Hide Forgot
Description of problem: Given an interface ipsec0 which works fine, 'ifdown ipsec0' fails to remove the SPD entries for it and 'setkey -FP' is necessary to stop it. Version-Release number of selected component (if applicable): ipsec-tools-0.2.5-2 kernel-2.6.5-1.358 How reproducible: Every time. Steps to Reproduce: 1. Define an ipsec interface. 2. ifup the interface 3. Observe that IPSEC communication works (with correct remote config) 4. ifdown the interface (produces error messages - see Actual results) Actual results: The result of line 1: No entry. The result of line 2: No entry. Expected results: 'setkey -DP' still shows configured in/out entries for interface Additional info: 'setkey -FP' clears them, and unencrypted communication works again. ifdown use of setkey worked as expected with kernel-2.6.3-2.1.240 and ipsec-tools-0.2.2-8 on FC1.
*** This bug has been marked as a duplicate of 120773 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.