Bug ID 1060625: Wrong INTERNAL_IP6_DNS length.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1

Fixed In:
17.1.0, 17.0.0, 16.1.2.2

Opened: Nov 10, 2021

Severity: 3-Major

Symptoms

Tunnel establishment fails when an IPv6 DNS IP address is provided in the IKE_AUTH payload. As per RFC it should be 16 octets, but BIG-IP sends 17 octets(that is, it tries to provide the subnet info also).

Impact

Tunnel will not establish.

Conditions

Initiator requests an IPv6 DNS IP during tunnel negotiation.

Workaround

None

Fix Information

The INTERNAL_IP6_DNS payload is now filled with only the IPv6 address (the subnet is excluded).

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips