Project

General

Profile

Bug #1356

IPSec SPD definitions lost after reboot

Added by Alex Vergilis over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
03/15/2011
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

It appeard that if 2.0 RC1 is restarted, all SPD definitions are not available post a reboot. Restart of racoon corrects the issue, and everything works as expected.

The following are the only log entries for IPSec post a reboot.

Mar 15 18:03:56 racoon: [Self]: INFO: a.b.c.d500 used as isakmp port (fd=17)
Mar 15 18:03:56 racoon: INFO: a.b.c.d500 used for NAT-T
Mar 15 18:03:56 racoon: [Self]: INFO: a.b.c.d4500 used as isakmp port (fd=16)
Mar 15 18:03:56 racoon: INFO: a.b.c.d4500 used for NAT-T
Mar 15 18:03:56 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Mar 15 18:03:56 racoon: INFO: (#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
Mar 15 18:03:56 racoon: INFO:
(#)ipsec-tools 0.8.0.RC2 (http://ipsec-tools.sourceforge.net)

Associated revisions

Revision af4c040e (diff)
Added by Ermal Luçi over 8 years ago

Ticket #1356 use locking here rather than ps to serialize execution.

History

#1 Updated by Seth Mos over 8 years ago

Do you use hostnames for your endpoints?

#2 Updated by Charles AMPEAU over 8 years ago

Hi,

I have the same problem here using DNS hostname endpoints using 2.0-RC1 (i386) built on Mon Mar 14 21:48:11 EDT 2011 .

After a reboot, my /var/etc/psk.txt doesn't contain any IP address.

A restart of racoon and tunnels come up.

Hope that helps

#3 Updated by Alex Vergilis over 8 years ago

Yes. Hostnames are used. You can speak with Chris. He knows my IPSec configs.

#4 Updated by Charles AMPEAU over 8 years ago

I have a fix working at home :

In the file /etc/rc.newipsecdns line 47, the check for already running script is always true

So I replaced :

while(stristr(shell_exec("/bin/ps auxww"), "rc.newipsecdns")) {

by

while(substr_count(shell_exec("/bin/ps auxww"), "rc.newipsecdns") > 1) {

#5 Updated by Charles AMPEAU over 8 years ago

Last comment : bug was introduced 14 days ago in e77ecd8e

#6 Updated by Ermal Luçi over 8 years ago

  • Status changed from New to Feedback

Please test latest snapshots a patch has been committed.

#7 Updated by Charles AMPEAU over 8 years ago

I have just tested your patch. This is working!

Better than my quick and dirty patch!

Thanks Ermal!

#8 Updated by Alex Vergilis over 8 years ago

Thank you. Works as expected now.

#9 Updated by Jim Pingle over 8 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF