Actions
Regression #11537
closedIPsec VTI tunnel between IPv6 peers may not configure correctly
Start date:
02/25/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:
Description
The error in https://forum.netgate.com/post/965928 implies that an IPsec tunnel using VTI between two IPv6 peers may not be properly configuring the interface.
rc.bootup: The command '/sbin/ifconfig 'ipsec3000' inet tunnel '' '2001:xxx:xxxx:xxx::1' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: Name does not resolve'
Somehow ipsec_get_phase1_src($ph1ent)
is returning an empty result so $left_spec
is empty in source:src/etc/inc/interfaces.inc#L1640 leading it to wrongly guess the address family and omit the local address for the interface.
Actions