View Issue Details

IDProjectCategoryView StatusLast Update
0012546CentOS-7-OTHERpublic2018-09-18 10:00
Status newResolutionopen 
Product Version7.3.1611 
Target VersionFixed in Version 
Summary0012546: ipsec can't work with vlan's
DescriptionI have configured ipsec using this manual
But then I try to start it by #ifup ipsec0 I got an error:

+ exec /etc/sysconfig/network-scripts/ifup-ipsec ifcfg-ipsec0
Could not load file '/etc/sysconfig/network-scripts/ifcfg-ipsec0'
sysctl: cannot stat /proc/sys/net/ipv4/conf/eth0/300/send_redirects: No such file or directory
/etc/sysconfig/network-scripts/ifup-ipsec: line 301: killall: command not found

Then I tried to look for /proc/sys/net/ipv4/conf/eth0/300/
ls: cannot access /proc/sys/net/ipv4/conf/eth0/300/: No such file or directory

But /proc/sys/net/ipv4/conf/eth0 exists.

Then I noticed that there is /proc/sys/net/ipv4/conf/eth0.300 with send_redirects in it.

#ls /proc/sys/net/ipv4/conf/eth0.300
accept_local arp_announce bootp_relay forwarding promote_secondaries rp_filter src_valid_mark
accept_redirects arp_filter disable_policy log_martians proxy_arp secure_redirects tag
accept_source_route arp_ignore disable_xfrm mc_forwarding proxy_arp_pvlan send_redirects
arp_accept arp_notify force_igmp_version medium_id route_localnet shared_media

So ipsec needs /proc/sys/net/ipv4/conf/eth0/300/send_redirects and I have /proc/sys/net/ipv4/conf/eth0.300/send_redirects, but I can't create symlinks in /proc
Steps To ReproduceAfter several reboots I got the same.
TagsNo tags attached.




2018-09-18 10:00

reporter   ~0032749

These two issues still exist in 7.5.1804.

Subissue 1: ipsec-tools should depend on psmisc since the ifup-ipsec script uses killall.

Subissue 2: The dot in the interface is transformed to slash due to using dotted syntax in the argument to sysctl. This can be fixed by using slash-notation:
--- /etc/sysconfig/network-scripts/ifup-ipsec.shipped 2016-04-28 17:55:52.000000000 +0200
+++ /etc/sysconfig/network-scripts/ifup-ipsec 2018-09-17 17:37:19.006166583 +0200
@@ -95,7 +95,7 @@
   ROUTE="to $DSTNET via $SRCGW src $SRCGW"
   ip route add $ROUTE
   for dev in all $(query_route dev list $ROUTE); do
- sysctl -w net.ipv4.conf.$dev.send_redirects=0 > /dev/null
+ sysctl -w net/ipv4/conf/$dev/send_redirects=0 > /dev/null
   unset TUNNEL_MODE

Issue History

Date Modified Username Field Change
2016-12-28 15:45 alex_kazakov New Issue
2018-09-18 10:00 paurkedal Note Added: 0032749