Project

General

Profile

Actions

Bug #11912

closed

IPsec GUI allows creating multiple identical Phase 1 entries when using FQDN for remote gateway

Added by Jim Pingle almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Viktor Gurov
Category:
IPsec
Target version:
Start date:
05/12/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Moving from internal Redmine issue 6010 since this affects CE and Plus and isn't hardware-dependent.

Original Description:

This is a new behavior that I've not seen until recently (after upgrading to 21.02).

I was creating a p1 for a user, and when 'apply change', it hung there for about 2-3 minutes (the device has 30+ tunnels), eventually resulting in a 504 gateway timeout error.
Then I logged into the device again, and clicked apply changes.
When I looked the tunnels to see if they were created, I noticed identical p1 tunnels created.
Normally, pfSense would error out if I created multiple identical tunnels.
I tried to create another identical p1, and I was successful.
It seems like you can create as many as you want.

From the notes:

Was able to reproduce it using the remote FQDN gateways

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/237

That PR has already been merged and picked back to 21.05

Actions

Also available in: Atom PDF