Actions
Bug #14865
openSaving TINC VPN settings on a CARP Primary causes TINC to start on the Secondary
Status:
New
Priority:
Normal
Assignee:
-
Category:
Tinc
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
2.7.0
Affected Plus Version:
Affected Architecture:
Description
When anything triggers a configuration save or if the TINC VPN configuration is saved on the CARP Primary Firewall, this causes TINC to start up on the CARP Backup firewall, causing all kinds of conflicts in TINC due to two instances running at the same time.
It's down to this line in tinc.inc - https://github.com/pfsense/FreeBSD-ports/blob/91e12e742d1e7752f0f0ef302066d034dc5048c8/security/pfSense-pkg-tinc/files/usr/local/pkg/tinc.inc#L159
Since there isn't a check to see if we are currently a CARP backup, we un-conditionally start up the service, even when we shouldn't be starting it.
A check should be added to this start up code section to make sure we aren't a CARP backup before starting the service.
Actions