No announcement yet.

IPSec Selectors Remain in Policy After Removing Tunnel

  • Filter
  • Time
  • Show
Clear All
new posts

  • IPSec Selectors Remain in Policy After Removing Tunnel

    Has anyone run into an issue where stale selectors remain in the IPSec Policy tab even after deleting the tunnels associated to them? The problem I have is that the app is still trying to establish a tunnel using those old selectors when I look at the log. Re-building the tunnel using the GUI or import just creates new selectors under IPSec Policy.

    Disabling IPSec and uninstalling the app has no effect. Wonder if I need to scrub a config file of those, where ever that file might be. I'm on 16.5.2.

  • #2
    In case this helps anyone, I ended up doing a ton of digging into how strongswan functions and the different modules it uses, and found out that I could flush out the stale policies by SSHing into my Untangle device and running the following command:
    ip xfrm policy flush

    That command flushed out all of the policies immediately, leaving the default ones. No uninstall of the IPSec app was needed, but I also didn't have any tunnel configured at the time. If you do run this, I would advise to first export or remove any configured tunnels just in case this breaks those, and rebuild or import your config after.