Project

General

Profile

Actions

Bug #4504

closed

Bring back local network SPD exclusions for IPsec

Added by Jim Pingle over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
03/10/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
All

Description

On 2.1.x and before, exclusions were added to prevent local traffic from entering IPsec, including traffic from the LAN network to the LAN interface and between other local networks. On 2.2 these have been removed.

Without these exclusions, it's impossible to have a functional tunnel that sends all traffic over IPsec (0.0.0.0/0 remote) or one that uses a summarized network remote (10.0.0.0/8 when the LAN is also a 10.x.x.x net).

I thought there was already a ticket for this but couldn't locate one. If the other one turns up, close this one and make sure the other is targeted for 2.2.2.

Actions #1

Updated by Ermal Luçi over 6 years ago

  • Status changed from New to Feedback
Actions #2

Updated by Ermal Luçi over 6 years ago

  • % Done changed from 0 to 100
Actions #3

Updated by Ermal Luçi over 6 years ago

Actions #4

Updated by Ermal Luçi over 6 years ago

Actions #5

Updated by Ermal Luçi over 6 years ago

Actions #6

Updated by Ermal Luçi over 6 years ago

Actions #7

Updated by Ermal Luçi over 6 years ago

Actions #8

Updated by Chris Buechler over 6 years ago

  • Status changed from Feedback to Resolved

the behavior is back to where it was in 2.1.5 and previous versions, excluding source LAN subnet, destination LAN IP.

Actions

Also available in: Atom PDF