Project

General

Profile

Actions

Bug #6624

open

changes in IPsec config should down the connection

Added by Chris Buechler over 7 years ago. Updated over 2 years ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
-
Start date:
07/18/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

The fact that strongswan doesn't take down an established connection after changing the config has lead to a number of support issues and user complaints. racoon would drop any existing connections upon changing of that connection's config. Many support cases and forum threads of changes not being applied have this as the root cause. Usually either where a config mismatch was created, but not realized until hours later when the existing expires, or after having added or removed networks with IKEv2 which don't work until manually disconnecting the connection on the status page.

Just doing an 'ipsec down conX' for the connection when the config is changed will address.


Related issues

Related to Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.phpNew

Actions
Has duplicate Bug #11900: IPsec tunnels remain active after disablingDuplicate05/10/2021

Actions
Actions

Also available in: Atom PDF