Project

General

Profile

Actions

Bug #15124

closed

IPsec VTI is not created correctly when using a Phase 2 remote type of ``Network``

Added by Marcos M 12 months ago. Updated 12 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
24.03
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

The Remote Network field in the IPsec Phase 2 configuration allows for the Network type with VTI mode. This results in the following system log:

Dec 28 13:20:27 php-fpm 34200 /vpn_ipsec.php: The command '/sbin/ifconfig 'ipsec2' inet '172.19.254.109/30' '172.19.254.110/30'' returned exit code '1', the output was 'ifconfig: 172.19.254.110/30: bad value'

The ifconfig remote address must simply be an address (no CIDR notation) and is required with IPv4 but not IPv6:

[23.09.1-RELEASE][root@sitea-fw1.lab.arpa]/root: ifconfig ipsec2 inet 172.19.254.109/30
ifconfig: in_exec_nl(): Empty IFA_LOCAL/IFA_ADDRESS
ifconfig: ioctl (SIOCAIFADDR): Invalid argument
[23.09.1-RELEASE][root@sitea-fw1.lab.arpa]/root: ifconfig ipsec2 inet 172.19.254.109/30 172.19.254.110
[23.09.1-RELEASE][root@sitea-fw1.lab.arpa]/root: ifconfig ipsec2 inet6 fdc7:5c33:b112:f010::1/60
[23.09.1-RELEASE][root@sitea-fw1.lab.arpa]/root: ifconfig ipsec2
ipsec2: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1446
        options=0
        tunnel inet 192.0.2.4 --> 198.51.100.3
        inet 172.19.254.109 --> 172.19.254.110 netmask 0xfffffffc
        inet6 fe80::250:56ff:feb2:e89%ipsec2 prefixlen 64 scopeid 0x10
        inet6 fdc7:5c33:b112:f010::1 prefixlen 60
        groups: ipsec
        reqid: 5002
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Actions #1

Updated by Marcos M 12 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Danilo Zrenjanin 12 months ago

  • Status changed from Feedback to Resolved

The patch fixes it. The IPsec interface gets IP address and the gateway as expected with no error logs.

I am marking this ticket as resolved.

Actions

Also available in: Atom PDF