Bug #6517
open
Adding mobile IPsec phase 2 entries requires restart of strongswan
0%
Description
Using mobile IPsec on 2.3.1-RELEASE-p1 and using OS X 10.11.4 on the client side, I find that when I add additional P2 entries in VPN > IPsec > Tunnels, these do not take effect/get pushed out to the client (seemingly) until I reboot pfSense. Restarting IPsec on pfSense does not seem to have any effect.
The IPsec log shows all non-new P2 entries being pushed out to my OS X client, such as:
04[IKE] <con1|13> CHILD_SA con1{24} established with SPIs c2b8a067_i 0780f641_o and TS aaa.bbb.ccc.ddd/28|/0 === 10.aaa.bbb.ccc/32|/0
Updated by Chris Buechler over 8 years ago
- Subject changed from Adding mobile IPsec phase 2 entries requires reboot to Adding mobile IPsec phase 2 entries requires restart of strongswan
- Category set to IPsec
- Status changed from New to Confirmed
- Affected Version changed from 2.3.1 to All
- Affected Architecture added
- Affected Architecture deleted (
amd64)
strongswan doesn't pick up the new leftsubnet config (though it's correctly shown in statusall) when doing a reload. A restart of the service is required (the status page's restart is just a reload, a stop, then start, there will fix too).