Project

General

Profile

Actions

Bug #11643

closed

IPsec tunnel does not function when configured on a 6RD interface

Added by Sietse van Zanen over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Viktor Gurov
Category:
IPsec
Target version:
Start date:
03/10/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:
All

Description

pfSense does not generate a correct swanctl.conf when adding IPv6 or dual stack tunnels over a 6RD interface. The IPv6 address is not added to local_addrs and IPv6 connections are not accepted (cannot find matching config).
Incorrect swanctl.conf:
con1000 {
.....
local_addrs = 1.2.3.4

Correct swanctl.conf
con1000 {
.....
local_addrs = 1.2.3.4,1234:5678:9abc::/48

Another minor issue is that the GUI complains when adding both IPv4 and IPv6 P2 under a IPv4 or IPv6 only P1 (There is a Phase 2 using IPv6, cannot use IPv4.).
This is however perfectly fine to configure and use. P2 IP version is not in any way related to P1. This error is therefore spurious and should be removed.

Actions

Also available in: Atom PDF