Project

General

Profile

Actions

Bug #3812

closed

IPSec validation should prevent phase2 policies(subnets) to include remote peer on it

Added by Ermal Luçi almost 8 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
08/18/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

It would be nice to have validation of phase2 subnets to not include the remote peer of ipsec phase1 to avoid loops after tunnel establishment.

Actions #1

Updated by Jim Thompson almost 8 years ago

  • Tracker changed from Feature to Bug
  • Assignee set to Ermal Luçi
  • Target version set to 2.2
Actions #2

Updated by Jim Thompson almost 8 years ago

  • Affected Version changed from All to 2.2
Actions #3

Updated by Chris Buechler over 7 years ago

  • Status changed from New to Feedback
  • Assignee changed from Ermal Luçi to Chris Buechler
  • Affected Version changed from 2.2 to All

fix pushed and tested, leaving for further testing and confirmation. The check only prevents P2s where the local+remote of the P2 both fall within the interface and remote-gateway of its P1. Seems to work and cover all circumstances where that would be a problem.

Actions #4

Updated by Chris Buechler over 7 years ago

  • % Done changed from 0 to 100
Actions #5

Updated by Chris Buechler over 7 years ago

  • Status changed from Feedback to Resolved

this is good

Actions

Also available in: Atom PDF