Bug #5211: Auto-added IPsec rules overmatch in some circumstances - pfSense - pfSense bugtracker

Bug #5211

Auto-added IPsec rules overmatch in some circumstances

Added by Chris Buechler about 5 years ago. Updated about 5 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Chris Buechler

Category:

IPsec

Target version:

2.2.5

Start date:

09/28/2015

Due date:

% Done:

Estimated time:

Affected Version:

All

Affected Architecture:

Description

The auto-added IPsec rules over-match in some situations, primarily where using mobile IPsec. For instance if you have mobile IPsec enabled on a system that has IPsec endpoints behind it (usually an edge system that doesn't NAT), their ISAKMP and ESP traffic will hit the mobile route-to/reply-to pass rules and will leave the wrong WAN if mobile IPsec is enabled on a different interface.

Associated revisions

Revision 0e512ee3 (diff)
Added by Chris Buechler about 5 years ago

Use self rather than any in auto-added IPsec rules to prevent
over-matching. Ticket #5211

Revision be4e2cfe (diff)
Added by Chris Buechler about 5 years ago

Use self rather than any in auto-added IPsec rules to prevent
over-matching. Ticket #5211

History

#1 Updated by Chris Buechler about 5 years ago

Status changed from Confirmed to Feedback

#2 Updated by Chris Buechler about 5 years ago

Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF

Project

General

Profile

pfSense

Issues

Custom queries