Last Modified: Mar 26, 2023
See more info
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 18.104.22.168, 22.214.171.124, 16.1.3, 126.96.36.199, 188.8.131.52, 184.108.40.206
Opened: Jul 21, 2022
TMM may core when a "tunnel tunnels" object related to an IPsec interface is reconfigured. For example, a command that changes the IP address of the object may lead to a core: # tmsh modify net tunnels tunnel my-ipsec-tunnel remote-address 220.127.116.11
Traffic disrupted while tmm restarts.
-- IPsec IKEv1 or IKEv2. -- Tunnel is in "interface" mode. -- Tunnel object is reconfigured while the tunnel is up.
Ensure the tunnel is down before reconfiguring it. -- Set the IKE-Peer config state to disabled. -- Delete an established IKE SA and IPsec SA related to that peer. For example: # tmsh modify net ipsec ike-peer <Name> state disabled # tmsh delete net ipsec ike-sa peer-ip <IP> # tmsh delete net ipsec ipsec-sa dst-addr <IP> "Name" is the specific name given to the ike-peer config object. "IP" is the address configured to use for the remote peer. Then make the desired changes and enable the IKE-Peer. # tmsh modify net ipsec ike-peer <name> state enabled