Project

General

Profile

Actions

Bug #8239

closed

If IPsec bypasslan is enabled while the LAN interface is disabled, all traffic bypasses IPsec

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
IPsec
Target version:
Start date:
12/27/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All

Description

If IPsec bypasslan is enabled while the LAN interface is disabled, all traffic bypasses IPsec because it makes an SPD for 0.0.0.0/0 to 0.0.0.0/0 set to 'none', which effectively makes all traffic skip IPsec processing.

bypasslan should be skipped if LAN is disabled or if LAN does not have an IP address

Actions #1

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Confirmed
  • Assignee set to Jim Pingle
Actions #2

Updated by Jim Pingle over 3 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Resolved

Works fine now. If the interface is disabled or otherwise has no address, then bypasslan is omitted.

Actions

Also available in: Atom PDF