Project

General

Profile

Actions
Copy link

Bug #3960

closed

deleting or changing phase 2 doesn't remove former P2

Added by Chris Buechler about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
High
Assignee:
Renato Botelho
Category:
IPsec
Target version:
2.2
Start date:
10/25/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:

Description

When editing an existing P2 in 2.2, the original entry isn't removed from the SPD. For instance, change just the IP subnet on local or remote on P2, and you'll have both the old one and the new one.

Actions
Copy link
 #1

Updated by Renato Botelho about 10 years ago

  • Status changed from Confirmed to Feedback
  • Assignee set to Renato Botelho

I couldn't reproduce it, I changed local or remote subnet and it worked as expected. Can you confirm it is still happening on recent snapshots? If yes, please share ipsec block of your config.

Actions
Copy link
 #2

Updated by Chris Buechler about 10 years ago

  • Subject changed from changing phase 2 doesn't remove former P2 to deleting or changing phase 2 doesn't remove former P2
  • Status changed from Feedback to Confirmed

I confirmed it again on the most recent snapshot. In addition to changing it not removing, deleting a P2 doesn't remove it either. There is an example on 22vpntest (see lastpass), "cmb home site to site", feel free to mess around with that, it's not important. Change one of the P2s there, save and apply changes, and you'll have both the old and new there. Delete a P2 and it'll still be there.

Actions
Copy link
 #3

Updated by Chris Buechler about 10 years ago

similarly, disabling a P1 doesn't remove it from the SPD nor SAD. It does remove it from the config file.

Actions
Copy link
 #4

Updated by Renato Botelho about 10 years ago

Chris Buechler wrote:

I confirmed it again on the most recent snapshot. In addition to changing it not removing, deleting a P2 doesn't remove it either. There is an example on 22vpntest (see lastpass), "cmb home site to site", feel free to mess around with that, it's not important. Change one of the P2s there, save and apply changes, and you'll have both the old and new there. Delete a P2 and it'll still be there.

Didn't find 22vpntest on last pass, maybe it's on a group I don't have access

Actions
Copy link
 #5

Updated by Chris Buechler about 10 years ago

it's not consistent every time it appears, but it is replicable after discussing and trying further with Renato.

Actions
Copy link
 #6

Updated by Renato Botelho about 10 years ago

  • Status changed from Confirmed to Closed

Ticket #3981 is the root cause

Actions
Copy link

Also available in: Atom PDF