Bug #2445
closed
Carp vip renaming broken IPsec VPN tunnels that reference carp interfaces.
Added by Seth Mos over 12 years ago.
Updated over 12 years ago.
Description
Because of the vip renaming per interface any IPsec VPN tunnels, or endpoints referencing a CARP vip are now broken and won't work.
OpenVPN too maybe?
$i = 0;
foreach($config['ipsec']['phase1'] as $phase1) {
if($phase1['interface'] == "vip131")
$config['ipsec']['phase1'][$i]['interface'] = "wan_vip131";
$i++;
}
This is the upgrade code existing there.
Normally the section with s///g should have taken care of that.
Probably you missed the config version upgrade so missed this?
function upgrade_081_to_082() {
global $config, $g;
/* enable the allow IPv6 toggle */
$config['system']['ipv6allow'] = true;
/* XXX: Gross hacks in sight */
write_config();
if (is_array($config['virtualips']['vip'])) {
$vipchg = array();
foreach ($config['virtualips']['vip'] as $vip) {
$realif = get_real_interface($vip['interface']);
file_put_contents("{$g['tmp_path']}/vipreplace", "s/vip{$vip['vhid']}/{$realif}_vip{$vip['vhid']}/g\n");
}
mwexec("/bin/sh -I \"\" -f {$g['tmp_path']}/vipreplace /conf/config.xml");
require_once("config.lib.inc");
$config = parse_config(true);
}
}
- Status changed from New to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by Ermal Luçi 
Updated by