UPDATE: This is a known bug 13029 – IPSec definition distorted by entered secret
I was trying to update an existing IPSec PSK connection with a new PSK, and when I did so, things got really weird, really fast. The connection didn’t work, DNS stopped working, and there was a comment “on” for the connection that I had not entered and the tunnel type was also “on” instead of “ikev2”. I tried deleting and re-adding the connection, and the DPD timeout setting had “ikev2” in the advanced settings page, which is clearly wrong, too.
Checking the entry in /etc/ipsec.secrets shows that the PSK is being written weirdly to the file.
The PSK is: _2hwU;y19H,14y-7!^ (don’t worry, I won’t be re-using this)
Instead of being properly written to ipsec.secrets like this:
xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy : PSK '_2hwU;y19H,14y-7!^'
(where the xxx and yyy numbers represent the local and remote ids, I think. They are IP Addresses)
it is instead written to the file as:
14y-7!^ 10.87.14.0/23 : PSK '_2hwU;y19H'
where “10.87.14.0/23” is the local subnet. You can see that the PSK is split on the line with the last part at the beginning, and the comma is gone.
The connection details in /etc/ipsec.conf are also written incorrectly.
Then, when you go in to edit the connection, the data is stored in the wrong fields. Local ID is in the local subnet field, etc.
I’m guessing that the comma is causing data to be written to the various files in the wrong places. I’m headed to the bug tracker to open a bug, but thought I would post here for visibility, or in case anyone sees something silly I have done wrong.
Tom