Open cluck opened 5 months ago
Similar reported issues:
This needs improvement as it won't be noticed by operators of the GUI: https://github.com/opnsense/docs/commit/dab8d004d97a452078b25d87c82fa0b70abba612
I am confused about the "support" label: what is it's objective and what does it mean for this issue?
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
When configuring both newstyle IPsec connections and oldstyle IPsec tunnel settings, independent connections are allocated identical
reqid
(in/usr/local/etc/swanctl/swanctl.conf
).To Reproduce
Use two OPNsense instances and create one oldstyle and one newstyle VPN between them. See attached configuration snippets to import for convenience.
Output of established connections:
Expected behavior
I would expect explicit reqid allocation to not collide with implicit allocation. I would also expect oldstyle and newstyle IPsec to now have colliding reqid.
Workaround
As a workaround, which works around both issues, I set
charon.reqid_base
in a custom configuration snippet:Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 24.1.6-amd64