Project

General

Profile

Actions

Bug #12298

closed

IPsec manual initiation and termination should use a timeout value or forced actions

Added by Jim Pingle over 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
IPsec
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Connecting or disconnecting IPsec P1/P2 entries from the status page, widget, or keep alive uses a command such as swanctl --initiate or swanctl --terminate. These commands will hold open a VICI socket waiting on the attempt to finish negotiation before the command exits. This could keep open the socket longer than expected, and may cause other actions to fail.

Initiation should use a timeout, such as --timeout 5 which gives it a reasonable chance to succeed without waiting too long. Note that this doesn't stop strongSwan from connecting after that given time period, it only affects how long the swanctl client waits for the process to complete.

Termination should use --force which will not wait for the action to complete before exiting.

Actions #1

Updated by Jim Pingle over 3 years ago

  • Description updated (diff)
Actions #2

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Jim Pingle about 3 years ago

  • Subject changed from IPsec manual initiation and termination should use a timeout value and/or forced actions to IPsec manual initiation and termination should use a timeout value or forced actions

Updating subject for release notes.

Actions #4

Updated by Jim Pingle about 3 years ago

  • Status changed from Feedback to Resolved

Working as expected now.

Actions #5

Updated by Jim Pingle about 3 years ago

  • Plus Target Version changed from 21.09 to 22.01
Actions

Also available in: Atom PDF