Broken spd.conf file on systems with only a WAN

  • I've been troubleshooting an IPSec tunnel the last few days and i finally figured out what was keeping my SPD entries from showing up.

    Someone else found this before, noted here:,18508.0.html but didn't dig into why exactly a LAN interface was required.

    on line 746 of /etc/inc/ there's the following comment and code:

                            /* What are these SPD entries for?
                             * -mgrooms 07/10/2008
                            $spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n";
                            $spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n";

    …which causes invalid entries to be added to the beginning of /var/etc/spd.conf
    The result? setkey errors out and no SPD entries get added at all.

    Does anyone know why those are in there at all?

  • Those are supposed to prevent you from loosing access to web interface from lan in any case.
    Though i will make sure they get added only when lan is present.

Log in to reply