Actions
Bug #11832
closed
``ipsec_vti()`` does not skip disabled VTI entries
Start date:
04/21/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:
Description
if (!$skipdisabled && isset($ph2ent['disabled'])) {
continue;
- is incorrect, sould be:
if ($skipdisabled && isset($ph2ent['disabled'])) {
continue;
Because of this, `interface_ipsec_vti_configure()` tries to configure disabled VTI interfaces
and `upgrade_208_to_209()` could work incorrectly for IKEv1/SplitConnectionIKEv2 VTIs:
https://github.com/pfsense/pfsense/blob/3af1961155caafb890cfb635d7278e1498ae7423/src/etc/inc/upgrade_config.inc#L6248:
foreach ($config['ipsec']['phase1'] as $ph1ent) {
if (!isset($ph1ent['mobile']) &&
($ph1ent['iketype'] == 'ikev1' ||
isset($ph1ent['splitconn']))) {
$vtisubnet_spec = ipsec_vti($ph1ent, true, false);
if (empty($vtisubnet_spec)) {
continue;
}
Updated by Viktor Gurov over 3 years ago
Updated by Jim Pingle over 3 years ago
- Status changed from New to Pull Request Review
- Target version set to 2.6.0
Updated by Anonymous over 3 years ago
- Status changed from Pull Request Review to Feedback
Updated by Jim Pingle over 3 years ago
- Subject changed from ipsec_vti() doesn't skip disabled VTI entries to ``ipsec_vti()`` doesn't skip disabled VTI entries
Updating subject for release notes.
Updated by Jim Pingle over 3 years ago
- Subject changed from ``ipsec_vti()`` doesn't skip disabled VTI entries to ``ipsec_vti()`` does not skip disabled VTI entries
Updating subject for release notes.
Updated by Jim Pingle over 3 years ago
- Target version changed from 2.6.0 to 2.5.2
Updated by
Actions