Mobile IPsec "split_include" value of 0.0.0.0/0 causes some clients to fail
Currently for mobile IPsec the code sets up
split_include entries for IPv4/IPv6 pools based on the GUI setting for networks to send to clients.
split_include has a value of
0.0.0.0/0, some clients will fail to connect. A forum user reported this for the built-in Android IKEv2 client but there may be others.
So we either need to figure out some better logic about what to put in each of
split_include separately or at the very least, do not add
Also warrants some more research in strongSwan to ensure both of those fields are being used appropriately.
#1 Updated by Jim Pingle about 1 month ago
I can't find a client that can reproduce this so I can't confirm a fix. Attached is a patch which will omit 0.0.0.0/0 and ::/0 from the split_include line, or omit the line entirely if that is the only value.
Needs some testing before committing.