Issue #3654: The L2tp/ipsec tunnel interface will not be delete when the connect abnormal interrupt. - strongSwan

Issue #3654

The L2tp/ipsec tunnel interface will not be delete when the connect abnormal interrupt.

Added by ray chao over 4 years ago. Updated over 4 years ago.

Status:

Feedback

Priority:

Normal

Assignee:

Category:

Affected version:

5.9.1

Resolution:

Description

When first establish L2tp/ipsec tunnel success,the interface and route rule is only one element,

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 WAN
*192.168.100.2   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0*
# ifconfig
WAN: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.10  netmask 255.255.255.0  broadcast 10.10.10.255
        ether 00:01:02:03:04:09  txqueuelen 1000  (Ethernet)
        RX packets 34451  bytes 4036396 (3.8 MiB)
        RX errors 0  dropped 6174  overruns 0  frame 0
        TX packets 10232  bytes 4600446 (4.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        ether 00:01:02:03:04:05  txqueuelen 2048  (Ethernet)
        RX packets 35382  bytes 4741305 (4.5 MiB)
        RX errors 0  dropped 19  overruns 0  frame 0
        TX packets 12944  bytes 4867751 (4.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 328430  bytes 26675993 (25.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 328430  bytes 26675993 (25.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

*ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400
        inet 192.168.100.254  netmask 255.255.255.255  destination 192.168.100.2
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 154  bytes 16930 (16.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7  bytes 496 (496.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0*

Then unplug the physical cable and wait about 2 minutes,the interface and route rule still exist,and reconnect l2tp/ipsec tunnel again,it wasn't delete old interface and rule ,but create the same one again,

# ifconfig
WAN: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.10  netmask 255.255.255.0  broadcast 10.10.10.255
        ether 00:01:02:03:04:09  txqueuelen 1000  (Ethernet)
        RX packets 34614  bytes 4054855 (3.8 MiB)
        RX errors 0  dropped 6205  overruns 0  frame 0
        TX packets 10252  bytes 4603130 (4.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        ether 00:01:02:03:04:05  txqueuelen 2048  (Ethernet)
        RX packets 35550  bytes 4763020 (4.5 MiB)
        RX errors 0  dropped 19  overruns 0  frame 0
        TX packets 12964  bytes 4870515 (4.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 328811  bytes 26707609 (25.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 328811  bytes 26707609 (25.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

*ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400
        inet 192.168.100.254  netmask 255.255.255.255  destination 192.168.100.2
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 154  bytes 16930 (16.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9  bytes 846 (846.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400
        inet 192.168.100.254  netmask 255.255.255.255  destination 192.168.100.2
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 34  bytes 4304 (4.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 58 (58.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0*

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 WAN
*192.168.100.2   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.100.2   0.0.0.0         255.255.255.255 UH    0      0        0 ppp1*

This will cause the packet to follow the first rule and will cause send out any packet fail.
Maybe the tunnel default keepalive not work?
Or i need to set any relative option?

By the way,openswan will be automatically cleared interface and route rule after about 18 seconds of unplug the physical cable.

1.JPG (106 KB) 1.JPG	first_connection	ray chao, 08.12.2020 12:06
2.JPG (132 KB) 2.JPG	reconnection_after_unplug	ray chao, 08.12.2020 12:06

History

#1 Updated by Tobias Brunner over 4 years ago

Status changed from New to Feedback

strongSwan has nothing to do with any L2TP interfaces or the daemon that created them. And please don't use route or ifconfig, use the ip command instead.

#2 Updated by ray chao over 4 years ago

I thought it was related to ipsec keepalive time,so the interface and route rule is l2tp to create and not to detect alive.

Project

General

Profile

strongSwan

Issues

Issue #3654

The L2tp/ipsec tunnel interface will not be delete when the connect abnormal interrupt.

History

#1 Updated by Tobias Brunner over 4 years ago

#2 Updated by ray chao over 4 years ago