Bug #2861
closedIPSec Status Broken
100%
Description
Hi,
there is a bug in
/etc/inc/ipsec.inc
on line 409
the lines
if (!strstr($sp_dstid,"/")) {
if (is_ipaddrv4($sp_srcid))
should look like this:
if (!strstr($sp_dstid,"/")) {
if (is_ipaddrv4($sp_dstid))
this bug breaks the ipsec status on ipsec links with a ph2 address as a peer (/32)
Updated by Sebastian Chrostek almost 12 years ago
the following two lines are also affected:
elseif (is_ipaddrv6($sp_*src*id))
$sp_dstid .= '/128';
should look like this:
elseif (is_ipaddrv6($sp_*dst*id))
$sp_dstid .= '/128';
Updated by Sebastian Chrostek almost 12 years ago
on debugging this i saw another strange behaviour with this function:
function ipsec_fixup_ip($ipaddr) {
if (is_ipaddrv6($ipaddr) || !is_subnetv6($ipaddr))
return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr));
else
return $ipaddr;
}
the part "|| !is_subnetv6($ipaddr)" seems to be wrong, shouldn't it be "|| is_subnetv6($ipaddr)" ??
Updated by Jim Pingle almost 12 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 2379c48e139eeebabd098a5d17062d8c463afe70.
Updated by Chris Buechler almost 12 years ago
- Status changed from Feedback to Resolved