Actions
Bug #7622
closedDon't include disabled ipsec phase2 entries on pf table vpn_networks
Start date:
06/03/2017
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.4
Affected Architecture:
Description
PF Table vpn_networks is populated with disabled Phase 2 entries.
This may lead to underperformance if
(a) You have IPSec MSS clamping turned on
(b) The disabled phase 2 network or a subnetwork is reachable by pfsense by other path (directly connected, other VPN)
(c) MSS on this path is > IPSec MSS clamping value
Workaround:
-Delete the phase 2 instead of just disabling it
Updated by Viktor Gurov almost 5 years ago
Updated by Jim Pingle almost 5 years ago
- Status changed from New to Pull Request Review
- Target version set to 2.5.0
Updated by Renato Botelho almost 5 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Viktor Gurov almost 5 years ago
- Status changed from Feedback to Resolved
tested on 2.5.0.a.20200319.0930
now it's OK
Updated by Jim Pingle over 4 years ago
- Target version changed from 2.5.0 to 2.4.5-p1
Actions