Page MenuHomeVyOS Platform

Allow IPv4 over IPv6 IPsec and vice versa
Needs testing, NormalPublicENHANCEMENT

Description

Right now our CLI disallows using IPv4 internal networks over IPv6 IPsec tunnels and vice versa.

It's an artificial limitation introduced back in Vyatta Core times: https://github.com/vyos/vyatta-cfg-vpn/blob/current/scripts/vpn-config.pl#L543-L550

As far as I remember, we've added that restriction because we didn't have QA personnel time allocated for testing it, and we didn't want to roll out a potentially broken feature.
So, we chose to disable that path until someone comes asking for it, and until recently no one asked.

Now it's time to verify that it works with up to date StrongSWAN and officially allow those configurations.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

dmbaturin triaged this task as Normal priority.Sat, Oct 31, 10:54 AM
dmbaturin created this task.
pasik added a subscriber: pasik.Sat, Oct 31, 11:10 AM
syncer changed the task status from Open to Needs testing.Sat, Nov 21, 8:53 PM
syncer reassigned this task from dmbaturin to Dmitry.
syncer changed the subtype of this task from "Task" to "Enhancement".
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.7) board.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.