pfSense

When setting up a new IPSEC connection in the GUI, if 'Local Network' is set to 'LAN subnet', and if the LAN interface has no IP address associated with it (as in the case when it is a member of a bridge for example), then an invalid racoon.conf is generated with fatal error (parse error on sainfo line).

Probably in this circumstance (ie no LAN IP address) the GUI shouldn't allow LAN subnet to be selected at all?

Also additional validation required if a config.xml is loaded that specifies a LAN subnet when LAN has no IP address?

Workaround is simple - specify Local Network type as : Network, and specify the bridge's subnet.