Bug #15685
closedMobile IPsec does not automatically switch to failover gateway
100%
Description
After failing over to a backup WAN interface, the clients were unable to connect using the backup WAN's IP address. Upon inspection of the swanctl.conf file, it was discovered that the local_addrs parameter still contained the IP address of the Primary WAN.
After failing over to the backup WAN interface, the following logs document the clients' attempted connections.
Aug 15 15:42:14 charon 39479 14[NET] <23> received packet: from 172.21.10.11[500] to 172.21.10.103[500] (370 bytes) Aug 15 15:42:14 charon 39479 14[ENC] <23> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ] Aug 15 15:42:14 charon 39479 14[CFG] <23> looking for an IKEv2 config for 172.21.10.103...172.21.10.11 Aug 15 15:42:14 charon 39479 14[IKE] <23> no IKE config found for 172.21.10.103...172.21.10.11, sending NO_PROPOSAL_CHOSEN Aug 15 15:42:14 charon 39479 14[ENC] <23> generating IKE_SA_INIT response 0 [ N(NO_PROP) ] Aug 15 15:42:14 charon 39479 14[NET] <23> sending packet: from 172.21.10.103[500] to 172.21.10.11[500] (36 bytes) Aug 15 15:42:14 charon 39479 14[IKE] <23> IKE_SA (unnamed)[23] state change: CREATED => DESTROYING
After restarting the IPsec service under VPN/IPsec/Tunnels, the issue was resolved. Following the service restart, the swanctl.conf file contained the correct local_addrs entry.
The config file used for testing is attached.
Files
Related issues
Updated by Marcos M about 2 months ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset c1edb3ff97b20224858795ce3ef872a1cc9d4f53.
Updated by Marcos M about 2 months ago
- Subject changed from Mobile IPsec Multi WAN failover issue to Mobile IPsec does not automatically switch to failover gateway
- Assignee set to Marcos M
- Priority changed from High to Normal
- Target version set to 2.8.0
- Plus Target Version set to 24.11
- Affected Version set to 2.7.2
Updated by Danilo Zrenjanin about 2 months ago
- Status changed from Feedback to Resolved
Tested against the latest dev release.
The issue is fixed.
I am closing this ticket as resolved.
Updated by Danilo Zrenjanin 8 days ago
- Related to Bug #15930: Mobile IPsec clients can't connect after gateway failover added