Maintainer: @pprindeville
Environment: Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz, QEMU Standard PC (Q35 + ICH9, 2009), OpenWrt 23.05.2 r23630-842932a63d / LuCI openwrt-23.05 branch git-24.086.45142-09d5a38(put here arch, model, OpenWrt version)
strongswan-ipsec: 5.9.11-2
Description:
The ipsec init script does not handle a list of local subnets or remote subnets correctly when converting /etc/config/ipsec to /var/ipsec/ipsec.conf. The values for leftsubnet and rightsubnet in ipsec.conf should be a comma separated list but are space separated.
Given the following input:
# grep subnet /etc/config/ipsec
list 'local_subnet' '192.168.34.0/24'
list 'remote_subnet' '192.168.250.0/23'
list 'remote_subnet' '192.168.0.0/24'
Produces this incorrect output:
# grep subnet /var/ipsec/ipsec.conf
leftsubnet=192.168.34.0/24
rightsubnet=192.168.250.0/23 192.168.0.0/24
# ip route show table all
192.168.250.0/23 dev ipsec0 table 220 proto static src 192.168.34.254
default via X.X.X.25 dev eth1 proto static
X.X.X.24/29 dev eth1 proto kernel scope link src X.X.X.26
192.168.32.0/24 dev eth3 proto kernel scope link src 192.168.32.254
192.168.33.0/24 dev tun0 proto kernel scope link src 192.168.33.1
192.168.34.0/24 dev br-lan proto kernel scope link src 192.168.34.254
192.168.35.0/24 dev eth2 proto kernel scope link src 192.168.35.254
...
The correct output should be:
# grep subnet /var/ipsec/ipsec.conf
leftsubnet=192.168.34.0/24
rightsubnet=192.168.250.0/23,192.168.0.0/24
# ip route show table all
192.168.0.0/24 dev ipsec0 table 220 proto static src 192.168.34.254
192.168.250.0/23 dev ipsec0 table 220 proto static src 192.168.34.254
default via X.X.X.25 dev eth1 proto static
X.X.X.24/29 dev eth1 proto kernel scope link src X.X.X.26
192.168.32.0/24 dev eth3 proto kernel scope link src 192.168.32.254
192.168.33.0/24 dev tun0 proto kernel scope link src 192.168.33.1
192.168.34.0/24 dev br-lan proto kernel scope link src 192.168.34.254
192.168.35.0/24 dev eth2 proto kernel scope link src 192.168.35.254
...
Maintainer: @pprindeville Environment: Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz, QEMU Standard PC (Q35 + ICH9, 2009), OpenWrt 23.05.2 r23630-842932a63d / LuCI openwrt-23.05 branch git-24.086.45142-09d5a38(put here arch, model, OpenWrt version) strongswan-ipsec: 5.9.11-2
Description: The ipsec init script does not handle a list of local subnets or remote subnets correctly when converting /etc/config/ipsec to /var/ipsec/ipsec.conf. The values for leftsubnet and rightsubnet in ipsec.conf should be a comma separated list but are space separated.
Given the following input:
Produces this incorrect output:
The correct output should be: