Bug #7551
closed
Dynamic IPsec endpoints not added to rule set after WAN down/up
Added by Chris Linstruth about 7 years ago.
Updated almost 2 years ago.
Description
IPsec endpoint using FQDN as remote IPsec endpoint does not add rules for that endpoint after a single WAN down/up event.
/tmp/rules.debug contains:
- ERROR! Unable to determine remote IPsec peer address for vpn.example.com
Similar to #3177 but this is not on a reboot but WAN down/up.
- Status changed from New to Resolved
tested on 22.05-RELEASE
fixed.
when port is down (disabled WAN2 port) :
- VPN Rules
- Could not locate interface for IPsec: test
when port is up (Enabled WAN2):
- VPN Rules
pass out route-to ( em1 10.10.11.1 ) proto udp from (self) to 142.250.217.78 port = 500 ridentifier 1000104151 keep state label "IPsec: test - outbound isakmp"
pass in on $WAN2 reply-to ( em1 10.10.11.1 ) proto udp from 142.250.217.78 to (self) port = 500 ridentifier 1000104152 keep state label "IPsec: test - inbound isakmp"
pass out route-to ( em1 10.10.11.1 ) proto udp from (self) to 142.250.217.78 port = 4500 ridentifier 1000104153 keep state label "IPsec: test - outbound nat-t"
pass in on $WAN2 reply-to ( em1 10.10.11.1 ) proto udp from 142.250.217.78 to (self) port = 4500 ridentifier 1000104154 keep state label "IPsec: test - inbound nat-t"
Also available in: Atom
PDF