Red Hat Bugzilla – Bug 123747
setkey spddelete directive no longer works so ifdown-ipsec doesn't work
Last modified: 2014-03-16 22:45:19 EDT
Description of problem:
Given an interface ipsec0 which works fine, 'ifdown ipsec0' fails to
remove the SPD entries for it and 'setkey -FP' is necessary to stop it.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Define an ipsec interface.
2. ifup the interface
3. Observe that IPSEC communication works (with correct remote config)
4. ifdown the interface (produces error messages - see Actual results)
The result of line 1: No entry.
The result of line 2: No entry.
'setkey -DP' still shows configured in/out entries for interface
'setkey -FP' clears them, and unencrypted communication works again.
ifdown use of setkey worked as expected with kernel-2.6.3-2.1.240 and
ipsec-tools-0.2.2-8 on FC1.
*** This bug has been marked as a duplicate of 120773 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.