Project

General

Profile

Actions

Bug #2300

closed

Static routes for IPsec peers missing when attached to IP Alias VIP

Added by Jim Pingle over 9 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
03/19/2012
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

The "static route needed?" check in vpn.inc for IPsec peers only checks CARP VIPs to see if a static route is needed, and not IP Alias VIPs. So if you attach a tunnel to an IP Alias VIP on an alternate (non-default) WAN, it does not get a static route, and thus doesn't work properly.

Actions #1

Updated by Jim Pingle over 9 years ago

The problem seems to be, in part, that this checks for an interface name of carp or vip, but with IP alias it would actually be an IP address. Needs some more logic there.

Actions #2

Updated by Ermal Luçi about 9 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Ermal Luçi about 9 years ago

Actions #4

Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF