Changing local IPsec tunnel endpoint does not work
When attempting to change over a tunnel from a OPT back to the WAN interface the tunnel never came up.
The other side said that "There was no phase1".
Looking at this side racoon complained that it was not known either. Eventhough the racoon.conf was correct, the SPD policies were correct, it was not ignoring the IPsec traffic for the new endpoint.
Piere Pommes mailed dev@ that this was a known issue with racoon 0.8.
"1) During a reload, racoon binds to all interfaces (here: WAN, OVPN , localhost, and LAN)
My config only listens to WAN, and after a real stop/start (ie: not a reload), racoon is only bound to WAN."
This actively prevents switching to another WAN apparently. I was unable to make it work by restarting racoon only. I've found that a reboot clears it up and everything works again.
#3 Updated by Evgeny Yurchenko almost 8 years ago
Still struggling to replicate though tested with OPT1 and OPT2 (can't touch WAN). -(
1. Tunnel works via OPT1.
2. Change local end to OPT2. Tunnel is down.
3. Reconfigure remote end to connect to OPT2 address, as soon as there is interesting traffic the tunnel after brief "no phase 1" goes up.
4. Change local end to OPT1. Tunnel goes down.
5. Reconfigure remote end to connect to OPT1 address, as soon as there is interesting traffic the tunnel after brief "no phase 1" goes up.