Project

General

Profile

Actions
Copy link

Bug #8239

closed

If IPsec bypasslan is enabled while the LAN interface is disabled, all traffic bypasses IPsec

Added by Jim Pingle over 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
High
Assignee:
Jim Pingle
Category:
IPsec
Target version:
2.4.3
Start date:
12/27/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All

Description

If IPsec bypasslan is enabled while the LAN interface is disabled, all traffic bypasses IPsec because it makes an SPD for 0.0.0.0/0 to 0.0.0.0/0 set to 'none', which effectively makes all traffic skip IPsec processing.

bypasslan should be skipped if LAN is disabled or if LAN does not have an IP address

Actions
Copy link
 #1

Updated by Jim Pingle over 6 years ago

  • Status changed from New to Confirmed
  • Assignee set to Jim Pingle
Actions
Copy link
 #2

Updated by Jim Pingle over 6 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Jim Pingle about 6 years ago

  • Status changed from Feedback to Resolved

Works fine now. If the interface is disabled or otherwise has no address, then bypasslan is omitted.

Actions
Copy link

Also available in: Atom PDF