Bug #8847

IPsec status "Show Child SA entries" button only expands and never collapses

Added by Marcio Gomes about 2 years ago. Updated 10 months ago.

Very Low
Target version:
Start date:
Due date:
% Done:


Estimated time:
Affected Version:
Affected Architecture:


I am using version 2.4.4, I noticed that in ipsec status when clicking (+) Show child SA entries is shown the details ..
Only when clicking back nothing happens.

I also noticed that there is duplicate information .. and in Reuath in the tunnel IPSEC A is not shown

seconds (-)

ipsec_status.png (77.3 KB) ipsec_status.png Marcio Gomes, 08/28/2018 05:45 PM

Associated revisions

Revision c6220dcf (diff)
Added by Jim Pingle 10 months ago

IPsec swanctl conversion. Implements #9603

  • Converted IPsec configuration code from ipsec.conf ipsec/stroke style
    to swanctl.conf swanctl/vici style. Issue #9603
  • Split up much of the single large IPsec configuration function into
    multiple functions as appropriate.
  • Optimized code along the way, including reducing code duplication and
    finding ways to generalize functions to support future expansion.
  • For IKEv1 and IKEv2 with Split Connections enabled, P2 settings are
    properly respected for each individual P2, such as separate
    encryption algorithms. This method also fixes #6263
  • Corrected some cosmetic issues on status_ipsec.php, including changes
    that fix #8847
  • Added a "Conect Children" button to status_ipsec.php to bring up
    child SAs when a P1 is connected but P2s disconnected.
  • New GUI option under VPN > IPsec, Mobile Clients tab to enable RADIUS
    Accounting which was previously on by default. This is now disabled
    by default as RADIUS accounting data will be sent for every tunnel,
    not only mobile clients, and if the accounting data fails to reach
    the RADIUS server, tunnels may be disconnected.

Additional developer & advanced user notes:

  • For those who may have scripts which touched files in /var/etc/ipsec,
    note that the structure of this directory has changed to the new
    swanctl layout.
  • Any usage of /usr/local/sbin/ipsec or stroke must also be changed to
    /usr/local/sbin/swanctl and VICI. Note that some commands have no
    direct equivalents, but the same or better information is available
    in other ways.
  • IPsec start/stop/reload functions now use /usr/local/sbin/strongswanrc
  • IPsec-related functions were converged into, removed from, and renamed from vpn_ipsec_<name> to ipsec_<name>

Revision 7ba6c13b (diff)
Added by Jim Pingle 10 months ago

status_ipsec.php improvements

  • Fixes Child SA button JS hide. Fixes #8847
  • Adds Child SA count to JS button
  • Fixes alignment of 'Connect' button for pending P1s
  • Adds "Connect Children" button when P1 is up but P2s are not
  • Adds space after comma in P1 source so that IPv4+IPv6 P1s do not break
    word wrap


#1 Updated by Steve Beaver about 2 years ago

  • Target version changed from 2.4.4 to Future

#2 Updated by Jim Pingle about 1 year ago

  • Subject changed from IPsec status to IPsec status "Show Child SA entries" button only expands and never collapses
  • Category set to IPsec
  • Priority changed from Normal to Very Low

The "Show Child SA entries" button only expands and never collapses. That is surely something we can fix eventually, though it's just cosmetic, refresh the page and it's collapsed again.

The duplicate info is normal, we show what strongSwan shows. If it's in the GUI, it's what's in strongSwan, so that's what it has. Might be a rekey or it may have been negotiated in both directions, for example.

#3 Updated by Jim Pingle 10 months ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
  • Target version changed from Future to 2.5.0
  • Affected Version set to All
  • Affected Architecture All added
  • Affected Architecture deleted (amd64)

I've fixed this as a part of a larger set of changes about to be committed.

#4 Updated by Jim Pingle 10 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

#5 Updated by Jim Pingle 10 months ago

  • Target version changed from 2.5.0 to 2.4.5

I backported the status_ipsec.php changes that fixed this to 2.4.5 as well, see 7ba6c13bc6

#6 Updated by Jim Pingle 10 months ago

  • Status changed from Feedback to Resolved

When clicked, the button disappears and the child list is expanded, which is the intended behavior.

Also available in: Atom PDF