[Openswan dev] [Ticket#: 2004093010000437] Re: Vigor 2500 v2.50 buglet in ip/ [...]

DrayTek Support support at draytek.com.tw
Mon Oct 11 19:35:07 CEST 2004


Dear Paul Wouters,

Thanks for your e-mail.
Yes, we know this issue.
I had already added this in our wish list for our RD staff modifying.


Best regards,
Iwiz Chang
FAE Department / Draytek Corp.
DrayTek: for Vigorous Broadband Access


Paul Wouters <paul at xtdnet.nl> wrote:

> 
> Vigor 2500 v2.50 buglet in ip/mask processing
> 
> When specifying a full internet address instead of using a 'zero' network
> notation, despite a proper netmask which should ignore this last digit,
> it breaks the IPsec connection.
> 
> So in a lan-to-lan profile at the "4.TCP/IP Network Settings" menu you
> can not fill in:
> 
> My WAN IP		0.0.0.0
> Remote Gateway IP	0.0.0.0
> Remote Network IP	10.0.2.1
> Remote Network Mask	255.255.255.0
> 
> but you can fill in:
> 
> My WAN IP		0.0.0.0
> Remote Gateway IP	0.0.0.0
> Remote Network IP	10.0.2.0
> Remote Network Mask	255.255.255.0
> 
> Even though these two are the same from a topological point of view.
> The symptoms make it rather confusing. In the first configuration, an
> ipsec tunel will get established and immediately torn down, with a 'proper'
> Notify Delete. This is not at all an easy to find bug, since technically,
> specifying 10.0.2.1/24 is the same as 10.0.2.0/24
> 
> Suggested fix: zero out the filled in IP address according to the specifed
> mask before further processing or storing, or the addition of scripting
> in the webpages to disallow such specification.
> 
> Regards,
> 
> Paul
> 
    






More information about the Dev mailing list