Actions
Bug #7551
closed
Dynamic IPsec endpoints not added to rule set after WAN down/up
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
05/16/2017
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.4
Affected Architecture:
Description
IPsec endpoint using FQDN as remote IPsec endpoint does not add rules for that endpoint after a single WAN down/up event.
/tmp/rules.debug contains:- ERROR! Unable to determine remote IPsec peer address for vpn.example.com
Similar to #3177 but this is not on a reboot but WAN down/up.
Updated by Alhusein Zawi over 1 year ago
- Status changed from New to Resolved
tested on 22.05-RELEASE
fixed.
when port is down (disabled WAN2 port) :- VPN Rules
- Could not locate interface for IPsec: test
- VPN Rules
pass out route-to ( em1 10.10.11.1 ) proto udp from (self) to 142.250.217.78 port = 500 ridentifier 1000104151 keep state label "IPsec: test - outbound isakmp"
pass in on $WAN2 reply-to ( em1 10.10.11.1 ) proto udp from 142.250.217.78 to (self) port = 500 ridentifier 1000104152 keep state label "IPsec: test - inbound isakmp"
pass out route-to ( em1 10.10.11.1 ) proto udp from (self) to 142.250.217.78 port = 4500 ridentifier 1000104153 keep state label "IPsec: test - outbound nat-t"
pass in on $WAN2 reply-to ( em1 10.10.11.1 ) proto udp from 142.250.217.78 to (self) port = 4500 ridentifier 1000104154 keep state label "IPsec: test - inbound nat-t"
Actions