Project

General

Profile

Actions

Bug #9839

closed

How to clean disable IPsec VTI Tunnel

Added by Thomas Spalinger about 5 years ago. Updated about 5 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
10/21/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4-p3
Affected Architecture:
amd64

Description

I found the exact same question in issue #8691, but with a different purpose.

I have setup some VTI Site to Site tunnels. Each "tunnel" interface has it's rules in IPsec and it's gateway is used in static routes.
But now, I cant find a clean way to just disable such a tunnel. In the GUI trying to disable either phase 1 or 2 fails due the assigned interface.
But I want to keep the interface due it's used in the configuration anywhere.
As a workaround, I just disabled the interface, which has kind of the effect, that no traffic is routed. But the tunnel keeps open.
Nasty side effect with this workaround is, that you cant use the interface in the configuration (i.e. rules). Existing rules don't get lost, but you cant use it to edit or create rules.

Shouldn't it be somehow possible to shutdown the tunnel, for whatever reason, in a clean way without having to drop all configurations or make it impossible to change any related configuration?

Actions #1

Updated by Jim Pingle about 5 years ago

  • Status changed from New to Not a Bug

That is a support question, and this site is not for support or diagnostic discussion.

For assistance in solving problems, please post on the Netgate Forum or the pfSense Subreddit .

See Reporting Issues with pfSense Software for more information.

Actions #2

Updated by Thomas Spalinger about 5 years ago

I would agree, and sorry to make the title look like a question.
But the description states, that this is more like a missing feature or bug.

Actions

Also available in: Atom PDF