Project

General

Profile

Actions

Regression #14713

closed

Mobile IPsec not allocating address to connecting clients on dev snapshots

Added by Jim Pingle 8 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
Very High
Assignee:
Category:
IPsec
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Force Exclusion
Affected Version:
Affected Architecture:

Description

This regressed since the previous release at some point. Mobile client attempts to connect but is unable to obtain an address and the connection fails. Affects at least IKEv2 EAP-MSCHAPv2 and EAP-RADIUS but likely others as well.

Logs are similar to the following:

Aug 25 08:41:12     charon     46814     13[IKE] <con-mobile|10> peer requested virtual IP %any
Aug 25 08:41:12     charon     46814     13[IKE] <con-mobile|10> no virtual IP found for %any requested by 'jimp'
Aug 25 08:41:12     charon     46814     13[IKE] <con-mobile|10> peer requested virtual IP %any6
Aug 25 08:41:12     charon     46814     13[IKE] <con-mobile|10> no virtual IP found for %any6 requested by 'jimp'
Aug 25 08:41:12     charon     46814     13[IKE] <con-mobile|10> no virtual IP found, sending INTERNAL_ADDRESS_FAILURE 
Actions #1

Updated by Jim Pingle 8 months ago

This regressed in a recent rector refactoring ( 264198a5a69c0ea45726ccb4c0682f1f0cd5e8a9 ), some references to $a_client in ipsec.inc were updated but others were not. I manually updated the rest and now I can connect again. Commit coming shortly.

Actions #2

Updated by Jim Pingle 8 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Vladimir Suhhanov 8 months ago

Fixed for me. Thanks.

Actions #4

Updated by Jim Pingle 8 months ago

  • Status changed from Feedback to Resolved
Actions #5

Updated by Jim Pingle 6 months ago

  • Target version changed from 2.8.0 to 2.7.1
Actions

Also available in: Atom PDF