Bug #15087
open
IPsec Keep Alive does not update the gateway status
0%
Description
If the IPsec gateway status is pending (e.g. on a VTI after bootup when the remote peer is an FQDN), the keep alive check will connect the P2, but the gateway status remains pending. Manually restarting dpinger updates the gateway status to online.
Files
Updated by Danilo Zrenjanin almost 1 year ago
I tried to replicate that behavior. I set FQDN for the Remote Gateway setup on both sides. Phase 2 in VTI mode. The gateway status never enters Pending mode, regardless of the actions I take (reboot, cold start, etc..).
Updated by Kris Phillips 12 months ago
Tried this and it doesn't even need to be a FQDN. The Gateway status page of any VTI with a /30 will almost always show "Pending" until you restart the dpinger service. Then it will show online.
Updated by Danilo Zrenjanin 12 months ago
- File clipboard-202312271444-1y6tv.png clipboard-202312271444-1y6tv.png added
- File clipboard-202312271445-fkayy.png clipboard-202312271445-fkayy.png added
- File clipboard-202312271448-lc0m1.png clipboard-202312271448-lc0m1.png added
- File clipboard-202312271449-qi24v.png clipboard-202312271449-qi24v.png added
If I select Type Network /30, the IPsec interface never gets the IP address. It gets only the gateway.
The only way to make it work is to select Address Type. In that case, the IPsec interface gets the IP address and the gateway. 
After rebooting, the gateway status slowly goes back to the online status as expected.
I am testing on two ProxMox VMs running stock 23.09.1
Updated by