Actions
Regression #11537
closed
IPsec VTI tunnel between IPv6 peers may not configure correctly
Start date:
02/25/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:
Description
The error in https://forum.netgate.com/post/965928 implies that an IPsec tunnel using VTI between two IPv6 peers may not be properly configuring the interface.
rc.bootup: The command '/sbin/ifconfig 'ipsec3000' inet tunnel '' '2001:xxx:xxxx:xxx::1' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: Name does not resolve'
Somehow ipsec_get_phase1_src($ph1ent) is returning an empty result so $left_spec is empty in source:src/etc/inc/interfaces.inc#L1640 leading it to wrongly guess the address family and omit the local address for the interface.
Updated by Viktor Gurov over 3 years ago
same issue with IPv4 VTI:
Feb 26 16:25:59 pf41 php[390]: rc.bootup: The command '/sbin/ifconfig 'ipsec4000' inet tunnel '' '192.168.88.51' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: Name does not resolve'
it tries to setup VTI interfaces before parent interfaces
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/157
Updated by Jim Pingle over 3 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho over 3 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Viktor Gurov
PR has been merged. Thanks!
Updated by Viktor Gurov over 3 years ago
Updated by Jim Pingle over 3 years ago
- Status changed from Feedback to Pull Request Review
Updated by Jim Pingle over 3 years ago
- Target version changed from CE-Next to 2.5.1
Updated by Renato Botelho over 3 years ago
- Status changed from Pull Request Review to Waiting on Merge
PR has been merged. Thanks!
Updated by Renato Botelho over 3 years ago
- Status changed from Waiting on Merge to Feedback
Actions