| Age | Commit message (Collapse) | Author |
|---|
|
In case when between hosts exists two IPSec tunnels for VTI (for example, when both sides act as connection initiators), the older unused/replaced tunnel may switch VTI interface to the "down" state even if a newer IPSec connection is still in-use. Depending on other IPSec settings, this leads to a situation when VTI interfaces continuously flapping or stuck in a "down" state.
This fix is an adaptation of PR from @m-asama for the current code base. It adding new dependency from actual SA state of IPSec connection, and do not allow to switch down a VTI interface if at least one of child connections is active or try to change the state of a VTI interface to the same, as already active.
|
|
* make dhcp interface work for vti interfaces
* clean up code, loger timeout use python api
* change vti tunnel ip on new dhcp lease
* only change ip on up and do not get non dhcp ip
* fix error in function, include up-host and down-host
|
|
VTI connections
|
|
VTI interfaces can remain link down after IPSec SA expiry and renewal,
leaving the actual IPSec tunnel up and active but the route relating to
this VTI interface absent from the routing table; with the end result
of no traffic passing through it without manual intervention. Earlier
fixes for this issue in both bug #183 and bug #291 fixed one issue but
introduced another, this commit fixes both scenarios.
Bug #568 http://bugzilla.vyos.net/show_bug.cgi?id=568
|
|
Rename vti-up-down.sh to vti-up-down to be consistent with others.
|
