Actions
Bug #2445
closed
Carp vip renaming broken IPsec VPN tunnels that reference carp interfaces.
Start date:
05/22/2012
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
Description
Because of the vip renaming per interface any IPsec VPN tunnels, or endpoints referencing a CARP vip are now broken and won't work.
OpenVPN too maybe?
Updated by Seth Mos over 13 years ago
$i = 0;
foreach($config['ipsec']['phase1'] as $phase1) {
if($phase1['interface'] == "vip131")
$config['ipsec']['phase1'][$i]['interface'] = "wan_vip131";
$i++;
}
Updated by Ermal Luçi over 13 years ago
This is the upgrade code existing there.
Normally the section with s///g should have taken care of that.
Probably you missed the config version upgrade so missed this?
function upgrade_081_to_082() {
global $config, $g;
/* enable the allow IPv6 toggle */
$config['system']['ipv6allow'] = true;
/* XXX: Gross hacks in sight */
write_config();
if (is_array($config['virtualips']['vip'])) {
$vipchg = array();
foreach ($config['virtualips']['vip'] as $vip) {
$realif = get_real_interface($vip['interface']);
file_put_contents("{$g['tmp_path']}/vipreplace", "s/vip{$vip['vhid']}/{$realif}_vip{$vip['vhid']}/g\n");
}
mwexec("/bin/sh -I \"\" -f {$g['tmp_path']}/vipreplace /conf/config.xml");
require_once("config.lib.inc");
$config = parse_config(true);
}
}
Updated by Ermal Luçi over 13 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 35b714597c8947376b350681c361b38e2569747a.
Updated by Jim Pingle over 13 years ago
- Status changed from Feedback to Resolved
Actions