Bug #4504
closed
Bring back local network SPD exclusions for IPsec
100%
Description
On 2.1.x and before, exclusions were added to prevent local traffic from entering IPsec, including traffic from the LAN network to the LAN interface and between other local networks. On 2.2 these have been removed.
Without these exclusions, it's impossible to have a functional tunnel that sends all traffic over IPsec (0.0.0.0/0 remote) or one that uses a summarized network remote (10.0.0.0/8 when the LAN is also a 10.x.x.x net).
I thought there was already a ticket for this but couldn't locate one. If the other one turns up, close this one and make sure the other is targeted for 2.2.2.
Updated by Ermal Luçi almost 11 years ago
- % Done changed from 0 to 100
Applied in changeset commit:534753890c74d7ce1188fe9a7b6f5f1b153f802d.
Updated by Ermal Luçi almost 11 years ago
Applied in changeset commit:0887e836c45242e5afb8840acf2de9262f65d27c.
Updated by Ermal Luçi almost 11 years ago
Applied in changeset commit:9b7ca37d12d5e15026af946643f28517f731360d.
Updated by Ermal Luçi almost 11 years ago
Applied in changeset commit:b8eeddeb2f51db206f15e16732e79758d140ca5b.
Updated by Ermal Luçi almost 11 years ago
Applied in changeset commit:755b75c79f399e364d8afe22f1e8fa8d12644691.
Updated by Ermal Luçi almost 11 years ago
Applied in changeset commit:491c76c802097a50c26f36600325a7b2fc5607df.
Updated by Chris Buechler almost 11 years ago
- Status changed from Feedback to Resolved
the behavior is back to where it was in 2.1.5 and previous versions, excluding source LAN subnet, destination LAN IP.