Project

General

Profile

Regression #11537

IPsec VTI tunnel between IPv6 peers may not configure correctly

Added by Jim Pingle about 2 months ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
02/25/2021
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.5.0
Affected Architecture:
Release Notes:
Default

Description

The error in https://forum.netgate.com/post/965928 implies that an IPsec tunnel using VTI between two IPv6 peers may not be properly configuring the interface.

rc.bootup: The command '/sbin/ifconfig 'ipsec3000' inet tunnel '' '2001:xxx:xxxx:xxx::1' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: Name does not resolve' 

Somehow ipsec_get_phase1_src($ph1ent) is returning an empty result so $left_spec is empty in source:src/etc/inc/interfaces.inc#L1640 leading it to wrongly guess the address family and omit the local address for the interface.

Associated revisions

Revision cfff0f35 (diff)
Added by Viktor Gurov about 1 month ago

IPsec VTI interfaces bootup fix. Issue #11537

Revision 9b39f8de (diff)
Added by Viktor Gurov about 1 month ago

Move interfaces_ipsec_vti_configure() to the end of interfaces_configure(). Issue #11537

Revision a85a5809 (diff)
Added by Viktor Gurov about 1 month ago

IPsec VTI interfaces bootup fix. Issue #11537

(cherry picked from commit cfff0f351c74599d61286ce0161e570e587e5aac)

Revision 8c0d54f3 (diff)
Added by Viktor Gurov about 1 month ago

Move interfaces_ipsec_vti_configure() to the end of interfaces_configure(). Issue #11537

(cherry picked from commit 9b39f8de4b2e7b3d9732080356382dce80a461fa)

History

#1 Updated by Viktor Gurov about 2 months ago

same issue with IPv4 VTI:

Feb 26 16:25:59 pf41 php[390]: rc.bootup: The command '/sbin/ifconfig 'ipsec4000' inet tunnel '' '192.168.88.51' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: Name does not resolve'

it tries to setup VTI interfaces before parent interfaces

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/157

#2 Updated by Jim Pingle about 2 months ago

  • Status changed from New to Pull Request Review

#3 Updated by Renato Botelho about 1 month ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

#5 Updated by Jim Pingle about 1 month ago

  • Status changed from Feedback to Pull Request Review

#6 Updated by Jim Pingle about 1 month ago

  • Target version changed from CE-Next to 2.5.1

#7 Updated by Renato Botelho about 1 month ago

  • Status changed from Pull Request Review to Waiting on Merge

PR has been merged. Thanks!

#8 Updated by Renato Botelho about 1 month ago

  • Status changed from Waiting on Merge to Feedback

#9 Updated by Renato Botelho about 1 month ago

Cherry-picked to RELENG_2_5_1

Also available in: Atom PDF