Bug 11593

Summary: WebUI: creating IPsec host certificate with SubjectAltName results in HTTP error 504
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Assigned to nobody - feel free to grab it and work on it <nobody>
Status: CLOSED ERRATA QA Contact:
Severity: Major Usability    
Priority: Will affect an average number of users CC: tomvend
Version: 2   
Hardware: all   
OS: All   
See Also: https://bugzilla.ipfire.org/show_bug.cgi?id=11594

Description Peter Müller 2018-01-14 13:34:56 UTC 
Creating a remote host certificate for an IPsec roadwarrior connection with a SubjectAltName (this is required by some OpenBSD programs), the CGI seems to be running in an infinite loop.

After a minute or two, it returns the error message: "Error 504 Gateway Timed Out" However, vpnmain.cgi can be accessed afterwards again (and the certificate has been created).

Seen this issue on Core Update 117 (64 bit).
Comment 1 Tom Rymes 2018-02-01 13:57:06 UTC 
Peter: What steps are you taking to produce this issue? It sounds like you are choosing the option "Create a Certificate" at tunnel creation time, but I want to make sure.
Comment 2 Peter Müller 2018-02-06 19:22:13 UTC 
(In reply to Tom Rymes from comment #1)
> Peter: What steps are you taking to produce this issue? It sounds like you
> are choosing the option "Create a Certificate" at tunnel creation time, but
> I want to make sure.
Yes, I set up the client certificate right before that.

However, the delay was because the remote side could not bring up the VPN properly (OpenBSD - I mentioned that on the mailing list). However, strongswan did not do that in background, finally hitting the Apache CGI timeout.

In my opinion, this is not very elegant behaviour, but nevertheless we can close this issue since it is not related to SubjectAltName.