Bug #7187
closed
IPSec IKEv2 additional P2 not written to config
0%
Description
I have a v2 tunnel with a second P2 NATting the OpenVPN subnet to the tunnel which is not working. The traffic from the OpenVPN subnet is not correctly routed via IPSec.
I have a second v1 tunnel with a very similar config and works fine. So I checked the config and I noticed the v1 tunnel has multiple conn stanzas, while the v2 has only one with both the subnets specified. Being 10.0.0.0 LAN and 10.17.17.0 OpenVPN
in v1:
leftsubnet = 10.0.0.0/24 leftsubnet = 10.0.0.0/24|10.17.17.0/24
in v2:
leftsubnet = 10.0.0.0/24,10.0.0.0/24|10.17.17.0/24
The v2 natted subnet won't show in ipsec statusall:
con8000: 79.1.2.3...31.1.1.1 IKEv1, dpddelay=10s
con8000: local: [79.1.2.3] uses pre-shared key authentication
con8000: remote: [192.168.5.2] uses pre-shared key authentication
con8000: child: 10.0.0.0/24|/0 === 10.55.0.128/25|/0 TUNNEL, dpdaction=restart
con8001: child: 10.0.0.0/24|10.17.17.0/24 === 10.55.0.128/25|/0 TUNNEL, dpdaction=restart
con7: 79.1.2.3...83.1.2.3 IKEv2, dpddelay=10s
con7: local: [79.1.2.3] uses pre-shared key authentication
con7: remote: [83.1.2.3] uses pre-shared key authentication
con7: child: 10.0.0.0/24|/0 === 192.168.14.0/24|/0 TUNNEL, dpdaction=restart
Updated by Lorenzo Milesi about 7 years ago
And it does not show in the routed connection of statusall
Routed Connections:
con7{339}: ROUTED, TUNNEL, reqid 5
con7{339}: 10.0.0.0/24|/0 === 192.168.14.0/24|/0
con8001{338}: ROUTED, TUNNEL, reqid 2
con8001{338}: 10.0.0.0/24|10.17.17.0/24 === 10.55.0.128/25|/0
con8000{337}: ROUTED, TUNNEL, reqid 2
con8000{337}: 10.0.0.0/24|/0 === 10.55.0.128/25|/0
Updated by Lorenzo Milesi about 7 years ago
By enabling Split connections on P1 I was able to make it work, and now statusall shows all the routing.
I don't know if it's still a bug (why wasn't the routing showing?) or just a problem of the remote endpoint
Updated by
Updated by Jim Pingle over 4 years ago
- Status changed from New to Closed
- Priority changed from High to Normal