Bug 444743
Summary: | ipsec auto --replace brings down the tunnel | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Jakub Hrozek <jhrozek> |
Component: | openswan | Assignee: | Steve Grubb <sgrubb> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 5.2 | CC: | mkoci, pwouters, tis |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-09-19 14:29:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jakub Hrozek
2008-04-30 13:42:28 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Warning is wrong, ignore it. ipsec auto --replace will always take tunnel down. --replace is synonym for ipsec auto --delete conn ipsec auto --add conn If you want tunnel back up you should use: ipsec auto --replace conn && ipsec auto --up conn replacing/deleting has two parts. The kernel policies (phase 2 / ipsec SA) and the userland policies (phase 1 / ISAKMP). The scripts do both, but the warnings you see are about the kernel component. Furthermore, openswan-2.6.14 (and its "rc" pre-releases) do have those operations implemented for netkey, and they now give 'warnings' about being experimental. (this is all code in programs/pluto/kernel_netlink.c, related to the kernel_ops functions) also, in openswan-2.5.x and up, the "--add" operation is equivalent to "--replace", as it always does a "--delete" plus "--add". Does this problem still exist in 2.6.14 and current kernel? See previous comments. This is expected behaviour. ok, closing as not a bug. Thanks for the info. |