Bug #12298
Updated by Jim Pingle over 2 years ago
Connecting or disconnecting disconnection IPsec P1/P2 entries from the status page, widget, or keep alive uses a command such as @swanctl --initiate@ or @swanctl --terminate@. These commands will hold open a VICI socket waiting on the attempt to finish negotiation before the command exits. This could keep open the socket longer than expected, and may cause other actions to fail. Initiation should use a timeout, such as @--timeout 5@ which gives it a reasonable chance to succeed without waiting too long. Note that this doesn't stop strongSwan from connecting after that given time period, it only affects how long the @swanctl@ client waits for the process to complete. Termination should use @--force@ which will not wait for the action to complete before exiting.