Bug #3812
closed
IPSec validation should prevent phase2 policies(subnets) to include remote peer on it
Added by Ermal Luçi over 9 years ago.
Updated over 9 years ago.
Description
It would be nice to have validation of phase2 subnets to not include the remote peer of ipsec phase1 to avoid loops after tunnel establishment.
- Tracker changed from Feature to Bug
- Assignee set to Ermal Luçi
- Target version set to 2.2
- Affected Version changed from All to 2.2
- Status changed from New to Feedback
- Assignee changed from Ermal Luçi to Chris Buechler
- Affected Version changed from 2.2 to All
fix pushed and tested, leaving for further testing and confirmation. The check only prevents P2s where the local+remote of the P2 both fall within the interface and remote-gateway of its P1. Seems to work and cover all circumstances where that would be a problem.
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
Also available in: Atom
PDF