Bug #430
closed
Cannot configure IPSec SA without local id for Roadwarrior configurations
Added by Paul K about 14 years ago.
Updated about 14 years ago.
Description
Right now there is no way to leave 'Local Network' blank when configuring IPsec Phase 2. This results in the racoon.conf file that always has local_id set
sainfo local_id anonymous {...}
For Roadwarrior configurations local_id cannot be defined and so SA config should look like this
sainfo anonymous {...}
TIA
Ah sorry, 2.0. I am running 20100304 snapshot.
- Category set to IPsec
- Target version set to 2.0
- Affected Version set to 2.0
- Status changed from New to Feedback
Please test the committed changes.
I am not sure this is enough though try it on your side an we will see.
Ermal, thanks for the quick fix.
I tested this with March 19th snap. It does produce correct SA configuration now
sainfo anonymous {...}
and road warriors can connect fine.
The only thing I noticed: if I check 'Provide a list of accessible networks to clients' flag in 'mode-cfg' section it uses configuration from phase-2 setup page -> 'Local Network' to generate config file and if I selected 'None' in the local network section racoon config file will have this entry:
split_network include 0.0.0.0/0;
I am not sure if this is a problem or not because I don't really use that option just thought I will mention it here.
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by Ermal Luçi