Actions
Bug #2896
closedIPsec failover may not fully attach to new interface address
Start date:
03/21/2013
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
Description
In some cases, IPsec failover using a gateway group will not move from one WAN to another properly. Unfortunately this does not seem to affect every user.
After some trial and error on a system that exhibited this symptom it appears that the attached patch fixes the problem. However, the patch introduces a forced reload of IPsec which would be disruptive to tunnels on interfaces that did not fail, so it is not ideal as-is.
We may need to introduce some extra logic to determine when this might be necessary, it may even just need to be an IPsec option under System > Advanced on the Miscellaneous tab for "Force IPsec Reload on Failover" or similar.
More history and logs on MZB-487282
Files
Actions