Maniphest T1780

Adding ipsec ike closeaction
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	Dmitry
	Oct 31 2019, 7:30 AM

Tags

Referenced Files

None

Subscribers

Active contributors

Description

If we have remote peers behind NAT, they never reconnect when received action for close a CHILD_SA.
It happens if we configure HQ and before restart strongswan generates action for close CHILD_SA.

From strongswan docs

closeaction = none | clear | hold | restart

defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see dpdaction for
meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids checking,
as these events might trigger the defined action when not desired. Prior to 5.1.0, closeaction was
not supported for IKEv1 connections.

Proposed syntax:

[email protected]# set vpn ipsec ike-group TAG close-action 
Possible completions:
   none         Set action to none (default)
   hold         Set action to hold
   clear        Set action to clear
   restart      Set action to restart

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)

Event Timeline

Dmitry claimed this task.Oct 31 2019, 7:30 AM

Dmitry created this task.

PR #26 https://github.com/vyos/vyatta-cfg-vpn/pull/26

syncer changed the task status from Open to Backport candidate.Nov 2 2019, 5:28 PM

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux.

syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.

pasik added a subscriber: pasik.Nov 4 2019, 9:51 AM

dmbaturin moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.4) board.Nov 5 2019, 12:23 PM

syncer closed this task as Resolved.Nov 17 2019, 12:03 AM

syncer reopened this task as Backport pending.Jan 20 2020, 11:47 AM

syncer reassigned this task from Dmitry to jestabro.

syncer triaged this task as Normal priority.

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.5); removed VyOS 1.2 Crux (VyOS 1.2.4).

syncer moved this task from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.5) board.

jestabro moved this task from Backlog to Finished on the VyOS 1.2 Crux (VyOS 1.2.5) board.Jan 29 2020, 6:54 PM

jestabro closed this task as Resolved.Jan 29 2020, 8:53 PM

dmbaturin removed a project: VyOS 1.3 Equuleus.Sep 10 2021, 2:36 PM