Actions
Bug #15124
closed
IPsec VTI is not created correctly when using a Phase 2 remote type of ``Network``
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
24.03
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
The Remote Network field in the IPsec Phase 2 configuration allows for the Network type with VTI mode. This results in the following system log:
Dec 28 13:20:27 php-fpm 34200 /vpn_ipsec.php: The command '/sbin/ifconfig 'ipsec2' inet '172.19.254.109/30' '172.19.254.110/30'' returned exit code '1', the output was 'ifconfig: 172.19.254.110/30: bad value'
The ifconfig remote address must simply be an address (no CIDR notation) and is required with IPv4 but not IPv6:
[23.09.1-RELEASE][root@sitea-fw1.lab.arpa]/root: ifconfig ipsec2 inet 172.19.254.109/30
ifconfig: in_exec_nl(): Empty IFA_LOCAL/IFA_ADDRESS
ifconfig: ioctl (SIOCAIFADDR): Invalid argument
[23.09.1-RELEASE][root@sitea-fw1.lab.arpa]/root: ifconfig ipsec2 inet 172.19.254.109/30 172.19.254.110
[23.09.1-RELEASE][root@sitea-fw1.lab.arpa]/root: ifconfig ipsec2 inet6 fdc7:5c33:b112:f010::1/60
[23.09.1-RELEASE][root@sitea-fw1.lab.arpa]/root: ifconfig ipsec2
ipsec2: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1446
options=0
tunnel inet 192.0.2.4 --> 198.51.100.3
inet 172.19.254.109 --> 172.19.254.110 netmask 0xfffffffc
inet6 fe80::250:56ff:feb2:e89%ipsec2 prefixlen 64 scopeid 0x10
inet6 fdc7:5c33:b112:f010::1 prefixlen 60
groups: ipsec
reqid: 5002
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Updated by Marcos M 4 months ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Fixed in 8e83f722c70bc6bd4a7e4275f8ddc3ac3fe5efc5.
Updated by Danilo Zrenjanin 4 months ago
- Status changed from Feedback to Resolved
The patch fixes it. The IPsec interface gets IP address and the gateway as expected with no error logs.
I am marking this ticket as resolved.
Actions