Bug #8629
closed
Routed IPsec P1 - not coming up after pressing "disconnect" button
100%
Description
A simple routed IPsec setup with one single /32 route across VTI interface. It works - P1 is UP, P2 routes listed, connectivity between remote hosts confirmed with icmp test.
But when forcing P1 disconnect with "disconnect" button under Status -> IPsec, P1 never comes back up until I reload IPsec daemon on one of the endpoints. When I try to force tunnel to come up by pressing "connect" button or initiating interesting for ipsec traffic I see this in log on either site:
Jul 10 06:18:00 charon 12[CFG] no IKE_SA named 'con1' found
Jul 10 06:18:01 charon 07[CFG] vici client 31 connected
Jul 10 06:18:01 charon 13[CFG] vici client 31 registered for: list-sa
Jul 10 06:18:01 charon 13[CFG] vici client 31 requests: list-sas
Jul 10 06:18:01 charon 10[CFG] vici client 31 disconnected
Jul 10 06:18:01 charon 07[CFG] received stroke: initiate 'con1'
Jul 10 06:18:01 charon 07[CFG] no config named 'con1'
2.4.4 factory - Mon Jul 09 16:05:36 EDT 2018 - both machines.
Updated by Jim Pingle over 6 years ago
The connect/disconnect issue likely doesn't have anything to do with VTI, but the conn numbering changes. sjones was already investigating a fix for that with #8598 so this may be resolved when that is complete. If not, it can be revisited.
Updated by Anonymous over 6 years ago
I just pushed a fix for #8598 which may help with this (Fixing disconnect and show child buttons) It was mostly for mobile clients. I did not change the 'connect' button details. So if that still persists I can help fix that I'll just need a few more details.
Updated by Jim Pingle over 6 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 62caa87a4b9027ac8f7b7cace7588f842ca57fc2.
Updated by Vladimir Lind