Bug #4185
closed
error "macro IPsec not defined" caused by ipsec settings set to initiated from a carp-ip/interface
0%
Description
error "macro IPsec not defined" caused by ipsec connection initiated from a carp-ip/interface
on reboot (and random times?) this error is logged:
01-07-15 20:53:37 [ There were error(s) loading the rules: /tmp/rules.debug:119: macro IPsec not defined - The line in question reads [119]: pass out on $IPsec all tracker 1000000961 tracker 1000000962 keep state label IPsec internal host to host]
Updated by Chris Buechler almost 10 years ago
- Status changed from New to Feedback
the issue as described doesn't exist. There could be some unusual edge case but I don't see how, our test environments cover pretty much every possible scenario, and no one else has reported same. It definitely wouldn't be specific to what it's bound to, as what that means is the "IPsec = "{ enc0 }"" line is missing from rules.debug. That gets added simply if:
if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
Which is the exact same if statement that precedes the "pass out" rule in question. Basically, it seems to be impossible, short of mucking with the source, to end up in that circumstance because the IPsec macro will always be added if the circumstance exists where that pass out rule gets added.
Is there anything more specific you can provide to replicate?
Updated by
Updated by Pi Ba almost 10 years ago
This one seems to be a side-effect of this a bogus url(IPs) alias like described here: https://redmine.pfsense.org/issues/4189
Updated by Chris Buechler almost 10 years ago
- Status changed from Feedback to Rejected
#4189 is actual root cause