Project

General

Profile

Actions

Bug #9839

closed

How to clean disable IPsec VTI Tunnel

Added by Thomas Spalinger about 5 years ago. Updated about 5 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
10/21/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4-p3
Affected Architecture:
amd64

Description

I found the exact same question in issue #8691, but with a different purpose.

I have setup some VTI Site to Site tunnels. Each "tunnel" interface has it's rules in IPsec and it's gateway is used in static routes.
But now, I cant find a clean way to just disable such a tunnel. In the GUI trying to disable either phase 1 or 2 fails due the assigned interface.
But I want to keep the interface due it's used in the configuration anywhere.
As a workaround, I just disabled the interface, which has kind of the effect, that no traffic is routed. But the tunnel keeps open.
Nasty side effect with this workaround is, that you cant use the interface in the configuration (i.e. rules). Existing rules don't get lost, but you cant use it to edit or create rules.

Shouldn't it be somehow possible to shutdown the tunnel, for whatever reason, in a clean way without having to drop all configurations or make it impossible to change any related configuration?

Actions

Also available in: Atom PDF