Hello Michael,
your commands work without any problems - IPSec will be stopped an started as I already have written.
After some work I found the problem in the vpnmain.cgi. In the shipped file of your update, there is the line missing which stores the information if the service is enabled or not. After I've manually added it again, I was able to stop and disable IPSec from the WUI.
I've created a patchfile for you - please check and apply it.
Thanks
Stefan
Please try to manually stop strongswan with the helper tool:
ipsecctrl D
Try to start it again with:
ipsecctrl S
On Mon, 2012-08-06 at 21:48 +0200, Stefan Schantl wrote:
Hello Michael,
I've tested to stop IPSec from shell which worked without problems. But if I try to disable and stop it from the WUI, by unsing the checkbox the service does a restart and no shutdown.
I've looked inside the error_log from the httpd, and found the following lines:
[Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec enabled on orange but orange interface is invalid or not found, referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec enabled on blue but blue interface is invalid or not found, referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] Stopping strongSwan IPsec..., referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] Starting strongSwan 5.0.0 IPsec [starter]..., referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] , referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi
Why are there entries about an orange and blue network, I don't have one of them......
Do you have any idea about that ?
Stefan
On Mon, 2012-08-06 at 17:21 +0200, Stefan Schantl wrote:
The only bad point, I've to report is, that after the update I can't disable IPSec over the WUI anymore - may other testers will report the same issue.
What is the exact problem? Did you get an internal server error from the CGI script? Need a more precise error report.
Michael
SIG-VPN mailing list SIG-VPN@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/sig-vpn