Bug 123747 - setkey spddelete directive no longer works so ifdown-ipsec doesn't work
setkey spddelete directive no longer works so ifdown-ipsec doesn't work
Status: CLOSED DUPLICATE of bug 120773
Product: Fedora
Classification: Fedora
Component: ipsec-tools (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-20 09:15 EDT by Christopher Johnson
Modified: 2014-03-16 22:45 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 14:03:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christopher Johnson 2004-05-20 09:15:20 EDT
Description of problem:
Given an interface ipsec0 which works fine, 'ifdown ipsec0' fails to
remove the SPD entries for it and 'setkey -FP' is necessary to stop it.

Version-Release number of selected component (if applicable):
ipsec-tools-0.2.5-2
kernel-2.6.5-1.358

How reproducible:
Every time.

Steps to Reproduce:
1. Define an ipsec interface.
2. ifup the interface 
3. Observe that IPSEC communication works (with correct remote config)
4. ifdown the interface (produces error messages - see Actual results)
  
Actual results:
The result of line 1: No entry.
The result of line 2: No entry.


Expected results:
'setkey -DP' still shows configured in/out entries for interface

Additional info:
'setkey -FP' clears them, and unencrypted communication works again.
ifdown use of setkey worked as expected with kernel-2.6.3-2.1.240 and
ipsec-tools-0.2.2-8 on FC1.
Comment 1 Bill Nottingham 2004-05-25 12:14:35 EDT

*** This bug has been marked as a duplicate of 120773 ***
Comment 2 Red Hat Bugzilla 2006-02-21 14:03:22 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.