Bug #4185
closed
error "macro IPsec not defined" caused by ipsec settings set to initiated from a carp-ip/interface
Added by Pi Ba almost 10 years ago.
Updated over 9 years ago.
Affected Architecture:
All
Description
error "macro IPsec not defined" caused by ipsec connection initiated from a carp-ip/interface
on reboot (and random times?) this error is logged:
01-07-15 20:53:37 [ There were error(s) loading the rules: /tmp/rules.debug:119: macro IPsec not defined - The line in question reads [119]: pass out on $IPsec all tracker 1000000961 tracker 1000000962 keep state label IPsec internal host to host]
- Status changed from New to Feedback
the issue as described doesn't exist. There could be some unusual edge case but I don't see how, our test environments cover pretty much every possible scenario, and no one else has reported same. It definitely wouldn't be specific to what it's bound to, as what that means is the "IPsec = "{ enc0 }"" line is missing from rules.debug. That gets added simply if:
if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
Which is the exact same if statement that precedes the "pass out" rule in question. Basically, it seems to be impossible, short of mucking with the source, to end up in that circumstance because the IPsec macro will always be added if the circumstance exists where that pass out rule gets added.
Is there anything more specific you can provide to replicate?
- Assignee set to Chris Buechler
- Status changed from Feedback to Rejected
#4189 is actual root cause
- Target version deleted (
2.2)
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by