Bug #15769
open
IPsec DNS gateway changes causes all tunnel restarts
0%
Description
Following issue is troubleshooted and outlined in the forum post
https://forum.netgate.com/topic/190426/frr-seeing-ipsec-tunnels-disappearing/6
I have a few IPsec tunnels using DNS name as the Remote gateway address. If the IP changes for the DNS name that initiates a restart of ALL ipsec tunnels.
For very obvious reasons this shouldn't happen and the impact should be on the one tunnel that saw a change in its status.
The other fall out is if you are utilizing FRR with VTI, routing adjs also bounce which causes an outage.
This may be related to 14483 with the difference being here is a DNS name changing outside the control of the local admin which kills all IPsec tunnels on the system.
This marks 2x faults within the IPsec implementation that causes a wide spread connectivity outage, albiet briefly through very benign changes.
No data to display