Actions
Bug #3812
closed
IPSec validation should prevent phase2 policies(subnets) to include remote peer on it
Start date:
08/18/2014
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
Description
It would be nice to have validation of phase2 subnets to not include the remote peer of ipsec phase1 to avoid loops after tunnel establishment.
Updated by Jim Thompson over 10 years ago
- Tracker changed from Feature to Bug
- Assignee set to Ermal Luçi
- Target version set to 2.2
Updated by Jim Thompson over 10 years ago
- Affected Version changed from All to 2.2
Updated by Chris Buechler about 10 years ago
- Status changed from New to Feedback
- Assignee changed from Ermal Luçi to Chris Buechler
- Affected Version changed from 2.2 to All
fix pushed and tested, leaving for further testing and confirmation. The check only prevents P2s where the local+remote of the P2 both fall within the interface and remote-gateway of its P1. Seems to work and cover all circumstances where that would be a problem.
Updated by Chris Buechler about 10 years ago
- % Done changed from 0 to 100
Applied in changeset 6c3be3650008801aaa1579dca67b0588c04b8e18.
Actions