Project

General

Profile

Actions

Bug #11663

closed

XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab

Added by Manuel M. over 3 years ago. Updated over 3 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
XMLRPC
Target version:
-
Start date:
03/12/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

High Availability Sync is not syncing all settings from for example the IPSec Configuration option.

Tested with the VPN -> IPSec -> Advanced Settings -> Advanced IPSec Settings

The activated option "Enable Maximum MSS" where not synced from Master to Slave

If this is a bug, it could be that more options like this will not be synchronized.

Actions #1

Updated by Jim Pingle over 3 years ago

  • Subject changed from High Availability Sync not syncing all settings from a active sync option (like IPsec) to XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
  • Category changed from High Availability to XMLRPC
  • Target version deleted (21.02.2)

That is specific to that option and not a general XMLRPC problem.

The MSS options are $config['system']['maxmss_enable'] and $config['system']['maxmss'] where the IPsec settings sync only items under $config['ipsec'], and every other setting on that page is under $config['ipsec'].

We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since it affects multiple VPNs and not only IPsec, and that may be a better fix than attempting to sync it with IPsec.

Actions #2

Updated by Manuel M. over 3 years ago

Jim Pingle wrote:

That is specific to that option and not a general XMLRPC problem.
The MSS options are $config['system']['maxmss_enable'] and $config['system']['maxmss'] where the IPsec settings sync only items under $config['ipsec'], and every other setting on that page is under $config['ipsec'].
We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since it affects multiple VPNs and not only IPsec, and that may be a better fix than attempting to sync it with IPsec.

So the only way is to set up this manually on both machines? Is there a overview which settings become synchronized and which not? Like this one here?

Actions #3

Updated by Jim Pingle over 3 years ago

Manuel M. wrote:

So the only way is to set up this manually on both machines?

Correct

Is there a overview which settings become synchronized and which not? Like this one here?

No, there isn't a list of special cases like this, but they are fairly rare. This is the only one inside a section that synchronizes otherwise that immediately comes to mind.

Actions #4

Updated by Viktor Gurov over 3 years ago

Jim Pingle wrote:

We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since it affects multiple VPNs and not only IPsec, and that may be a better fix than attempting to sync it with IPsec.

see #10493

Actions #5

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Duplicate

That is a better path forward

Actions

Also available in: Atom PDF