Project

General

Profile

Bug #8847

IPsec status "Show Child SA entries" button only expands and never collapses

Added by Marcio Gomes over 1 year ago. Updated about 1 hour ago.

Status:
Feedback
Priority:
Very Low
Assignee:
Category:
IPsec
Target version:
Start date:
08/28/2018
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

I am using version 2.4.4, I noticed that in ipsec status when clicking (+) Show child SA entries is shown the details ..
Only when clicking back nothing happens.

I also noticed that there is duplicate information .. and in Reuath in the tunnel IPSEC A is not shown

seconds (-)

ipsec_status.png (77.3 KB) ipsec_status.png Marcio Gomes, 08/28/2018 05:45 PM

Associated revisions

Revision c6220dcf (diff)
Added by Jim Pingle about 2 hours ago

IPsec swanctl conversion. Implements #9603

  • Converted IPsec configuration code from ipsec.conf ipsec/stroke style
    to swanctl.conf swanctl/vici style. Issue #9603
  • Split up much of the single large IPsec configuration function into
    multiple functions as appropriate.
  • Optimized code along the way, including reducing code duplication and
    finding ways to generalize functions to support future expansion.
  • For IKEv1 and IKEv2 with Split Connections enabled, P2 settings are
    properly respected for each individual P2, such as separate
    encryption algorithms. This method also fixes #6263
  • Corrected some cosmetic issues on status_ipsec.php, including changes
    that fix #8847
  • Added a "Conect Children" button to status_ipsec.php to bring up
    child SAs when a P1 is connected but P2s disconnected.
  • New GUI option under VPN > IPsec, Mobile Clients tab to enable RADIUS
    Accounting which was previously on by default. This is now disabled
    by default as RADIUS accounting data will be sent for every tunnel,
    not only mobile clients, and if the accounting data fails to reach
    the RADIUS server, tunnels may be disconnected.

Additional developer & advanced user notes:

  • For those who may have scripts which touched files in /var/etc/ipsec,
    note that the structure of this directory has changed to the new
    swanctl layout.
  • Any usage of /usr/local/sbin/ipsec or stroke must also be changed to
    /usr/local/sbin/swanctl and VICI. Note that some commands have no
    direct equivalents, but the same or better information is available
    in other ways.
  • IPsec start/stop/reload functions now use /usr/local/sbin/strongswanrc
  • IPsec-related functions were converged into ipsec.inc, removed from
    vpn.inc, and renamed from vpn_ipsec_<name> to ipsec_<name>

Revision 7ba6c13b (diff)
Added by Jim Pingle about 1 hour ago

status_ipsec.php improvements

  • Fixes Child SA button JS hide. Fixes #8847
  • Adds Child SA count to JS button
  • Fixes alignment of 'Connect' button for pending P1s
  • Adds "Connect Children" button when P1 is up but P2s are not
  • Adds space after comma in P1 source so that IPv4+IPv6 P1s do not break
    word wrap

History

#1 Updated by Steve Beaver over 1 year ago

  • Target version changed from 2.4.4 to Future

#2 Updated by Jim Pingle 4 months ago

  • Subject changed from IPsec status to IPsec status "Show Child SA entries" button only expands and never collapses
  • Category set to IPsec
  • Priority changed from Normal to Very Low

The "Show Child SA entries" button only expands and never collapses. That is surely something we can fix eventually, though it's just cosmetic, refresh the page and it's collapsed again.

The duplicate info is normal, we show what strongSwan shows. If it's in the GUI, it's what's in strongSwan, so that's what it has. Might be a rekey or it may have been negotiated in both directions, for example.

#3 Updated by Jim Pingle about 3 hours ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
  • Target version changed from Future to 2.5.0
  • Affected Version set to All
  • Affected Architecture changed from amd64 to All

I've fixed this as a part of a larger set of changes about to be committed.

#4 Updated by Jim Pingle about 2 hours ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

#5 Updated by Jim Pingle about 1 hour ago

  • Target version changed from 2.5.0 to 2.4.5

I backported the status_ipsec.php changes that fixed this to 2.4.5 as well, see 7ba6c13bc6

Also available in: Atom PDF