Mobile IPsec "split_include" value of 0.0.0.0/0 causes some clients to fail
Currently for mobile IPsec the code sets up
split_include entries for IPv4/IPv6 pools based on the GUI setting for networks to send to clients.
split_include has a value of
0.0.0.0/0, some clients will fail to connect. A forum user reported this for the built-in Android IKEv2 client but there may be others.
So we either need to figure out some better logic about what to put in each of
split_include separately or at the very least, do not add
Also warrants some more research in strongSwan to ensure both of those fields are being used appropriately.
Updated by Jim Pingle 5 months ago
I can't find a client that can reproduce this so I can't confirm a fix. Attached is a patch which will omit 0.0.0.0/0 and ::/0 from the split_include line, or omit the line entirely if that is the only value.
Needs some testing before committing.
Updated by Jim Pingle 3 months ago
- Plus Target Version changed from 21.05 to 21.09
Nothing committed here yet and only one data point on if it's beneficial. Bumping this one up for the moment. I'd like to find a way to reproduce this and check that it doesn't break existing setups first.