[Swan-dev] libreswan-git/klips doesn't remove old ip addresses from ipsec device
Wolfgang Nothdurft
wolfgang at linogate.de
Wed May 7 17:33:40 EEST 2014
If the ip address of a dynamic base device changes the old ip address
will not removed even after an ipsec restart.
The problem was introduced with the
commit eafef8377e6aa5be0001d4b61c48cbee3e8097c4
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 28 19:05:56 2014 -0400
_stackmanager: optimize unloading stacks
https://lists.libreswan.org/pipermail/swan-commit/2014-March/001055.html
With this change the ipsec modules won't be unloaded on stop.
Should it be part of the network scripts to care about an ip address
change and removing it from the ipsec device?
What is the recommend procedure that the network scripts have to do when
the ip address changed?
I think one simple solution were to flush the ip from ipsec after
clearing the eroutes or replacing the ip instead of adding id in the
startklips function.
Wolfgang
More information about the Swan-dev
mailing list