Bug ID 1060625: Wrong INTERNAL_IP6_DNS length.

Last Modified: Jan 19, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1

Fixed In:
17.0.0, 16.1.2.2

Opened: Nov 10, 2021
Severity: 3-Major

Symptoms

Tunnel establishment fails when an IPv6 DNS IP address is provided in the IKE_AUTH payload. As per RFC it should be 16 octets, but BIG-IP sends 17 octets(that is, it tries to provide the subnet info also).

Impact

Tunnel will not establish.

Conditions

Initiator requests an IPv6 DNS IP during tunnel negotiation.

Workaround

None

Fix Information

The INTERNAL_IP6_DNS payload is now filled with only the IPv6 address (the subnet is excluded).

Behavior Change