Bug #11663
closed
XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
Added by Manuel M. over 3 years ago.
Updated over 3 years ago.
Description
High Availability Sync is not syncing all settings from for example the IPSec Configuration option.
Tested with the VPN -> IPSec -> Advanced Settings -> Advanced IPSec Settings
The activated option "Enable Maximum MSS" where not synced from Master to Slave
If this is a bug, it could be that more options like this will not be synchronized.
- Subject changed from High Availability Sync not syncing all settings from a active sync option (like IPsec) to XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
- Category changed from High Availability to XMLRPC
- Target version deleted (
21.02.2)
That is specific to that option and not a general XMLRPC problem.
The MSS options are $config['system']['maxmss_enable']
and $config['system']['maxmss']
where the IPsec settings sync only items under $config['ipsec']
, and every other setting on that page is under $config['ipsec']
.
We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since it affects multiple VPNs and not only IPsec, and that may be a better fix than attempting to sync it with IPsec.
Jim Pingle wrote:
That is specific to that option and not a general XMLRPC problem.
The MSS options are $config['system']['maxmss_enable']
and $config['system']['maxmss']
where the IPsec settings sync only items under $config['ipsec']
, and every other setting on that page is under $config['ipsec']
.
We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since it affects multiple VPNs and not only IPsec, and that may be a better fix than attempting to sync it with IPsec.
So the only way is to set up this manually on both machines? Is there a overview which settings become synchronized and which not? Like this one here?
Manuel M. wrote:
So the only way is to set up this manually on both machines?
Correct
Is there a overview which settings become synchronized and which not? Like this one here?
No, there isn't a list of special cases like this, but they are fairly rare. This is the only one inside a section that synchronizes otherwise that immediately comes to mind.
Jim Pingle wrote:
We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since it affects multiple VPNs and not only IPsec, and that may be a better fix than attempting to sync it with IPsec.
see #10493
- Status changed from New to Duplicate
That is a better path forward
Also available in: Atom
PDF