Project

General

Profile

Actions

Regression #11537

closed

IPsec VTI tunnel between IPv6 peers may not configure correctly

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Viktor Gurov
Category:
IPsec
Target version:
Start date:
02/25/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

The error in https://forum.netgate.com/post/965928 implies that an IPsec tunnel using VTI between two IPv6 peers may not be properly configuring the interface.

rc.bootup: The command '/sbin/ifconfig 'ipsec3000' inet tunnel '' '2001:xxx:xxxx:xxx::1' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: Name does not resolve' 

Somehow ipsec_get_phase1_src($ph1ent) is returning an empty result so $left_spec is empty in source:src/etc/inc/interfaces.inc#L1640 leading it to wrongly guess the address family and omit the local address for the interface.

Actions #1

Updated by Viktor Gurov over 3 years ago

same issue with IPv4 VTI:

Feb 26 16:25:59 pf41 php[390]: rc.bootup: The command '/sbin/ifconfig 'ipsec4000' inet tunnel '' '192.168.88.51' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: Name does not resolve'

it tries to setup VTI interfaces before parent interfaces

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/157

Actions #2

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Pull Request Review
Actions #3

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions #5

Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Pull Request Review
Actions #6

Updated by Jim Pingle over 3 years ago

  • Target version changed from CE-Next to 2.5.1
Actions #7

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Waiting on Merge

PR has been merged. Thanks!

Actions #8

Updated by Renato Botelho over 3 years ago

  • Status changed from Waiting on Merge to Feedback
Actions #9

Updated by Renato Botelho over 3 years ago

Cherry-picked to RELENG_2_5_1

Actions #10

Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF