[Openswan dev]
[Ticket#: 2004093010000437] Re: Vigor 2500 v2.50 buglet in ip/ [...]
DrayTek Support
support at draytek.com.tw
Mon Oct 11 19:35:07 CEST 2004
Dear Paul Wouters,
Thanks for your e-mail.
Yes, we know this issue.
I had already added this in our wish list for our RD staff modifying.
Best regards,
Iwiz Chang
FAE Department / Draytek Corp.
DrayTek: for Vigorous Broadband Access
Paul Wouters <paul at xtdnet.nl> wrote:
>
> Vigor 2500 v2.50 buglet in ip/mask processing
>
> When specifying a full internet address instead of using a 'zero' network
> notation, despite a proper netmask which should ignore this last digit,
> it breaks the IPsec connection.
>
> So in a lan-to-lan profile at the "4.TCP/IP Network Settings" menu you
> can not fill in:
>
> My WAN IP 0.0.0.0
> Remote Gateway IP 0.0.0.0
> Remote Network IP 10.0.2.1
> Remote Network Mask 255.255.255.0
>
> but you can fill in:
>
> My WAN IP 0.0.0.0
> Remote Gateway IP 0.0.0.0
> Remote Network IP 10.0.2.0
> Remote Network Mask 255.255.255.0
>
> Even though these two are the same from a topological point of view.
> The symptoms make it rather confusing. In the first configuration, an
> ipsec tunel will get established and immediately torn down, with a 'proper'
> Notify Delete. This is not at all an easy to find bug, since technically,
> specifying 10.0.2.1/24 is the same as 10.0.2.0/24
>
> Suggested fix: zero out the filled in IP address according to the specifed
> mask before further processing or storing, or the addition of scripting
> in the webpages to disallow such specification.
>
> Regards,
>
> Paul
>
More information about the Dev
mailing list