Bug #9592: VTI interface down because interface number created is greater than ipsec32768 - pfSense - pfSense bugtracker

Bug #9592

VTI interface down because interface number created is greater than ipsec32768

Added by Steven Perreau about 1 month ago. Updated about 1 month ago.

Status:

New

Priority:

Normal

Assignee:

Category:

IPsec

Target version:

Start date:

06/18/2019

Due date:

% Done:

Estimated time:

Affected Version:

2.4.4-p3

Affected Architecture:

Description

In some conditions, when creating a VTI interface for routed IP, the interface number allocated is very high.

<opt9>
<descr><![CDATA[HO_SY1_WAN]]></descr>
<if>ipsec52000</if>
<enable></enable>
<spoofmac></spoofmac>
<mtu>1440</mtu>
<mss>1440</mss>
</opt9>

This seems to be happening with firewalls that already have a large number of traditional ipsec p1/p2 tunnels. The first VTI p2 I made started with ipsec52000 and the interface is permanently offline / down. Any additional VTI interfaces I create get an even higher interface number such as ipsec53000.

Obviously this breaks the VTI and you cannot get routed IP to work.

History

#1 Updated by Brett Merrick about 1 month ago

Suggested fix in pull request: https://github.com/pfsense/pfsense/pull/4071

Also available in: Atom PDF

Project

General

Profile

pfSense

Issues

Custom queries

Bug #9592

VTI interface down because interface number created is greater than ipsec32768

History

#1 Updated by Brett Merrick about 1 month ago