|
||||||||
With the help of Chris Iarocci, I found a bug in the new IPsec images released yesterday. The effect was that while the IKE negotiation completed, traffic still wouldn't pass through the tunnel when the WAN interface was configured with a dynamic IP address because the filter rule generator didn't generate the proper rules for the current WAN IP address - I obviously didn't test carefully enough. I also modified the scripts to store the last IP address and make sure it has really changed since the last time the whole IPsec configuration was regenerated, as dhclient triggers PHP even when the DHCP lease has only been renewed. The fixed images are up: http://m0n0.ch/wall/downloads/net45xx-pb14r474.img http://m0n0.ch/wall/downloads/generic-pc-pb14r474.img - Manuel |