Bug #11891: strongSwan configuration contains incorrect structure for mobile pool DNS records - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #11891

closed

strongSwan configuration contains incorrect structure for mobile pool DNS records

Added by Oleksandr Yermolenko over 3 years ago. Updated almost 3 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

IPsec

Target version:

2.6.0

Start date:

05/05/2021

Due date:

% Done:

Estimated time:

Plus Target Version:

22.01

Release Notes:

Default

Affected Version:

2.5.1

Affected Architecture:

amd64

Description

Hello,

according to https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf:
old style configuration

rightdns=<ip>[,…]

should be transformed to the next records:

connections.<conn>.pools=<poolname>
pools.<poolname>.dns=<ip>[,…]

but 2.5.1 version config generated in the following way:

pools {
}
mobile-pool {
        dns = 10.71.1.11,10.70.3.11
        28679 = "20" 
}

and connection

con-mobile-defaults {
...
        pools = radius-pool, radius
...

Related issues

Related to Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes

Closed

Jim Pingle

02/18/2021

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Status changed from New to In Progress
Assignee set to Jim Pingle
Target version set to 2.6.0

"radius" is a special internal pool in strongSwan, which expects settings to be returned from RADIUS and not defined in the configuration.

Though "radius-pool" should be defined to include the settings from "mobile-pool" as a template which would bring in the DNS settings from there, and that seems to not be making it into the config in certain cases.

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Status changed from In Progress to Feedback

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Plus Target Version set to 21.05

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Already in 21.05 branch.

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Subject changed from swanctl.conf/mobile-pool: incorrect config structure for DNS records to strongSwan configuration contains incorrect structure for mobile pool DNS records

Updating subject for release notes.

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Plus Target Version changed from 21.05 to 21.09

Reverted RADIUS-specific parts of the change here for now, it was causing the configuration to fail. Can try again before the next release.

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Status changed from Feedback to New

Actions

Copy link

Updated by Viktor Gurov over 3 years ago

Jim Pingle wrote in #note-6:

Reverted RADIUS-specific parts of the change here for now, it was causing the configuration to fail. Can try again before the next release.

should be fixed in #11447#note-14

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Related to Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes added

Actions

Copy link

#10