SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000438: IPsec VPNs closed after reboot - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000438Endian FirewallNetwork related (VPN, uplinks)public2008-01-09 22:552008-02-02 07:28
ReporterSota 
Assigned Topeter-endian 
PriorityimmediateSeverityblockReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-beta2 
Target Version2.2-beta3Fixed in Version2.2-beta3 
Summary0000438: IPsec VPNs closed after reboot
DescriptionAfter rebooting Endian, all the net-to-net VPNs show status as "Closed". Clicking on "Save" in Global Settings starts most of them, but usually a few will require a restart.
Additional InformationProblem experienced on two different sites. Logs attached.
TagsNo tags attached.
Attached Filestxt file icon vpn-logs.txt [^] (1,943 bytes) 2008-01-09 22:55 [Show Content]

- Relationships

-  Notes
(0000761)
peter-endian (administrator)
2008-01-10 11:07

this happens only directly after reboot, correct?

Because the error message tells me that the uplink is not yet up correctly, so ipsec is not able to find the default gateway.

After the uplink is up, does *this* ipsec connection work when you start it manually?
(0000762)
Sota (reporter)
2008-01-10 11:14

Correct. On both sites, all VPN connections show status as closed after reboot and will remain that way until I restart them. Clicking on save or just restarting one of them is enough to bring most, if not all of them up. Once they are open they seem to be as reliable as previous versions.
(0000767)
peter-endian (administrator)
2008-01-10 11:51

ah, great
so this is a timing problem
ipsec needs to wait a little bit longer on boot until the uplink is really up.
will fix it.
(0000769)
Sota (reporter)
2008-01-10 11:57

I should add that both sites use fairly fast PCs (one is a P4 2.3GHz, the other is Core 2 Duo) in case that has any bearing on the timing issue.
(0000849)
peter-endian (administrator)
2008-01-24 16:22

happens because /etc/uplinksdaemon/mainchanged will be triggered *before* /etc/uplinksdaemon/addrchanged

but the default gateway will be set in addrchanged and ipsec will be restarted during mainchanged, so ipsec starts without a default gateway set.

- Issue History
Date Modified Username Field Change
2008-01-09 22:55 Sota New Issue
2008-01-09 22:55 Sota Status new => assigned
2008-01-09 22:55 Sota Assigned To => peter-endian
2008-01-09 22:55 Sota File Added: vpn-logs.txt
2008-01-10 09:40 ra-endian Priority normal => immediate
2008-01-10 09:40 ra-endian Severity major => block
2008-01-10 11:07 peter-endian Note Added: 0000761
2008-01-10 11:14 Sota Note Added: 0000762
2008-01-10 11:51 peter-endian Note Added: 0000767
2008-01-10 11:51 peter-endian Status assigned => confirmed
2008-01-10 11:57 Sota Note Added: 0000769
2008-01-24 14:08 peter-endian Target Version => 2.2-beta3
2008-01-24 16:22 peter-endian Status confirmed => resolved
2008-01-24 16:22 peter-endian Fixed in Version => 2.2-beta3
2008-01-24 16:22 peter-endian Resolution open => fixed
2008-01-24 16:22 peter-endian Note Added: 0000849
2008-02-02 07:28 raphael-endian Status resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker