Actions
Bug #7187
closed
IPSec IKEv2 additional P2 not written to config
Start date:
02/01/2017
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.x
Affected Architecture:
Description
I have a v2 tunnel with a second P2 NATting the OpenVPN subnet to the tunnel which is not working. The traffic from the OpenVPN subnet is not correctly routed via IPSec.
I have a second v1 tunnel with a very similar config and works fine. So I checked the config and I noticed the v1 tunnel has multiple conn stanzas, while the v2 has only one with both the subnets specified. Being 10.0.0.0 LAN and 10.17.17.0 OpenVPN
in v1:
leftsubnet = 10.0.0.0/24 leftsubnet = 10.0.0.0/24|10.17.17.0/24
in v2:
leftsubnet = 10.0.0.0/24,10.0.0.0/24|10.17.17.0/24
The v2 natted subnet won't show in ipsec statusall:
con8000: 79.1.2.3...31.1.1.1 IKEv1, dpddelay=10s
con8000: local: [79.1.2.3] uses pre-shared key authentication
con8000: remote: [192.168.5.2] uses pre-shared key authentication
con8000: child: 10.0.0.0/24|/0 === 10.55.0.128/25|/0 TUNNEL, dpdaction=restart
con8001: child: 10.0.0.0/24|10.17.17.0/24 === 10.55.0.128/25|/0 TUNNEL, dpdaction=restart
con7: 79.1.2.3...83.1.2.3 IKEv2, dpddelay=10s
con7: local: [79.1.2.3] uses pre-shared key authentication
con7: remote: [83.1.2.3] uses pre-shared key authentication
con7: child: 10.0.0.0/24|/0 === 192.168.14.0/24|/0 TUNNEL, dpdaction=restart
Updated by 
Updated by 
Updated by
Actions