9.32.42 AM.png Screen Shot 2021-06-04 at 9.32.42 AM.png added
Also seeing strangeness in the IPsec dashboard widget. Customer also reporting the active tunnel counts are incorrect in the widget but I can't duplicate that.
#4 Updated by Marcos Mendoza 5 days ago
- File ipsec_status.png ipsec_status.png added
- File widget_overview.png widget_overview.png added
- File widget_tunnels.png widget_tunnels.png added
I can replicate the active tunnel count being incorrect, as well as incorrect status, by using P1s with the option "Gateway duplicates". See attached.
Notice on the status image,
con1 should have a description of "SiteA-B-IPsec WAN2" and have a different number in the IPsec VTI range.