Bug #12723
closed
Disallow remote gateway of ``0.0.0.0`` for VTI mode
Added by Chris Linstruth almost 3 years ago.
Updated over 2 years ago.
Plus Target Version:
22.05
Description
Since 0.0.0.0 is not compatible with building the correct VTI FreeBSD interface, disallow its use as a remote tunnel endpoint/gateway on a VTI Phase 1.
- Target version set to 2.7.0
- Plus Target Version set to 22.05
Because the remote gateway is a P1 setting but VTI is a P2 setting this needs to be checked in multiple places:
- When saving a P1: If any of the child P2s are set to VTI, generate an input error if the user attempts to set the remote gateway to 0.0.0.0
- When saving a P2: If the P2 is set to VTI and the remote gateway is 0.0.0.0, generate an input error
Also update the note under Remote Gateway with some guidance here, even if it's just a simple "A remote gateway of 0.0.0.0 is not compatible with VTI, use an FQDN instead" or something along those lines.
- Related to Bug #10638: ipsec VTI interface not setting tunnel parameters when phase1 Remote Gateway is 0.0.0.0 added
- Assignee set to Viktor Gurov
- Status changed from New to Pull Request Review
- Status changed from Pull Request Review to Feedback
- Status changed from Feedback to Resolved
it is not allowed to add 0.0.0.0 as remote GW if there is a VTI as P2 and it is not allowed to add VTI if the remote GW is 0.0.0.0 in P1
"A remote gateway address of "0.0.0.0" or "::" is not compatible with a child Phase 2 in VTI mode.
2.7.0.a.20220218.0600
- Subject changed from Disallow 0.0.0.0 as a VTI remote gateway to Disallow remote gateway of ``0.0.0.0`` for VTI mode
Updating subject for release notes.
Also available in: Atom
PDF
Updated by 
Updated by Viktor Gurov 
Updated by