Summary: | suricata causes that on-demand IPsec VPNs no longer trigger | ||
---|---|---|---|
Product: | IPFire | Reporter: | Michael Tremer <michael.tremer> |
Component: | --- | Assignee: | Stefan Schantl <stefan.schantl> |
Status: | CLOSED FIXED | QA Contact: | |
Severity: | Major Usability | ||
Priority: | Will affect an average number of users | CC: | arne.fitzenreiter |
Version: | 2 | ||
Hardware: | unspecified | ||
OS: | Unspecified | ||
Bug Depends on: | |||
Bug Blocks: | 11801 |
Description
Michael Tremer
2019-02-27 15:12:48 UTC
Update from today: When suricata is started, new connections through the IPsec tunnels won't function. Restarting a single tunnel does not work, the whole IPsec stack has to be restarted with "ipsec restart". The IPsec connection however is triggered and coming up. All packets leave the RED interface (which is dangerous and should absolutely not happen - we even have a firewall chain against this which does not match any more). It does not look like it is the marking, but I am not sure about that. Thanks for the patch - merged. |