hwdsl2
commented
2 years ago @KarimMn Hello! When did this problem start happening, and which Libreswan version is running on your VPN server? Check using ipsec --version. If your server runs Libreswan 4.6, it may have a bug (see [1] [2]) which fails to clean up the IKEv2 connection state when the VPN client disconnects.
If that is the case, try downgrading to Libreswan 4.5. To do so, run:
wget https://git.io/vpnupgrade -O vpnup.sh
# Now edit vpnup.sh and replace SWAN_VER=4.6 with SWAN_VER=4.5.
# Finally, run the script:
sudo sh vpnup.shNote that Libreswan 4.6 fixed CVE-2022-23094 [3], so keep running version 4.5 is not recommended after you finish testing.
On the other hand, if your server is NOT running Libreswan 4.6, it could be because your modem does not properly send a "disconnect" request when reconnecting. Unfortunately, I'm not aware of a good solution to fix that.
[1] https://github.com/libreswan/libreswan/issues/618 [2] https://github.com/libreswan/libreswan/issues/612 [3] https://libreswan.org/security/
KarimMn
Checklist
Describe the issue VPN does not kill previous session when reconnecting.
Hello,
I've been searching for an answer regarding this specific issue so any assistance is appreciated. My Ikev2 VPN server is working as expected on Ubuntu 20.04 and my modem is able to connect; port forwarding is working as expected.
When the modem reconnects for any reason, VPN server is reloading a new connection without killing the previous one so port forward stops working.
000 Total IPsec connections: loaded 6, active 1
This is an example where the modem connected 3 times and one connection is active however the only solution is to restart the ipsec service.
I tried to assign a static IP for my vpn client but it won't reconnect at all.
Any idea how to overcome this is appreciated.