diff options
| author | Daniil Baturin <daniil@baturin.org> | 2020-10-31 11:54:27 +0100 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2020-10-31 11:54:27 +0100 |
| commit | 993f5bf9f54bcb7af20d44e7618586b55064a372 (patch) | |
| tree | 6bb694ac36593005d01e2a87c8a6669a0d9e34f2 /scripts | |
| parent | c3c27021ac9b8b3d946e4d7a5eeb9b47e3e3206c (diff) | |
| download | vyatta-cfg-vpn-993f5bf9f54bcb7af20d44e7618586b55064a372.tar.gz vyatta-cfg-vpn-993f5bf9f54bcb7af20d44e7618586b55064a372.zip | |
T3035: allow mixed protocol IPsec (IPv4 over IPv6 and vice versa).
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/vpn-config.pl | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 6720583..69d82af 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -540,15 +540,6 @@ if ($vcVPN->exists('ipsec')) { vpn_die(["vpn", "ipsec", "site-to-site", "peer", $peer, "tunnel", $tunnel],"$vpn_cfg_err The 'remote prefix' and 'local prefix' protocols "."do not match"); } - # Check remote/local and peer protocol consistency - # IPv6 over IPv6 scenario is actually supported by StrongS/WAN, - # we do not allow it in this version because of design and QA issues. - if (($conn_proto != 6) && ($leftsubnet_proto == 6)) { - vpn_die(["vpn", "ipsec", "site-to-site", "peer", $peer, "tunnel", $tunnel],"$vpn_cfg_err IPv6 over IPv4 IPsec is not supported"); - } elsif (($conn_proto == 6) && ($leftsubnet_proto != 6)) { - vpn_die(["vpn", "ipsec", "site-to-site", "peer", $peer, "tunnel", $tunnel],"$vpn_cfg_err IPv4 over IPv6 IPsec is not supported"); - } - my $rightsubnet; my $allow_nat_networks = $vcVPN->returnValue("ipsec site-to-site peer $peer $tunKeyword allow-nat-networks"); my $allow_public_networks = $vcVPN->returnValue("ipsec site-to-site peer $peer $tunKeyword allow-public-networks"); |