Bug #12723
closed
Disallow remote gateway of ``0.0.0.0`` for VTI mode
0%
Description
Since 0.0.0.0 is not compatible with building the correct VTI FreeBSD interface, disallow its use as a remote tunnel endpoint/gateway on a VTI Phase 1.
Related issues
Updated by Jim Pingle about 2 years ago
- Target version set to 2.7.0
- Plus Target Version set to 22.05
Because the remote gateway is a P1 setting but VTI is a P2 setting this needs to be checked in multiple places:
- When saving a P1: If any of the child P2s are set to VTI, generate an input error if the user attempts to set the remote gateway to 0.0.0.0
- When saving a P2: If the P2 is set to VTI and the remote gateway is 0.0.0.0, generate an input error
Also update the note under Remote Gateway with some guidance here, even if it's just a simple "A remote gateway of 0.0.0.0 is not compatible with VTI, use an FQDN instead" or something along those lines.
Updated by Jim Pingle about 2 years ago
- Related to Bug #10638: ipsec VTI interface not setting tunnel parameters when phase1 Remote Gateway is 0.0.0.0 added
Updated by Viktor Gurov about 2 years ago
- Assignee set to Viktor Gurov
Updated by Jim Pingle about 2 years ago
- Status changed from New to Pull Request Review
Updated by Viktor Gurov about 2 years ago
- Status changed from Pull Request Review to Feedback
Merged
Updated by Alhusein Zawi about 2 years ago
- Status changed from Feedback to Resolved
it is not allowed to add 0.0.0.0 as remote GW if there is a VTI as P2 and it is not allowed to add VTI if the remote GW is 0.0.0.0 in P1
"A remote gateway address of "0.0.0.0" or "::" is not compatible with a child Phase 2 in VTI mode.
2.7.0.a.20220218.0600
Updated by Jim Pingle about 2 years ago
- Subject changed from Disallow 0.0.0.0 as a VTI remote gateway to Disallow remote gateway of ``0.0.0.0`` for VTI mode
Updating subject for release notes.