Bug 123747 - setkey spddelete directive no longer works so ifdown-ipsec doesn't work
Summary: setkey spddelete directive no longer works so ifdown-ipsec doesn't work
Status: CLOSED DUPLICATE of bug 120773
Alias: None
Product: Fedora
Classification: Fedora
Component: ipsec-tools   
(Show other bugs)
Version: 2
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-05-20 13:15 UTC by Christopher Johnson
Modified: 2014-03-17 02:45 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 19:03:22 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Christopher Johnson 2004-05-20 13:15:20 UTC
Description of problem:
Given an interface ipsec0 which works fine, 'ifdown ipsec0' fails to
remove the SPD entries for it and 'setkey -FP' is necessary to stop it.

Version-Release number of selected component (if applicable):
ipsec-tools-0.2.5-2
kernel-2.6.5-1.358

How reproducible:
Every time.

Steps to Reproduce:
1. Define an ipsec interface.
2. ifup the interface 
3. Observe that IPSEC communication works (with correct remote config)
4. ifdown the interface (produces error messages - see Actual results)
  
Actual results:
The result of line 1: No entry.
The result of line 2: No entry.


Expected results:
'setkey -DP' still shows configured in/out entries for interface

Additional info:
'setkey -FP' clears them, and unencrypted communication works again.
ifdown use of setkey worked as expected with kernel-2.6.3-2.1.240 and
ipsec-tools-0.2.2-8 on FC1.

Comment 1 Bill Nottingham 2004-05-25 16:14:35 UTC

*** This bug has been marked as a duplicate of 120773 ***

Comment 2 Red Hat Bugzilla 2006-02-21 19:03:22 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.


Note You need to log in before you can comment on or make changes to this bug.