Project

General

Profile

Actions

Bug #11539

open

Mobile IPsec "split_include" value of 0.0.0.0/0 causes some clients to fail

Added by Jim Pingle over 1 year ago. Updated 2 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
02/25/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.11
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

Currently for mobile IPsec the code sets up subnet and split_include entries for IPv4/IPv6 pools based on the GUI setting for networks to send to clients.

When split_include has a value of 0.0.0.0/0, some clients will fail to connect. A forum user reported this for the built-in Android IKEv2 client but there may be others.

So we either need to figure out some better logic about what to put in each of subnet and split_include separately or at the very least, do not add 0.0.0.0/0 or ::/0 to split_include.

Also warrants some more research in strongSwan to ensure both of those fields are being used appropriately.


Files

11539-split-fix.diff (1.18 KB) 11539-split-fix.diff Jim Pingle, 03/04/2021 02:57 PM
Actions

Also available in: Atom PDF