Bug #9049
closed
IPSec statuspage shows both connected and connecting tunnel
0%
Description
Since bugnumber 8117 has been served off as not a bug, and no further response is given I'd like to re-open this bug. It's version 2.4.4 now and the bug described in #8117 still exists. It's most annoying that there are two connections in the status page, one 'connecting' and one 'connected'. It's very hard to see which is correct. I do confirm that it has to do with tunnels that where initially set up as initiator, but due to connection issues where changed to responder only. Now once in a while the changed 'initiator' connection appears as 'connecting' in the status page, while the 'responder' is already connected. It also seems to be GUI related, as the CLI does not show these duplicate entries.
Files
| IPSec double connections.png (28.1 KB) IPSec double connections.png | Duplicate tunnel connections in IPSec Status Page |
Updated by Ges Ture over 5 years ago
Ges Ture wrote:
Since bugnumber 8117 has been served off as not a bug, and no further response is given I'd like to re-open this bug. It's version 2.4.4 now and the bug described in #8117 still exists. It's most annoying that there are two connections in the status page, one 'connecting' and one 'connected'. It's very hard to see which is correct. I do confirm that it has to do with tunnels that where initially set up as initiator, but due to connection issues where changed to responder only. Now once in a while the changed 'initiator' connection appears as 'connecting' in the status page, while the 'responder' is already connected. It also seems to be GUI related, as the CLI does not show these duplicate entries.
It seems to be related to the pfsense_ipsec_list_sa() function, as in line 87 of the status_ipsec.php a list of ipsec connections is queried. Every once in a while the old 'initiator' connections appear in this list and are shown in the view.
Updated by Jim Pingle over 4 years ago
- Status changed from New to Not a Bug
The GUI displays what strongSwan reports. If we suppress information in the suggested way, it would make diagnosing problems more difficult.