Bug #360
closedEditing P2 leaves old SPD entry
100%
Description
After editing a P2 entry, the as-edited P2 is added to the SPD, but the former P2's SPD entry is also retained. For an example see the attached screenshot. There is only one P1 with a single P2. The P2 has been edited 3 times, every edit of it is there.
Files
Updated by Pierre POMES almost 15 years ago
Probably the same issue as #137.
"/usr/local/sbin/racoonctl -s /var/run/racoon.sock reload-config" does not work because the admin socket is in /var/db/racoon (error returned is "bad file descriptor").
However, the /var/etc/racoon.conf file specifies /var/run/racoon.sock, but it seems to be ignored when racoon starts:
- racoon -F -d -vvvvv -f /var/etc/racoon.conf
Foreground mode.
2010-02-16 21:47:22: INFO:(#)ipsec-tools 0.8-alpha20090903 (http://ipsec-tools.sourceforge.net)
(#)This product linked OpenSSL 0.9.8k 25 Mar 2009 (http://www.openssl.org/)
2010-02-16 21:47:22: INFO:
2010-02-16 21:47:22: INFO: Reading configuration from "/var/etc/racoon.conf"
2010-02-16 21:47:22: DEBUG: call pfkey_send_register for AH
2010-02-16 21:47:22: DEBUG: call pfkey_send_register for ESP
2010-02-16 21:47:22: DEBUG: call pfkey_send_register for IPCOMP
2010-02-16 21:47:22: DEBUG: open /var/db/racoon/racoon.sock as racoon management.
A quick fix could be to revert to the pfSense 1.2.3 mode, and store the socket in /var/db/racoon/racoon.sock ?
I did not change it because I don't know why it has been changed in 2.0. Any ideas ?
Updated by Chris Buechler almost 15 years ago
Ah yeah, that reminds me, I think Seth ran into this the last time we were testing ipsec-tools 0.8, it ignores that. We'll need to report that upstream.
Updated by Pierre POMES almost 15 years ago
In the meanwhile, would you like I revert it to the "1.2.3" mode ? And create a new redmine ticket to change it back when ipsec-tools will be patched ?
Updated by Chris Buechler almost 15 years ago
that should be fine for now, thanks
Updated by Pierre POMES almost 15 years ago
- Status changed from New to Feedback
Same as #137 (fixed in changeset 98718ac1be2b0004254cf0ef0104a579871d94db)