Bug #15970
closed
IPSEC phase1 deletion causes incorrect phase2 deletions
0%
Description
I recently deleted an IPSEC phase1 entry named "marty", which the configuration file says was ikeid 3. Then I received a complaint that VPN "terry" was down. After comparing configurations, it seems that deletion of phase1 "marty" caused deletion of phase2 "terry", while phase2 "marty" continues to exist.
In order to bring "terry" back up, I manually recreated the appropriate phase2 entries.
Before deleting phase1 "marty" (ikeid 3):
Phase1
1=george
2=terry
3=marty
4=martyv2
Phase2
1=george-p2-a
1=george-p2-b
2=terry-p2-data-a
2=terry-p2-data-b
2=terry-p2-vpn-a
2=terry-p2-vpn-b
3=marty-p2-data-a
3=marty-p2-data-b
4=martyv2-p2-a
4=martyv2-p2-b
After deleting phase1 "marty" (ikeid 3):
phase1:
1=george
2=terry
4=martyv2
phase2:
1=george-p2-a
1=george-p2-b
3=marty-p2-data-a
3=marty-p2-data-b
4=martyv2-p2-a
4=martyv2-p2-b
As you can see, the phase2 entries for ikeid 2 were deleted, and the phrase2 entries for ikeid 3 remain.
Related issues
Updated by Marcos M 4 days ago
- Is duplicate of Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration added