Bug #3960
closed
deleting or changing phase 2 doesn't remove former P2
Added by Chris Buechler about 10 years ago.
Updated about 10 years ago.
Description
When editing an existing P2 in 2.2, the original entry isn't removed from the SPD. For instance, change just the IP subnet on local or remote on P2, and you'll have both the old one and the new one.
- Status changed from Confirmed to Feedback
- Assignee set to Renato Botelho
I couldn't reproduce it, I changed local or remote subnet and it worked as expected. Can you confirm it is still happening on recent snapshots? If yes, please share ipsec block of your config.
- Subject changed from changing phase 2 doesn't remove former P2 to deleting or changing phase 2 doesn't remove former P2
- Status changed from Feedback to Confirmed
I confirmed it again on the most recent snapshot. In addition to changing it not removing, deleting a P2 doesn't remove it either. There is an example on 22vpntest (see lastpass), "cmb home site to site", feel free to mess around with that, it's not important. Change one of the P2s there, save and apply changes, and you'll have both the old and new there. Delete a P2 and it'll still be there.
similarly, disabling a P1 doesn't remove it from the SPD nor SAD. It does remove it from the config file.
Chris Buechler wrote:
I confirmed it again on the most recent snapshot. In addition to changing it not removing, deleting a P2 doesn't remove it either. There is an example on 22vpntest (see lastpass), "cmb home site to site", feel free to mess around with that, it's not important. Change one of the P2s there, save and apply changes, and you'll have both the old and new there. Delete a P2 and it'll still be there.
Didn't find 22vpntest on last pass, maybe it's on a group I don't have access
it's not consistent every time it appears, but it is replicable after discussing and trying further with Renato.
- Status changed from Confirmed to Closed
Ticket #3981 is the root cause
Also available in: Atom
PDF
Updated by 
Updated by