Bug #15147
closed
Cannot configure dual stack IPsec tunnel to accept connections from any remote address on both address families
Added by Lars Wolos 11 months ago.
Updated 8 months ago.
Plus Target Version:
24.03
Description
If in Phase 1, Internet Protocol "Both (Dual Stack)" is selected, then under Remote Gateway the explanation in the blue info icon ("More information") has an issue leaving the user somewhat clueless whether to put '0.0.0.0' or '::', if the aim is to allow connections BOTH from any IPv4 address AND connections from any IPv6 address. Please add some clarification to the text in this regard.
I suggest the following addition to the info box (only if this is correct - please confirm):
If Internet Protocol is set to 'Both (Dual Stack)‘, using either '0.0.0.0' or '::' will allow connections both from any IPv4 and from any IPv6.
- Tracker changed from Bug to Todo
- Subject changed from Add Dual Stack explanation to IPSec Phase 1 Remote Gateway info box to Add Dual Stack explanation to IPsec Phase 1 Remote Gateway info box
- Target version set to 2.8.0
- Plus Target Version set to 24.03
- Affected Version deleted (
All)
Can confirm that this is very confusing. It might be better to add a "Allow from Any Source" checkbox that just applies this instead. We could then hide this option for VTI connections and use form validation to always make 0.0.0.0 or :: invalid entries. Just my thoughts.
- Tracker changed from Todo to Bug
- Subject changed from Add Dual Stack explanation to IPsec Phase 1 Remote Gateway info box to Cannot configure dual stack IPsec tunnel to accept connections from any remote address on both address families
- Status changed from New to In Progress
- Assignee set to Jim Pingle
The suggested note addition isn't accurate, only tunnels of the same address family as the remote gateway are allowed to connect with the current code. It's easy to work around without adding another checkbox, though.
Changing this to a bug since at the moment it's impossible to configure this and it should be working.
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Closed
note was added
24.03.b.20240322.1708
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by