Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-24802

libreswan did not remove xfrm policy on disconnected connection

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • None
    • libreswan
    • sst_security_crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Upon remote end removing a connected ipsec tunnel, local node has leftover
      ipsec policy.

      Please provide the package NVR for which bug is seen:

      libreswan-4.12-1.el9.x86_64

      How reproducible:

      100%

      Steps to reproduce

      1. Set up a pair of ipsec tunnel
      2. use `ip x policy` to confirm the xfrm policy been created correctly
      3. On remote end, use `ipsec auto --down` and `ipsec auto --delete` to terminate the connection, run `ip xfrm policy` on local node.

      Expected results

      Xfrm policy been purge upon the disconnection of ipsec tunnel.

      Actual results

      Xfrm policy still exist preventing network flow been restored to unencrypted mode:

            dueno@redhat.com Daiki Ueno
            fge@redhat.com Gris Ge
            Daiki Ueno Daiki Ueno
            SSG Security QE SSG Security QE
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: