Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Broken spd.conf file on systems with only a WAN

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    2
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AbortRetryFail
      last edited by

      I've been troubleshooting an IPSec tunnel the last few days and i finally figured out what was keeping my SPD entries from showing up.

      Someone else found this before, noted here: http://forum.pfsense.org/index.php/topic,18508.0.html but didn't dig into why exactly a LAN interface was required.

      on line 746 of /etc/inc/vpn.inc there's the following comment and code:

                              /* What are these SPD entries for?
                               * -mgrooms 07/10/2008
                               */
                              $spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n";
                              $spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n";
      

      …which causes invalid entries to be added to the beginning of /var/etc/spd.conf
      The result? setkey errors out and no SPD entries get added at all.

      Does anyone know why those are in there at all?

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Those are supposed to prevent you from loosing access to web interface from lan in any case.
        Though i will make sure they get added only when lan is present.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.