Project

General

Profile

Bug #8239

If IPsec bypasslan is enabled while the LAN interface is disabled, all traffic bypasses IPsec

Added by Jim Pingle 25 days ago. Updated 19 days ago.

Status:
Feedback
Priority:
High
Assignee:
Category:
IPsec
Target version:
Start date:
12/27/2017
Due date:
% Done:

100%

Affected Version:
2.4.x
Affected Architecture:
All

Description

If IPsec bypasslan is enabled while the LAN interface is disabled, all traffic bypasses IPsec because it makes an SPD for 0.0.0.0/0 to 0.0.0.0/0 set to 'none', which effectively makes all traffic skip IPsec processing.

bypasslan should be skipped if LAN is disabled or if LAN does not have an IP address

Associated revisions

Revision fbdf0a08
Added by Jim Pingle 19 days ago

Do not make a bypasslan IPsec config block when it should be disable/empty. Fixes #8239

Revision 5437463a
Added by Jim Pingle 19 days ago

Do not make a bypasslan IPsec config block when it should be disable/empty. Fixes #8239

(cherry picked from commit fbdf0a084da239ca785360106b3dd8d1390223cf)

Revision 6a20a5bd
Added by Jim Pingle 19 days ago

Do not make a bypasslan IPsec config block when it should be disable/empty. Fixes #8239

(cherry picked from commit fbdf0a084da239ca785360106b3dd8d1390223cf)

Revision a6c87161
Added by Jim Pingle 19 days ago

Do not make a bypasslan IPsec config block when it should be disable/empty. Fixes #8239

(cherry picked from commit fbdf0a084da239ca785360106b3dd8d1390223cf)

History

#1 Updated by Jim Pingle 19 days ago

  • Status changed from New to Confirmed
  • Assignee set to Jim Pingle

#2 Updated by Jim Pingle 19 days ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

Also available in: Atom PDF