Bug #1356: IPSec SPD definitions lost after reboot - pfSense - pfSense bugtracker

Actions

Bug #1356

closed

IPSec SPD definitions lost after reboot

Added by Alex Vergilis over 13 years ago. Updated over 13 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

-

Category:

IPsec

Target version:

Start date:

03/15/2011

Due date:

% Done:

0%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.0

Affected Architecture:

Description

It appeard that if 2.0 RC1 is restarted, all SPD definitions are not available post a reboot. Restart of racoon corrects the issue, and everything works as expected.

The following are the only log entries for IPSec post a reboot.

Mar 15 18:03:56 racoon: [Self]: INFO: a.b.c.d⁵⁰⁰ used as isakmp port (fd=17)
Mar 15 18:03:56 racoon: INFO: a.b.c.d⁵⁰⁰ used for NAT-T
Mar 15 18:03:56 racoon: [Self]: INFO: a.b.c.d⁴⁵⁰⁰ used as isakmp port (fd=16)
Mar 15 18:03:56 racoon: INFO: a.b.c.d⁴⁵⁰⁰ used for NAT-T
Mar 15 18:03:56 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Mar 15 18:03:56 racoon: INFO: (#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/) Mar 15 18:03:56 racoon: INFO:(#)ipsec-tools 0.8.0.RC2 (http://ipsec-tools.sourceforge.net)

Actions

#1

Updated by Seth Mos over 13 years ago

Do you use hostnames for your endpoints?

Actions

#2

Updated by Charles AMPEAU over 13 years ago

Hi,

I have the same problem here using DNS hostname endpoints using 2.0-RC1 (i386) built on Mon Mar 14 21:48:11 EDT 2011 .

After a reboot, my /var/etc/psk.txt doesn't contain any IP address.

A restart of racoon and tunnels come up.

Hope that helps

Actions

#3

Updated by Alex Vergilis over 13 years ago

Yes. Hostnames are used. You can speak with Chris. He knows my IPSec configs.

Actions

#4

Updated by Charles AMPEAU over 13 years ago

I have a fix working at home :

In the file /etc/rc.newipsecdns line 47, the check for already running script is always true

So I replaced :

while(stristr(shell_exec("/bin/ps auxww"), "rc.newipsecdns")) {

by

while(substr_count(shell_exec("/bin/ps auxww"), "rc.newipsecdns") > 1) {

Actions

#5

Updated by Charles AMPEAU over 13 years ago

Last comment : bug was introduced 14 days ago in e77ecd8e

Actions

#6

Updated by Ermal Luçi over 13 years ago

Status changed from New to Feedback

Please test latest snapshots a patch has been committed.

Actions

#7

Updated by Charles AMPEAU over 13 years ago

I have just tested your patch. This is working!

Better than my quick and dirty patch!

Thanks Ermal!

Actions

#8

Updated by Alex Vergilis over 13 years ago

Thank you. Works as expected now.

Actions

#9

Updated by Jim Pingle over 13 years ago

Status changed from Feedback to Resolved

Actions

Also available in: Atom PDF