Project

General

Profile

Bug #9243

IPsec ID type keyid not explicitly set

Added by Christian Merges 11 months ago. Updated 3 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
01/01/2019
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.4_1
Affected Architecture:

Description

Identifier type is set to "Key ID tag" on both sides. Sonicwall says in log: "VPN Policy: Local ID type: KEY ID; Remote ID type: FQDN"

IKEv1 main mode PSK.

Associated revisions

Revision 3a73fc74 (diff)
Added by Jim Pingle 3 months ago

IPsec ID type parsing changes. Fixes #9243

  • Move code to function to avoid unnecessary duplication of code
  • Clean up the logic to avoid further redundancies
  • Set keyid type to be quoted and to have its type prefixed

Revision 8c501800 (diff)
Added by Jim Pingle 2 months ago

IPsec ID type parsing changes. Fixes #9243

  • Move code to function to avoid unnecessary duplication of code
  • Clean up the logic to avoid further redundancies
  • Set keyid type to be quoted and to have its type prefixed

(cherry picked from commit 3a73fc74ca54b1167fbecfb679d0e634f5f1ab2e)

History

#1 Updated by Jim Pingle 3 months ago

  • Subject changed from IPSec Connection to SonicWall to IPsec ID type keyid not explicitly set
  • Target version set to 2.5.0

In fixing #4811 (and #4792) the prefix was dropped from keyid identifiers, see d44e7dc081d01eb106cbc5d4871a88b683ee3b9e

It looks like the prefix needs to come back, at least as an option. Otherwise it puts the ID in as-is, and strongSwan appears to assume it's an FQDN based on context.

#2 Updated by Jim Pingle 3 months ago

  • Assignee set to Jim Pingle

#3 Updated by Jim Pingle 3 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Also available in: Atom PDF