Bug #13102
openDeleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php
100%
Description
- Running 22.05.a.20220426.1313 on a Netgate 6100
- Not sure if this is a regression in 22.05 or an old bug.
Today I deleted an IKEv2 P1 (legacy, not VTI) that was active. I expected this to tear down the tunnel. It did not, so when I went to Status -> IPsec, I saw that there was still an active connection and SAs showing there. I believe at some point one of the scripts on that page (or the dashboard IPsec widget) caused this crash in PHP:
Crash report begins. Anonymous machine information: amd64 12.3-STABLE FreeBSD 12.3-STABLE plus-devel-12-n202664-041fc0bc0fd pfSense Crash report details: PHP Errors: [26-Apr-2022 16:29:11 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:11 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 [26-Apr-2022 16:29:16 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:16 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 No FreeBSD crash data found.
Files
Related issues
Updated by Viktor Gurov over 2 years ago
- Project changed from pfSense Plus to pfSense
- Category changed from IPsec to IPsec
- Status changed from New to Confirmed
- Release Notes changed from Default to Force Exclusion
- Affected Version set to 2.7.0
Updated by Viktor Gurov over 2 years ago
- Related to Bug #6624: changes in IPsec config should down the connection added
Updated by Viktor Gurov over 2 years ago
- Assignee set to Viktor Gurov
Updated by Jim Pingle over 2 years ago
- Status changed from Confirmed to Pull Request Review
- Target version set to 2.7.0
- Plus Target Version set to 22.05
Updated by Viktor Gurov over 2 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset d90552c59e51fb13c712b6a96a51ca2462424156.
Updated by Georgiy Tyutyunnik over 2 years ago
- File liveIPSec.png liveIPSec.png added
tested on
22.05-DEVELOPMENT (amd64)
built on Fri Apr 22 06:22:18 UTC 2022
FreeBSD 12.3-STABLE
bug reproduced, picture attached.
After the patch IPSec tunnel is teared down correctly, no unusual behavior
Updated by Viktor Gurov over 2 years ago
- Status changed from Feedback to Resolved
Updated by Jim Pingle over 2 years ago
- Status changed from Resolved to New
- Plus Target Version changed from 22.05 to 22.09
I had to back the change in d90552c59e51fb13c712b6a96a51ca2462424156 out for now. On systems with a lot of tunnels it was causing a pileup of swanctl processes any time that code path was triggered.
We can revisit it for the next release.
Updated by Jim Pingle over 2 years ago
- Status changed from New to Feedback
Applied in changeset bfb06f9a27785f3c5164b44e004c3be9165f764e.
Updated by Jim Pingle over 2 years ago
- Plus Target Version changed from 22.09 to 22.11
Updated by Jim Pingle about 2 years ago
- Plus Target Version changed from 22.11 to 23.01
Updated by Jim Pingle about 2 years ago
- Plus Target Version changed from 23.01 to 23.05
Can move this forward, previous attempts were too disruptive to risk given all the other changes going on for the 23.01 release already.
Updated by Jim Pingle over 1 year ago
- Plus Target Version changed from 23.05 to 23.09
Updated by Jim Pingle over 1 year ago
- Target version changed from 2.7.0 to CE-Next
Updated by Jim Pingle over 1 year ago
- Plus Target Version changed from 23.09 to 24.01
Updated by Jim Pingle about 1 year ago
- Plus Target Version changed from 24.01 to 24.03
Updated by Jim Pingle 10 months ago
- Plus Target Version changed from 24.03 to 24.07
Updated by Jim Pingle 7 months ago
- Plus Target Version changed from 24.07 to 24.08
Updated by Jim Pingle 3 months ago
- Plus Target Version changed from 24.08 to 24.11
Updated by Jim Pingle 2 months ago
- Plus Target Version changed from 24.11 to 25.01
Updated by Jim Pingle 13 days ago
- Plus Target Version changed from 25.01 to 25.03