Project

General

Profile

Actions
Copy link

Bug #11226

closed

IPsec VTI phase 2 traffic selectors default to address when defined as a network

Added by Steve Wheeler almost 4 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Marcos M
Category:
IPsec
Target version:
2.7.0
Start date:
01/06/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Affected Version:
2.4.5-p1
Affected Architecture:
All

Description

The IPSec P2 edit page in the GUI (/vpn_ipsec_phase2.php) defaults the local and remote network type value to 'Address' when opening a VTI tunnel.

It does so even if the existing configured Network there is larger than a single address.

If making an unrelated change on that page, or saving without making any changes, the subnet value is removed from the configured P2 which is unexpected.

It shouldn't actually bring down a tunnel because the P2 will usually match 0.0.0.0/0 and the created interface is created as a /30. However is some uncommon is configured and required there it will do. In that situation you have to remember to set the type to Network whenever saving that page.

Changing the existing TS from a network to an address without the user selectign anything should not happen.

Files

Download all files
Screenshot from 2021-01-06 20-44-32.png (54.3 KB) Screenshot from 2021-01-06 20-44-32.png Steve Wheeler, 01/06/2021 05:04 PM
Screenshot from 2021-01-06 20-44-13.png (58.1 KB) Screenshot from 2021-01-06 20-44-13.png Steve Wheeler, 01/06/2021 05:04 PM
Actions
Copy link
 #1

Updated by Jim Pingle almost 4 years ago

  • Target version set to CE-Next
Actions
Copy link
 #3

Updated by Marcos M almost 3 years ago

  • File deleted (ipsec_vti_nettype.patch)
Actions
Copy link
 #4

Updated by Marcos M almost 3 years ago

  • Status changed from New to Pull Request Review
  • Affected Version changed from All to 2.4.5-p1
Actions
Copy link
 #5

Updated by Viktor Gurov over 2 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Marcos M
Actions
Copy link
 #6

Updated by Jim Pingle over 2 years ago

  • Target version changed from CE-Next to 2.7.0
  • Plus Target Version set to 22.05
Actions
Copy link
 #7

Updated by Jim Pingle over 2 years ago

  • Subject changed from IPSec VTI P2 traffic selectors default to address when defined as a network. to IPsec VTI phase 2 traffic selectors default to address when defined as a network

Updating subject for release notes.

Actions
Copy link
 #8

Updated by Jim Pingle over 2 years ago

  • Category changed from Web Interface to IPsec
Actions
Copy link
 #9

Updated by Marcos M over 2 years ago

  • % Done changed from 0 to 100
Actions
Copy link
 #10

Updated by Alhusein Zawi over 2 years ago

when selecting VTi it gives "LAN subnet" in local network and "address" in remote network by default.

if there is an existing configured Network it will be shown correctly .

Actions
Copy link
 #11

Updated by Alhusein Zawi over 2 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF