Project

General

Profile

Bug #2922

vpn_ipsec_force_reload() needs to be skipped when not really needed

Added by Jim Pingle almost 6 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
04/02/2013
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.1
Affected Architecture:

Description

vpn_ipsec_force_reload() gets run from /etc/rc.newwanip but it's done no matter what interface goes up/down. vpn_ipsec_force_reload() should be passed an interface parameter, and then it should check all defined tunnels. If there is no enabled tunnel on the interface generating the event, then IPsec should NOT be reloaded. Otherwise a flapping interface that is not using IPsec can cause IPsec to be repeatedly reloaded, leading to it being difficult or impossible to use effectively.

Using vpn_ipsec_force_reload() without any parameters should still reload unconditionally.

Associated revisions

Revision aa752473 (diff)
Added by Renato Botelho almost 6 years ago

Only reload racoon when there is at least one tunnel enabled on the interface used to call rc.newwanip(v6). It fixes #2922

History

#1 Updated by Renato Botelho almost 6 years ago

  • Assignee set to Renato Botelho

#2 Updated by Renato Botelho almost 6 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#3 Updated by Chris Buechler over 5 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF