Actions
Bug #5826
closedAuto-exclude LAN address feature only works for the LAN interface
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
01/28/2016
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
Description
The "Auto-exclude LAN address" feature sets up the bypasslan block in strongSwan to exclude the LAN interface specifically from IPsec. Which works great for LAN but unfortunately other local subnets have no way to obtain the same protection for overlapping IPsec P2 networks.
Perhaps the control could be changed to a multi-select for all interfaces, or have a means to work for all local (e.g. interfaces without defined gateways)
Alternately, allowing negation P2 entries as mentioned in #3329 would be acceptable.
Actions