Bug #1449
False Success Message by `ipsec up` When There Are e.g. Certificate Errors During Initiation
Description
When there are certificate issues from the Endpoint strong issues a line like:
sending DELETE for IKE_SA scdaol[1]
Which kills the connection. It completes and then it says:
connection '<VPN>' established successfully
I've attached the full output from an example of this.
Ideally it shouldn't report that it successfully connected
when it didn't.
I've tested this on 5.3.5 (the ubuntu 16.04 default version)
we've seen it on 5.1.2 versions do so I don't think.
History
#1 Updated by Tobias Brunner over 9 years ago
- Category set to libcharon
- Status changed from New to Feedback
- Target version set to 5.5.0
Looks like the code in controller_t recognizes the state change from IKE_DELETING to IKE_DESTROYING as proper termination and therefore a success, which is obviously wrong when initiating an SA.
I pushed a possible fix to the 1449-controller-terminate branch.
#2 Updated by Christopher Halbersma over 9 years ago
Tobias Brunner wrote:
Looks like the code in
controller_trecognizes the state change fromIKE_DELETINGtoIKE_DESTROYINGas proper termination and therefore a success, which is obviously wrong when initiating an SA.I pushed a possible fix to the 1449-controller-terminate branch.
Thanks Tobias. Do you know who I'd talk to at Ubuntu to get this patch in the packages there?
#3 Updated by Tobias Brunner over 9 years ago
Do you know who I'd talk to at Ubuntu to get this patch in the packages there?
Try opening a bug report on Launchpad or upstream for the Debian package.
#4 Updated by Tobias Brunner over 9 years ago
- Status changed from Feedback to Closed
- Assignee set to Tobias Brunner
- Resolution set to Fixed
#5 Updated by Tobias Brunner about 9 years ago
- Subject changed from False Success Message When there are Certificate Errors to False Success Message by `ipsec up` When There Are e.g. Certificate Errors During Initiation