Broken spd.conf file on systems with only a WAN
-
I've been troubleshooting an IPSec tunnel the last few days and i finally figured out what was keeping my SPD entries from showing up.
Someone else found this before, noted here: http://forum.pfsense.org/index.php/topic,18508.0.html but didn't dig into why exactly a LAN interface was required.
on line 746 of /etc/inc/vpn.inc there's the following comment and code:
/* What are these SPD entries for? * -mgrooms 07/10/2008 */ $spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n"; $spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n";
…which causes invalid entries to be added to the beginning of /var/etc/spd.conf
The result? setkey errors out and no SPD entries get added at all.Does anyone know why those are in there at all?
-
Those are supposed to prevent you from loosing access to web interface from lan in any case.
Though i will make sure they get added only when lan is present.