Project

General

Profile

Todo #4353

Review IPsec reloading when strongswan.conf is changed

Added by Ermal Luçi over 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
01/30/2015
Due date:
% Done:

60%

Estimated time:

Description

If things on strongswan.conf are changed ipsec service needs to be restarted since reloading does not work for them

Associated revisions

Revision 420fce04 (diff)
Added by Ermal Luçi over 4 years ago

Fixes #4353 Identify when strongswan.conf needs a reload and restart ipsec service.

Revision 41da54ce (diff)
Added by Ermal Luçi over 4 years ago

Fixes #4353 Identify when strongswan.conf needs a reload and restart ipsec service.

Revision 42275e69 (diff)
Added by Ermal Luçi over 4 years ago

Ticket #4353 fix typo on unset var spotted-by: Phil Davis

Revision 1c4540dc (diff)
Added by Ermal Luçi over 4 years ago

Ticket #4353 fix typo on unset var spotted-by: Phil Davis

History

#1 Updated by Ermal Luçi over 4 years ago

  • Status changed from New to Feedback

#2 Updated by Ermal Luçi over 4 years ago

  • % Done changed from 0 to 100

#3 Updated by Ermal Luçi over 4 years ago

#4 Updated by Chris Buechler over 4 years ago

  • Status changed from Feedback to Confirmed
  • Assignee set to Ermal Luçi
  • Priority changed from Normal to High
  • % Done changed from 100 to 60

this is excessive in at least some circumstances. The restart flushes the SAD so it will cause at least a brief outage, and hence needs to be minimized. Some, if not most, of these changes should be applied just sending a SIGHUP to charon. Discussed here:
https://wiki.strongswan.org/issues/435

#5 Updated by Ermal Luçi over 4 years ago

Yeah i have done this for mobile settings and some reports from the forum where the settings were not updated.

I will double check which plugins do not support reload and update the ticket.

#6 Updated by Sam Bernard over 4 years ago

I reported a bug 4425 which I'm thinking might be related to this. Let me know if you need any logs from me.

Sam

#7 Updated by Chris Buechler about 4 years ago

  • Assignee changed from Ermal Luçi to Chris Buechler

working on this

#8 Updated by Chris Buechler about 4 years ago

  • Subject changed from IPSec reloading does not work when strongswan.conf is changed to Review IPsec reloading when strongswan.conf is changed
  • Priority changed from High to Normal
  • Target version changed from 2.2.1 to 2.2.2

it at least only restarts when something is actually changed, and the HUP doesn't seem to apply things it should with strongswan in some cases. Leaving this as is for now, needs review for future releases.

#9 Updated by Chris Buechler about 4 years ago

  • Target version changed from 2.2.2 to 2.2.3

#10 Updated by Ermal Luçi about 4 years ago

  • Status changed from Confirmed to Feedback

This have been fixed with the code change to use the starter pid for events rather than charon one.

#11 Updated by Chris Buechler almost 4 years ago

  • Tracker changed from Bug to Todo
  • Status changed from Feedback to New
  • Target version changed from 2.2.3 to 2.3

#12 Updated by Chris Buechler over 3 years ago

  • Status changed from New to Resolved

we've done a lot of work here in later 2.2.x versions. I'm not aware of anything that's handled incorrectly here anymore.

Also available in: Atom PDF