Project

General

Profile

Actions

Bug #2896

closed

IPsec failover may not fully attach to new interface address

Added by Jim Pingle over 8 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
03/21/2013
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

In some cases, IPsec failover using a gateway group will not move from one WAN to another properly. Unfortunately this does not seem to affect every user.

After some trial and error on a system that exhibited this symptom it appears that the attached patch fixes the problem. However, the patch introduces a forced reload of IPsec which would be disruptive to tunnels on interfaces that did not fail, so it is not ideal as-is.

We may need to introduce some extra logic to determine when this might be necessary, it may even just need to be an IPsec option under System > Advanced on the Miscellaneous tab for "Force IPsec Reload on Failover" or similar.

More history and logs on MZB-487282


Files

ipsec-failover-testfix1.patch (688 Bytes) ipsec-failover-testfix1.patch Jim Pingle, 03/21/2013 02:08 PM
Actions #1

Updated by Bruce Mah over 8 years ago

I have observed this problem too. I hope to give the patch a try.

Actions #2

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Resolved

this work-around suffices for 2.1, if we find the root cause we can start a new ticket to address that at a later time.

Actions #3

Updated by → luckman212 over 5 years ago

Is this workaround no longer needed as of 2.2/2.3? I see that the "Force IPsec reload on failover" option was removed so I assume "yes" but just checking.

Actions #4

Updated by Josh H almost 5 years ago

Im still seeing this issue in 2.3.2 and the "Force IPsec reload on failover" option under advanced ipsec settings is gone. Can we have this option back or maybe in 2.3.2 this is supposed to be automated and is not working correctly. Thanks.

Actions

Also available in: Atom PDF