Allow IPv4 over IPv6 IPsec and vice versa
Closed, ResolvedPublicENHANCEMENT
Actions

Assigned To

Unknown Object (User)

Authored By

	dmbaturin
	Oct 31 2020, 10:54 AM

Description

Right now our CLI disallows using IPv4 internal networks over IPv6 IPsec tunnels and vice versa.

It's an artificial limitation introduced back in Vyatta Core times: https://github.com/vyos/vyatta-cfg-vpn/blob/current/scripts/vpn-config.pl#L543-L550

As far as I remember, we've added that restriction because we didn't have QA personnel time allocated for testing it, and we didn't want to roll out a potentially broken feature.
So, we chose to disable that path until someone comes asking for it, and until recently no one asked.

Now it's time to verify that it works with up to date StrongSWAN and officially allow those configurations.

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible

Event Timeline

dmbaturin triaged this task as Normal priority.Oct 31 2020, 10:54 AM

dmbaturin created this task.

pasik added a subscriber: pasik.Oct 31 2020, 11:10 AM

Viacheslav added a subscriber: Viacheslav.Nov 1 2020, 8:41 AM

syncer changed the task status from Open to Needs testing.Nov 21 2020, 8:53 PM

syncer reassigned this task from dmbaturin to Unknown Object (User).

syncer changed the subtype of this task from "Task" to "Enhancement".

syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.7) board.

syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.

dmbaturin closed this task as Resolved.Feb 11 2021, 5:55 AM

dmbaturin removed a project: VyOS 1.3 Equuleus.Sep 10 2021, 2:40 PM

Allow IPv4 over IPv6 IPsec and vice versaClosed, ResolvedPublicENHANCEMENTActions

Description

Details

Event Timeline

Allow IPv4 over IPv6 IPsec and vice versa
Closed, ResolvedPublicENHANCEMENT
Actions