Bug #3812
closed
IPSec validation should prevent phase2 policies(subnets) to include remote peer on it
Added by Ermal Luçi over 10 years ago.
Updated about 10 years ago.
Description
It would be nice to have validation of phase2 subnets to not include the remote peer of ipsec phase1 to avoid loops after tunnel establishment.
- Tracker changed from Feature to Bug
- Assignee set to Ermal Luçi
- Target version set to 2.2
- Affected Version changed from All to 2.2
- Status changed from New to Feedback
- Assignee changed from Ermal Luçi to Chris Buechler
- Affected Version changed from 2.2 to All
fix pushed and tested, leaving for further testing and confirmation. The check only prevents P2s where the local+remote of the P2 both fall within the interface and remote-gateway of its P1. Seems to work and cover all circumstances where that would be a problem.
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by