Actions
Bug #2922
closedvpn_ipsec_force_reload() needs to be skipped when not really needed
Start date:
04/02/2013
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
Description
vpn_ipsec_force_reload() gets run from /etc/rc.newwanip but it's done no matter what interface goes up/down. vpn_ipsec_force_reload() should be passed an interface parameter, and then it should check all defined tunnels. If there is no enabled tunnel on the interface generating the event, then IPsec should NOT be reloaded. Otherwise a flapping interface that is not using IPsec can cause IPsec to be repeatedly reloaded, leading to it being difficult or impossible to use effectively.
Using vpn_ipsec_force_reload() without any parameters should still reload unconditionally.
Updated by Renato Botelho over 11 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset aa752473de6736186ee0ab6355046b6383521091.
Updated by Chris Buechler over 11 years ago
- Status changed from Feedback to Resolved
Actions