Project

General

Profile

Actions

Bug #4157

closed

IPsec route-to/reply-to "pass out" rules mis-route ISAKMP and ESP traffic with remote on same subnet

Added by Chris Buechler almost 10 years ago. Updated almost 10 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
12/29/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Where your IPsec remote endpoint is on the same subnet as the local IP where it's bound, the "pass out" rules for ISAKMP and ESP send the traffic to the system's gateway rather than directly to the remote. 2.1.5 at least does the same, so not a regression. Not too difficult to change the logic in filter.inc around line 3698 to skip where it's in the same subnet.

Actions

Also available in: Atom PDF