Bug #4504
closedBring back local network SPD exclusions for IPsec
100%
Description
On 2.1.x and before, exclusions were added to prevent local traffic from entering IPsec, including traffic from the LAN network to the LAN interface and between other local networks. On 2.2 these have been removed.
Without these exclusions, it's impossible to have a functional tunnel that sends all traffic over IPsec (0.0.0.0/0 remote) or one that uses a summarized network remote (10.0.0.0/8 when the LAN is also a 10.x.x.x net).
I thought there was already a ticket for this but couldn't locate one. If the other one turns up, close this one and make sure the other is targeted for 2.2.2.
Updated by Ermal Luçi over 9 years ago
- % Done changed from 0 to 100
Applied in changeset 534753890c74d7ce1188fe9a7b6f5f1b153f802d.
Updated by Ermal Luçi over 9 years ago
Applied in changeset 0887e836c45242e5afb8840acf2de9262f65d27c.
Updated by Ermal Luçi over 9 years ago
Applied in changeset 9b7ca37d12d5e15026af946643f28517f731360d.
Updated by Ermal Luçi over 9 years ago
Applied in changeset b8eeddeb2f51db206f15e16732e79758d140ca5b.
Updated by Ermal Luçi over 9 years ago
Applied in changeset 755b75c79f399e364d8afe22f1e8fa8d12644691.
Updated by Ermal Luçi over 9 years ago
Applied in changeset 491c76c802097a50c26f36600325a7b2fc5607df.
Updated by Chris Buechler over 9 years ago
- Status changed from Feedback to Resolved
the behavior is back to where it was in 2.1.5 and previous versions, excluding source LAN subnet, destination LAN IP.