Bug #430
closed
Cannot configure IPSec SA without local id for Roadwarrior configurations
0%
Description
Right now there is no way to leave 'Local Network' blank when configuring IPsec Phase 2. This results in the racoon.conf file that always has local_id set
sainfo local_id anonymous {...}
For Roadwarrior configurations local_id cannot be defined and so SA config should look like this
sainfo anonymous {...}
TIA
Updated by Paul K over 14 years ago
Ah sorry, 2.0. I am running 20100304 snapshot.
Updated by Chris Buechler over 14 years ago
- Category set to IPsec
- Target version set to 2.0
- Affected Version set to 2.0
Updated by Ermal Luçi over 14 years ago
- Status changed from New to Feedback
Please test the committed changes.
I am not sure this is enough though try it on your side an we will see.
Updated by Paul K over 14 years ago
Ermal, thanks for the quick fix.
I tested this with March 19th snap. It does produce correct SA configuration now
sainfo anonymous {...}
and road warriors can connect fine.
The only thing I noticed: if I check 'Provide a list of accessible networks to clients' flag in 'mode-cfg' section it uses configuration from phase-2 setup page -> 'Local Network' to generate config file and if I selected 'None' in the local network section racoon config file will have this entry:
split_network include 0.0.0.0/0;I am not sure if this is a problem or not because I don't really use that option just thought I will mention it here.
Updated by Chris Buechler over 14 years ago
- Status changed from Feedback to Resolved