Bug 10868 - Missing esp settings in ipsec.conf after changes in WebGUI since Update Core 90
Summary: Missing esp settings in ipsec.conf after changes in WebGUI since Update Core 90
Status: CLOSED DUPLICATE of bug 10860
Alias: None
Product: IPFire
Classification: Unclassified
Component: strongswan (show other bugs)
Version: 3
Hardware: unspecified Unspecified
: - Unknown - - Unknown -
Assignee: Assigned to nobody - feel free to grab it and work on it
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-02 14:38 UTC by Joerg Callsen
Modified: 2015-06-02 14:46 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joerg Callsen 2015-06-02 14:38:25 UTC 
After updating to Core 90 all IPsec tunnels were down. No changes were made before the update to Core 90.
I figured out that the esp-line in the conn section is no longer properly updated when the WebGUI writes any changes back to ipsec.conf.

Correct entries (example):
ike=aes256-sha2_256-modp4096!
esp=aes256-sha2_256-modp4096!

After Core 90 update or any changes after the update with the WebGUI:
ike=aes256-sha2_256-modp4096!
esp=aes256-sha2_256!

Workaround: I edited the ipsec.conf manually and the tunnels came up again.
This is reproducible.

I wrote about this in the german forum: 
http://forum.ipfire.org/viewtopic.php?f=16&t=13696

If you need any more info => jca@tc-unix.de

Best regards,
Joerg
Comment 1 Joerg Callsen 2015-06-02 14:40:47 UTC 
Another user find out that maybe this commit is responsible for this bug:

https://github.com/ipfire/ipfire-2.x/commit/5f0a2ba1048850620c0aa44e80e0a58ff36039c3#diff-7fb299d132926bdf6e538e79c633f6bb
Comment 2 Joerg Callsen 2015-06-02 14:46:31 UTC 
same as bug 10860

*** This bug has been marked as a duplicate of bug 10860 ***