Bug #15147
closed
Cannot configure dual stack IPsec tunnel to accept connections from any remote address on both address families
100%
Description
If in Phase 1, Internet Protocol "Both (Dual Stack)" is selected, then under Remote Gateway the explanation in the blue info icon ("More information") has an issue leaving the user somewhat clueless whether to put '0.0.0.0' or '::', if the aim is to allow connections BOTH from any IPv4 address AND connections from any IPv6 address. Please add some clarification to the text in this regard.
I suggest the following addition to the info box (only if this is correct - please confirm):
If Internet Protocol is set to 'Both (Dual Stack)‘, using either '0.0.0.0' or '::' will allow connections both from any IPv4 and from any IPv6.
Updated by Jim Pingle 4 months ago
- Tracker changed from Bug to Todo
- Subject changed from Add Dual Stack explanation to IPSec Phase 1 Remote Gateway info box to Add Dual Stack explanation to IPsec Phase 1 Remote Gateway info box
- Target version set to 2.8.0
- Plus Target Version set to 24.03
- Affected Version deleted (
All)
Updated by Kris Phillips 3 months ago
Can confirm that this is very confusing. It might be better to add a "Allow from Any Source" checkbox that just applies this instead. We could then hide this option for VTI connections and use form validation to always make 0.0.0.0 or :: invalid entries. Just my thoughts.
Updated by Jim Pingle about 2 months ago
- Tracker changed from Todo to Bug
- Subject changed from Add Dual Stack explanation to IPsec Phase 1 Remote Gateway info box to Cannot configure dual stack IPsec tunnel to accept connections from any remote address on both address families
- Status changed from New to In Progress
- Assignee set to Jim Pingle
The suggested note addition isn't accurate, only tunnels of the same address family as the remote gateway are allowed to connect with the current code. It's easy to work around without adding another checkbox, though.
Changing this to a bug since at the moment it's impossible to configure this and it should be working.
Updated by Jim Pingle about 2 months ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset d53185888b7588c85a33ccfc14447335045fe5b7.
Updated by Alhusein Zawi about 1 month ago
- Status changed from Feedback to Closed
note was added
24.03.b.20240322.1708