Project

General

Profile

Actions
Copy link

Bug #1556

closed

Changing local IPsec tunnel endpoint does not work

Added by Seth Mos over 13 years ago. Updated about 13 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
-
Category:
IPsec
Target version:
2.0
Start date:
05/26/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

When attempting to change over a tunnel from a OPT back to the WAN interface the tunnel never came up.

The other side said that "There was no phase1".

Looking at this side racoon complained that it was not known either. Eventhough the racoon.conf was correct, the SPD policies were correct, it was not ignoring the IPsec traffic for the new endpoint.

Piere Pommes mailed dev@ that this was a known issue with racoon 0.8.
https://trac.ipsec-tools.net/ticket/311

"1) During a reload, racoon binds to all interfaces (here: WAN, OVPN , localhost, and LAN)
My config only listens to WAN, and after a real stop/start (ie: not a reload), racoon is only bound to WAN."

This actively prevents switching to another WAN apparently. I was unable to make it work by restarting racoon only. I've found that a reboot clears it up and everything works again.

Actions
Copy link

Also available in: Atom PDF