Project

General

Profile

Actions
Copy link

New Content #13385

closed

Add notice "A remote gateway address of '0.0.0.0' or '::' is not compatible with VTI, use an FQDN instead"

Added by Danilo Zrenjanin about 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:

Description

https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure-p1.html#ike-endpoint-configuration

Remote Gateway

The address for the peer to which the tunnel will be established. This is most likely the WAN IP address of the remote device.

This may be set to an IP address or a fully qualified domain name (FQDN). When set to an FQDN the firewall periodically resolves the name using DNS and updates the tunnel when it detects a change.

To allow connections from any endpoint use 0.0.0.0/0 for IPv4 or :: for IPv6. When allowing connections from any remote endpoint the Child SA Start Action must be set to None and the Peer Identifier cannot be set to Peer IP Address

A remote gateway address of '0.0.0.0' or '::' is not compatible with VTI, use an FQDN instead

Actions
Copy link
 #1

Updated by Jim Pingle about 3 years ago

  • Assignee set to Jim Pingle
Actions
Copy link
 #2

Updated by Jim Pingle almost 3 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Danilo Zrenjanin almost 3 years ago

  • Status changed from Feedback to Resolved

Yes, it looks fine now. I am marking this ticket resolved.

Actions
Copy link

Also available in: Atom PDF