Bug #2861
closedIPSec Status Broken
100%
Description
Hi,
there is a bug in 
/etc/inc/ipsec.inc
on line 409
the lines
if (!strstr($sp_dstid,"/")) {
if (is_ipaddrv4($sp_srcid))
should look like this:
if (!strstr($sp_dstid,"/")) {
if (is_ipaddrv4($sp_dstid))
this bug breaks the ipsec status on ipsec links with a ph2 address as a peer (/32)
       Updated by Sebastian Chrostek over 12 years ago
      Updated by Sebastian Chrostek over 12 years ago
      
    
    the following two lines are also affected:
elseif (is_ipaddrv6($sp_*src*id))
$sp_dstid .= '/128';
should look like this:
elseif (is_ipaddrv6($sp_*dst*id))
$sp_dstid .= '/128';
       Updated by Sebastian Chrostek over 12 years ago
      Updated by Sebastian Chrostek over 12 years ago
      
    
    on debugging this i saw another strange behaviour with this function:
function ipsec_fixup_ip($ipaddr) {
        if (is_ipaddrv6($ipaddr) || !is_subnetv6($ipaddr))
                return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr));
        else
                return $ipaddr;
}
the part "|| !is_subnetv6($ipaddr)" seems to be wrong, shouldn't it be "|| is_subnetv6($ipaddr)" ??
       Updated by Jim Pingle over 12 years ago
      Updated by Jim Pingle over 12 years ago
      
    
    - Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 2379c48e139eeebabd098a5d17062d8c463afe70.
       Updated by Chris Buechler over 12 years ago
      Updated by Chris Buechler over 12 years ago
      
    
    - Status changed from Feedback to Resolved