Bug #11226
closedIPsec VTI phase 2 traffic selectors default to address when defined as a network
100%
Description
The IPSec P2 edit page in the GUI (/vpn_ipsec_phase2.php) defaults the local and remote network type value to 'Address' when opening a VTI tunnel.
It does so even if the existing configured Network there is larger than a single address.
If making an unrelated change on that page, or saving without making any changes, the subnet value is removed from the configured P2 which is unexpected.
It shouldn't actually bring down a tunnel because the P2 will usually match 0.0.0.0/0 and the created interface is created as a /30. However is some uncommon is configured and required there it will do. In that situation you have to remember to set the type to Network whenever saving that page.
Changing the existing TS from a network to an address without the user selectign anything should not happen.
Files
Updated by Marcos M about 3 years ago
- File ipsec_vti_nettype.patch added
Updated by Marcos M about 3 years ago
- Status changed from New to Pull Request Review
- Affected Version changed from All to 2.4.5-p1
Updated by Viktor Gurov over 2 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Marcos M
Updated by Jim Pingle over 2 years ago
- Target version changed from CE-Next to 2.7.0
- Plus Target Version set to 22.05
Updated by Jim Pingle over 2 years ago
- Subject changed from IPSec VTI P2 traffic selectors default to address when defined as a network. to IPsec VTI phase 2 traffic selectors default to address when defined as a network
Updating subject for release notes.
Updated by Jim Pingle over 2 years ago
- Category changed from Web Interface to IPsec
Updated by Marcos M over 2 years ago
- % Done changed from 0 to 100
Applied in changeset 544be7a5360324249e8e389ad5a6de60288cf57f.
Updated by Alhusein Zawi over 2 years ago
when selecting VTi it gives "LAN subnet" in local network and "address" in remote network by default.
if there is an existing configured Network it will be shown correctly .
Updated by Alhusein Zawi over 2 years ago
- Status changed from Feedback to Resolved