Project

General

Profile

Actions

Bug #12039

open

Gateway alarm always trigger IPsec restart

Added by Viktor Gurov about 2 months ago. Updated 21 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
06/15/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.09
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:

Description

There are several issues:

1) '/etc/rc.gateway_alarm' trigger '/etc/rc.newipsecdns' which generate an invalid log message:

IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.

- which can confuse users.
This message is only true if IPsec remote-gateway == FQDN and filterdns updates it's IP.
see https://github.com/pfsense/pfsense/blob/eb1305d0736a1d71d1615ca6b19e3f4a917317a0/src/etc/inc/ipsec.inc#L2862

2) It is not necessary to restart IPsec if an alarm is triggered for the Gateway that doesn't affect IPsec connections. It should be more flexible, like '/etc/rc.openvpn'.

3) It's better to create '/etc/rc.ipsec' in the same way as '/etc/rc.openvpn' and use '/etc/rc.newipsecdns' only for filterdns updates.

Actions #2

Updated by Renato Botelho 21 days ago

  • Status changed from New to In Progress
  • Assignee set to Viktor Gurov

I've merged check_reload_status part. Please re-test PHP part to make sure it's working as expected.

Actions #3

Updated by Renato Botelho 21 days ago

  • Target version set to 2.6.0
  • Plus Target Version set to 21.09
Actions

Also available in: Atom PDF