Bug #12298
closedIPsec manual initiation and termination should use a timeout value or forced actions
100%
Description
Connecting or disconnecting IPsec P1/P2 entries from the status page, widget, or keep alive uses a command such as swanctl --initiate
or swanctl --terminate
. These commands will hold open a VICI socket waiting on the attempt to finish negotiation before the command exits. This could keep open the socket longer than expected, and may cause other actions to fail.
Initiation should use a timeout, such as --timeout 5
which gives it a reasonable chance to succeed without waiting too long. Note that this doesn't stop strongSwan from connecting after that given time period, it only affects how long the swanctl
client waits for the process to complete.
Termination should use --force
which will not wait for the action to complete before exiting.
Updated by Jim Pingle over 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 953aba88ede593dba2d05fefed879acce5dfde83.
Updated by Jim Pingle about 3 years ago
- Subject changed from IPsec manual initiation and termination should use a timeout value and/or forced actions to IPsec manual initiation and termination should use a timeout value or forced actions
Updating subject for release notes.
Updated by Jim Pingle about 3 years ago
- Status changed from Feedback to Resolved
Working as expected now.
Updated by Jim Pingle about 3 years ago
- Plus Target Version changed from 21.09 to 22.01