Project

General

Profile

Actions

Bug #815

closed

IPSEC VPN creation fails if LAN I/F has no IP address.

Added by simon allen over 13 years ago. Updated over 13 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
IPsec
Target version:
Start date:
08/10/2010
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

vpn.inc makes the assumption that the LAN interface will have an IP address. In the case where it does not (for example where there is a bridge with the LAN interface as a member), vpn.inc appears to create two erroneous spdadd lines at the top of spd.conf which prevents the VPN tunnel from becoming established.

As a test, the follwoing lines in vpn.inc were changed from :

$lanip = get_interface_ip("lan");
$lansn = get_interface_subnet("lan");

to
$lanip = get_interface_ip("bridge0");
$lansn = get_interface_subnet("bridge0");

after which the correct syntax spdadd lines are added to spd.conf and the VPN comes up as expected.

Maybe the correct action is to inspect bridges if the LAN address is null, to see if they contain the LAN interface as member and use their address details instead? (although $lanip, $lansn are only used as a failsafe it would appear to stop the user locking themselves out so that may be overkill..?)

Actions #1

Updated by Ermal Luçi over 13 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Chris Buechler over 13 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF