strip-private does not filter public IPv6 addresses
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	c-po
	Sep 12 2021, 7:14 AM

Description

cpo@AC1.wue4:~$ show configuration commands | match ra-rw-ipv | strip-private
set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4'
set vpn ipsec remote-access connection rw pool 'ra-rw-ipv6'
set vpn ipsec remote-access pool ra-rw-ipv4 name-server 'xxx.xxx.254.100'
set vpn ipsec remote-access pool ra-rw-ipv4 name-server 'xxx.xxx.254.30'
set vpn ipsec remote-access pool ra-rw-ipv4 prefix 'xxx.xxx.222.16/28'
set vpn ipsec remote-access pool ra-rw-ipv6 prefix '2001:1578:2fe:fffd::/64'

The IPv6 address 2001:1578:2fe:fffd::/64 should be masked to xxxx:xxxx:2fe:fffd::/64

Details

Version: 1.4-rolling-202109110217
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Unspecified (please specify)

Related Objects

Mentioned In: rVYOSONEXc1e0a1148c86: T3823: Stop strip-private regexp from swallowing quotes
rVYOSONEX4f8ebdd1d644: Merge pull request #1007 from erkin/current

Event Timeline

c-po created this task.Sep 12 2021, 7:14 AM

pasik subscribed.Sep 12 2021, 9:26 AM

This line doesn't match ipv6 addresses https://github.com/vyos/vyos-1x/blob/f86b7314d025fd0cf11c2d91638ed3cc7c4fa507/src/helpers/strip-private.py#L66

erkin changed the task status from Open to In progress.Sep 17 2021, 8:04 AM

erkin claimed this task.

Now this is quite strange....

$ echo '2001:1578:2fe:fffd::/64' | strip-private
xxxx:xxxx:2fe:fffd::/64

Something about commands is meddling with strip-private. I'm looking into it.

Restricted Repository Identity mentioned this in rVYOSONEX4f8ebdd1d644: Merge pull request #1007 from erkin/current.Sep 17 2021, 6:42 PM

erkin mentioned this in rVYOSONEXc1e0a1148c86: T3823: Stop strip-private regexp from swallowing quotes.Sep 17 2021, 6:42 PM

erkin closed this task as Resolved.Sep 20 2021, 2:06 PM

strip-private does not filter public IPv6 addressesClosed, ResolvedPublicBUGActions

Description

Details

Related Objects

Event Timeline

strip-private does not filter public IPv6 addresses
Closed, ResolvedPublicBUG
Actions