Project

General

Profile

Actions

Bug #15087

open

IPsec Keep Alive does not update the gateway status

Added by Marcos M about 1 year ago. Updated 12 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

If the IPsec gateway status is pending (e.g. on a VTI after bootup when the remote peer is an FQDN), the keep alive check will connect the P2, but the gateway status remains pending. Manually restarting dpinger updates the gateway status to online.


Files

clipboard-202312271444-1y6tv.png (27.1 KB) clipboard-202312271444-1y6tv.png Danilo Zrenjanin, 12/27/2023 01:44 PM
clipboard-202312271445-fkayy.png (28.5 KB) clipboard-202312271445-fkayy.png Danilo Zrenjanin, 12/27/2023 01:45 PM
clipboard-202312271448-lc0m1.png (27.5 KB) clipboard-202312271448-lc0m1.png Danilo Zrenjanin, 12/27/2023 01:48 PM
clipboard-202312271449-qi24v.png (33.6 KB) clipboard-202312271449-qi24v.png Danilo Zrenjanin, 12/27/2023 01:49 PM
Actions #1

Updated by Danilo Zrenjanin almost 1 year ago

I tried to replicate that behavior. I set FQDN for the Remote Gateway setup on both sides. Phase 2 in VTI mode. The gateway status never enters Pending mode, regardless of the actions I take (reboot, cold start, etc..).

Actions #2

Updated by Kris Phillips almost 1 year ago

Tried this and it doesn't even need to be a FQDN. The Gateway status page of any VTI with a /30 will almost always show "Pending" until you restart the dpinger service. Then it will show online.

Actions #3

Updated by Danilo Zrenjanin 12 months ago

If I select Type Network /30, the IPsec interface never gets the IP address. It gets only the gateway.

The only way to make it work is to select Address Type. In that case, the IPsec interface gets the IP address and the gateway.

After rebooting, the gateway status slowly goes back to the online status as expected.

I am testing on two ProxMox VMs running stock 23.09.1

Actions #4

Updated by Marcos M 12 months ago

Regarding #note-3, see #15124.

Actions

Also available in: Atom PDF