Project

General

Profile

Actions
Copy link

Regression #11751

closed

Input validation prevents creating 1:1 NAT rules on IPsec

Added by Steve Wheeler over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Rules / NAT
Target version:
2.5.2
Start date:
03/29/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:
All

Description

Additional input validation in the GUI in 21.02/2.5 prevents creating a 1:1 NAT rule on the IPSec interface because it expects an IP family and enc doesnot have one:

The following input errors were detected:

    The interface do not have address from the specified address family.

Should also read "interface does not have address".

This is an edge case because NAT is not expected to work on IPSec. However there are situation where us can work and did in pfSense < 2.5.
Specifically if the P2 in use carries 0.0.0.0/0 it will carry the NAT'd traffic still.

This only applies to 1:1 NAT

Tested in:

21.02.2-RC (arm64)
built on Mon Mar 29 03:04:00 EDT 2021
FreeBSD 12.2-STABLE

Files

211.diff (3.21 KB) 211.diff Viktor Gurov, 04/23/2021 12:12 AM
Actions
Copy link

Also available in: Atom PDF