Project

General

Profile

Actions

Regression #11537

closed

IPsec VTI tunnel between IPv6 peers may not configure correctly

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Viktor Gurov
Category:
IPsec
Target version:
Start date:
02/25/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

The error in https://forum.netgate.com/post/965928 implies that an IPsec tunnel using VTI between two IPv6 peers may not be properly configuring the interface.

rc.bootup: The command '/sbin/ifconfig 'ipsec3000' inet tunnel '' '2001:xxx:xxxx:xxx::1' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: Name does not resolve' 

Somehow ipsec_get_phase1_src($ph1ent) is returning an empty result so $left_spec is empty in source:src/etc/inc/interfaces.inc#L1640 leading it to wrongly guess the address family and omit the local address for the interface.

Actions

Also available in: Atom PDF