Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-24802

libreswan did not remove xfrm policy on disconnected connection

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • None
    • libreswan
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Upon remote end removing a connected ipsec tunnel, local node has leftover
      ipsec policy.

      Please provide the package NVR for which bug is seen:

      libreswan-4.12-1.el9.x86_64

      How reproducible:

      100%

      Steps to reproduce

      1. Set up a pair of ipsec tunnel
      2. use `ip x policy` to confirm the xfrm policy been created correctly
      3. On remote end, use `ipsec auto --down` and `ipsec auto --delete` to terminate the connection, run `ip xfrm policy` on local node.

      Expected results

      Xfrm policy been purge upon the disconnection of ipsec tunnel.

      Actual results

      Xfrm policy still exist preventing network flow been restored to unencrypted mode:

              dueno@redhat.com Daiki Ueno
              fge@redhat.com Gris Ge
              Daiki Ueno Daiki Ueno
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: