SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
|Anonymous | Login||2021-05-11 04:14 UTC|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000438||Endian Firewall||Network related (VPN, uplinks)||public||2008-01-09 22:55||2008-02-02 07:28|
|Target Version||2.2-beta3||Fixed in Version||2.2-beta3|
|Summary||0000438: IPsec VPNs closed after reboot|
|Description||After rebooting Endian, all the net-to-net VPNs show status as "Closed". Clicking on "Save" in Global Settings starts most of them, but usually a few will require a restart.|
|Additional Information||Problem experienced on two different sites. Logs attached.|
|Tags||No tags attached.|
|Attached Files||vpn-logs.txt [^] (1,943 bytes) 2008-01-09 22:55 [Show Content]|
this happens only directly after reboot, correct?
Because the error message tells me that the uplink is not yet up correctly, so ipsec is not able to find the default gateway.
After the uplink is up, does *this* ipsec connection work when you start it manually?
|Correct. On both sites, all VPN connections show status as closed after reboot and will remain that way until I restart them. Clicking on save or just restarting one of them is enough to bring most, if not all of them up. Once they are open they seem to be as reliable as previous versions.|
so this is a timing problem
ipsec needs to wait a little bit longer on boot until the uplink is really up.
will fix it.
|I should add that both sites use fairly fast PCs (one is a P4 2.3GHz, the other is Core 2 Duo) in case that has any bearing on the timing issue.|
happens because /etc/uplinksdaemon/mainchanged will be triggered *before* /etc/uplinksdaemon/addrchanged
but the default gateway will be set in addrchanged and ipsec will be restarted during mainchanged, so ipsec starts without a default gateway set.
|2008-01-09 22:55||Sota||New Issue|
|2008-01-09 22:55||Sota||Status||new => assigned|
|2008-01-09 22:55||Sota||Assigned To||=> peter-endian|
|2008-01-09 22:55||Sota||File Added: vpn-logs.txt|
|2008-01-10 09:40||ra-endian||Priority||normal => immediate|
|2008-01-10 09:40||ra-endian||Severity||major => block|
|2008-01-10 11:07||peter-endian||Note Added: 0000761|
|2008-01-10 11:14||Sota||Note Added: 0000762|
|2008-01-10 11:51||peter-endian||Note Added: 0000767|
|2008-01-10 11:51||peter-endian||Status||assigned => confirmed|
|2008-01-10 11:57||Sota||Note Added: 0000769|
|2008-01-24 14:08||peter-endian||Target Version||=> 2.2-beta3|
|2008-01-24 16:22||peter-endian||Status||confirmed => resolved|
|2008-01-24 16:22||peter-endian||Fixed in Version||=> 2.2-beta3|
|2008-01-24 16:22||peter-endian||Resolution||open => fixed|
|2008-01-24 16:22||peter-endian||Note Added: 0000849|
|2008-02-02 07:28||raphael-endian||Status||resolved => closed|
|Copyright © 2000 - 2012 MantisBT Group|