Project

General

Profile

Bug #6517

Adding mobile IPsec phase 2 entries requires restart of strongswan

Added by Andreas Wintervold over 3 years ago. Updated over 3 years ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
06/21/2016
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

Using mobile IPsec on 2.3.1-RELEASE-p1 and using OS X 10.11.4 on the client side, I find that when I add additional P2 entries in VPN > IPsec > Tunnels, these do not take effect/get pushed out to the client (seemingly) until I reboot pfSense. Restarting IPsec on pfSense does not seem to have any effect.

The IPsec log shows all non-new P2 entries being pushed out to my OS X client, such as:

04[IKE] <con1|13> CHILD_SA con1{24} established with SPIs c2b8a067_i 0780f641_o and TS aaa.bbb.ccc.ddd/28|/0 === 10.aaa.bbb.ccc/32|/0

History

#1 Updated by Chris Buechler over 3 years ago

  • Subject changed from Adding mobile IPsec phase 2 entries requires reboot to Adding mobile IPsec phase 2 entries requires restart of strongswan
  • Category set to IPsec
  • Status changed from New to Confirmed
  • Affected Version changed from 2.3.1 to All
  • Affected Architecture deleted (amd64)

strongswan doesn't pick up the new leftsubnet config (though it's correctly shown in statusall) when doing a reload. A restart of the service is required (the status page's restart is just a reload, a stop, then start, there will fix too).

Also available in: Atom PDF