Project

General

Profile

Issue #959

Invalid call to ipsec _updown after session rekey when there is a rekey collision

Added by Al Lewis over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.1.3
Resolution:

Description

We have two servers running a VPN session with strongSwan version: U5.1.3/K2.6.32-431.20.5.el6.x86_64 on Centos 6.5. The session between the two stations runs for a number of days before it stops forwarding. What we discovered was that the ip tables forwarding rules were removed after a successful rekey function. It turns out that this rekey function went through a rekey collision handling, which seems to have all worked, except that it also called the IPsec _updown function with a command of "down-client", which removed the forwarding rules. I have attached IPsec.conf file and syslog which shows the call to _updown function. (We are using the standard _updown script, with a handler to capture and log calls in syslog).

ipsec.txt (945 Bytes) ipsec.txt ipsec config file Al Lewis, 18.05.2015 00:24
syslog.txt (11 KB) syslog.txt Syslog file Al Lewis, 18.05.2015 00:24

Related issues

Is duplicate of Bug #853: Issue with rekeying and updown scriptClosed20.02.2015

History

#1 Updated by Martin Willi over 7 years ago

  • Is duplicate of Bug #853: Issue with rekeying and updown script added

#2 Updated by Tobias Brunner over 6 years ago

  • Status changed from New to Closed

Also available in: Atom PDF