Project

General

Profile

Actions

Bug #3960

closed

deleting or changing phase 2 doesn't remove former P2

Added by Chris Buechler about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
High
Category:
IPsec
Target version:
Start date:
10/25/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:

Description

When editing an existing P2 in 2.2, the original entry isn't removed from the SPD. For instance, change just the IP subnet on local or remote on P2, and you'll have both the old one and the new one.

Actions #1

Updated by Renato Botelho about 10 years ago

  • Status changed from Confirmed to Feedback
  • Assignee set to Renato Botelho

I couldn't reproduce it, I changed local or remote subnet and it worked as expected. Can you confirm it is still happening on recent snapshots? If yes, please share ipsec block of your config.

Actions #2

Updated by Chris Buechler about 10 years ago

  • Subject changed from changing phase 2 doesn't remove former P2 to deleting or changing phase 2 doesn't remove former P2
  • Status changed from Feedback to Confirmed

I confirmed it again on the most recent snapshot. In addition to changing it not removing, deleting a P2 doesn't remove it either. There is an example on 22vpntest (see lastpass), "cmb home site to site", feel free to mess around with that, it's not important. Change one of the P2s there, save and apply changes, and you'll have both the old and new there. Delete a P2 and it'll still be there.

Actions #3

Updated by Chris Buechler about 10 years ago

similarly, disabling a P1 doesn't remove it from the SPD nor SAD. It does remove it from the config file.

Actions #4

Updated by Renato Botelho about 10 years ago

Chris Buechler wrote:

I confirmed it again on the most recent snapshot. In addition to changing it not removing, deleting a P2 doesn't remove it either. There is an example on 22vpntest (see lastpass), "cmb home site to site", feel free to mess around with that, it's not important. Change one of the P2s there, save and apply changes, and you'll have both the old and new there. Delete a P2 and it'll still be there.

Didn't find 22vpntest on last pass, maybe it's on a group I don't have access

Actions #5

Updated by Chris Buechler about 10 years ago

it's not consistent every time it appears, but it is replicable after discussing and trying further with Renato.

Actions #6

Updated by Renato Botelho about 10 years ago

  • Status changed from Confirmed to Closed

Ticket #3981 is the root cause

Actions

Also available in: Atom PDF