Project

General

Profile

Actions

Bug #2861

closed

IPSec Status Broken

Added by Sebastian Chrostek over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
03/06/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
All

Description

Hi,

there is a bug in
/etc/inc/ipsec.inc
on line 409

the lines

if (!strstr($sp_dstid,"/")) {
if (is_ipaddrv4($sp_srcid))

should look like this:

if (!strstr($sp_dstid,"/")) {
if (is_ipaddrv4($sp_dstid))

this bug breaks the ipsec status on ipsec links with a ph2 address as a peer (/32)

Actions #1

Updated by Sebastian Chrostek over 8 years ago

the following two lines are also affected:

elseif (is_ipaddrv6($sp_*src*id))
$sp_dstid .= '/128';

should look like this:

elseif (is_ipaddrv6($sp_*dst*id))
$sp_dstid .= '/128';

Actions #2

Updated by Sebastian Chrostek over 8 years ago

on debugging this i saw another strange behaviour with this function:

function ipsec_fixup_ip($ipaddr) {
if (is_ipaddrv6($ipaddr) || !is_subnetv6($ipaddr))
return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr));
else
return $ipaddr;
}

the part "|| !is_subnetv6($ipaddr)" seems to be wrong, shouldn't it be "|| is_subnetv6($ipaddr)" ??

Actions #3

Updated by Jim Pingle over 8 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Sebastian Chrostek over 8 years ago

Thank you, works fine now.

Actions #5

Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF