Bug 10868

Summary: Missing esp settings in ipsec.conf after changes in WebGUI since Update Core 90
Product: IPFire Reporter: Joerg Callsen <jca>
Component: strongswanAssignee: Assigned to nobody - feel free to grab it and work on it <nobody>
Status: CLOSED DUPLICATE QA Contact:
Severity: - Unknown -    
Priority: - Unknown -    
Version: 3   
Hardware: unspecified   
OS: Unspecified   

Description Joerg Callsen 2015-06-02 14:38:25 UTC 
After updating to Core 90 all IPsec tunnels were down. No changes were made before the update to Core 90.
I figured out that the esp-line in the conn section is no longer properly updated when the WebGUI writes any changes back to ipsec.conf.

Correct entries (example):
ike=aes256-sha2_256-modp4096!
esp=aes256-sha2_256-modp4096!

After Core 90 update or any changes after the update with the WebGUI:
ike=aes256-sha2_256-modp4096!
esp=aes256-sha2_256!

Workaround: I edited the ipsec.conf manually and the tunnels came up again.
This is reproducible.

I wrote about this in the german forum: 
http://forum.ipfire.org/viewtopic.php?f=16&t=13696

If you need any more info => jca@tc-unix.de

Best regards,
Joerg
Comment 1 Joerg Callsen 2015-06-02 14:40:47 UTC 
Another user find out that maybe this commit is responsible for this bug:

https://github.com/ipfire/ipfire-2.x/commit/5f0a2ba1048850620c0aa44e80e0a58ff36039c3#diff-7fb299d132926bdf6e538e79c633f6bb
Comment 2 Joerg Callsen 2015-06-02 14:46:31 UTC 
same as bug 10860

*** This bug has been marked as a duplicate of bug 10860 ***