[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  New/fixed dynamic address IPsec images
 Date:  Mon, 1 Sep 2003 22:37:42 +0200 (CEST)
With the help of Chris Iarocci, I found a bug in the new IPsec images
released yesterday. The effect was that while the IKE negotiation
completed, traffic still wouldn't pass through the tunnel when the WAN
interface was configured with a dynamic IP address because the filter rule
generator didn't generate the proper rules for the current WAN IP address
- I obviously didn't test carefully enough.

I also modified the scripts to store the last IP address and make sure it
has really changed since the last time the whole IPsec configuration was
regenerated, as dhclient triggers PHP even when the DHCP lease has only
been renewed.

The fixed images are up:


- Manuel