Bug #15087
open
IPsec Keep Alive does not update the gateway status
100%
Description
If the IPsec gateway status is pending (e.g. on a VTI after bootup when the remote peer is an FQDN), the keep alive check will connect the P2, but the gateway status remains pending. Manually restarting dpinger updates the gateway status to online.
Files
Related issues
Updated by Danilo Zrenjanin over 2 years ago
I tried to replicate that behavior. I set FQDN for the Remote Gateway setup on both sides. Phase 2 in VTI mode. The gateway status never enters Pending mode, regardless of the actions I take (reboot, cold start, etc..).
Updated by Kris Phillips over 2 years ago
Tried this and it doesn't even need to be a FQDN. The Gateway status page of any VTI with a /30 will almost always show "Pending" until you restart the dpinger service. Then it will show online.
Updated by Danilo Zrenjanin over 2 years ago
- File clipboard-202312271444-1y6tv.png clipboard-202312271444-1y6tv.png added
- File clipboard-202312271445-fkayy.png clipboard-202312271445-fkayy.png added
- File clipboard-202312271448-lc0m1.png clipboard-202312271448-lc0m1.png added
- File clipboard-202312271449-qi24v.png clipboard-202312271449-qi24v.png added
If I select Type Network /30, the IPsec interface never gets the IP address. It gets only the gateway.
The only way to make it work is to select Address Type. In that case, the IPsec interface gets the IP address and the gateway. 
After rebooting, the gateway status slowly goes back to the online status as expected.
I am testing on two ProxMox VMs running stock 23.09.1
Updated by Marcos M 1 day ago
- Related to Bug #15303: dpinger service does not always switch from Pending to Online added
Updated by Kris Phillips 1 day ago
Marcos M wrote in #note-6:
Applied with a3aaab24dab6cdcdb457e64ca7592cb01b782586.
Tested this patch on 26.07 from May 12th. While it still had the "Pending" behavior, it eventually self corrected after a few minutes as described.