Page MenuHomeVyOS Platform

strip-private does not filter public IPv6 addresses
Closed, ResolvedPublicBUG

Description

[email protected]:~$ show configuration commands | match ra-rw-ipv | strip-private
set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4'
set vpn ipsec remote-access connection rw pool 'ra-rw-ipv6'
set vpn ipsec remote-access pool ra-rw-ipv4 name-server 'xxx.xxx.254.100'
set vpn ipsec remote-access pool ra-rw-ipv4 name-server 'xxx.xxx.254.30'
set vpn ipsec remote-access pool ra-rw-ipv4 prefix 'xxx.xxx.222.16/28'
set vpn ipsec remote-access pool ra-rw-ipv6 prefix '2001:1578:2fe:fffd::/64'

The IPv6 address 2001:1578:2fe:fffd::/64 should be masked to xxxx:xxxx:2fe:fffd::/64

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202109110217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

erkin changed the task status from Open to In progress.Sep 17 2021, 8:04 AM
erkin claimed this task.

Now this is quite strange....

$ echo '2001:1578:2fe:fffd::/64' | strip-private
xxxx:xxxx:2fe:fffd::/64

Something about commands is meddling with strip-private. I'm looking into it.