Project

General

Profile

Actions

Bug #12356

closed

Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries

Added by Viktor Gurov 8 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Virtual IP Addresses
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.5.2
Affected Architecture:

Description

It is possible to delete the Virtual IP that is used by IPsec PH1
see the result in the attached screenshot


Files

Actions #2

Updated by Jim Pingle 8 months ago

  • Status changed from New to Pull Request Review
  • Assignee set to Viktor Gurov
  • Target version set to CE-Next
  • Plus Target Version set to 22.01
Actions #3

Updated by Viktor Gurov 7 months ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Max Leighton 7 months ago

I tested this in:

22.01-DEVELOPMENT (amd64)
built on Sat Oct 09 05:27:30 UTC 2021
FreeBSD 12.2-STABLE

And I can still delete VIPs that are used by IPsec and get the error shown in the screenshot.

Actions #5

Updated by Viktor Gurov 7 months ago

Max Leighton wrote in #note-4:

I tested this in:

22.01-DEVELOPMENT (amd64)
built on Sat Oct 09 05:27:30 UTC 2021
FreeBSD 12.2-STABLE

And I can still delete VIPs that are used by IPsec and get the error shown in the screenshot.

works as expected on 2.6.0.a.20211009.0500
try to upgrade to the latest snapshot

Actions #6

Updated by Max Leighton 7 months ago

Yes, I tested again in the latest build of 2.6 and it works as expected.

2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 09 05:20:31 UTC 2021
FreeBSD 12.2-STABLE

But it looks like it has not made it into 21.02 because it does not work in the latest build of 21.02.

Actions #7

Updated by Kris Phillips 7 months ago

Can confirm this hasn't been merged into the Oct 9th build of pfSense Plus 22.01. We need to patch this in pfSense Plus as well as CE.

Actions #8

Updated by Danilo Zrenjanin 7 months ago

I tested on the:

2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 16 05:24:35 UTC 2021
FreeBSD 12.2-STABLE

I can confirm it works. However, there is an unexpected error message. I opened a new bug report - https://redmine.pfsense.org/issues/12463

Actions #9

Updated by Danilo Zrenjanin 7 months ago

  • Status changed from Feedback to Resolved

Tested on the:

2.6.0-DEVELOPMENT (amd64)
built on Fri Oct 22 05:26:55 UTC 2021
FreeBSD 12.3-PRERELEASE

The unexpected error message has been fixed through the Bug report #12442.

Everything works as expected now. Ticket resolved.

Actions #10

Updated by Jim Pingle 7 months ago

  • Target version changed from CE-Next to 2.6.0
Actions #11

Updated by Jim Pingle 7 months ago

  • Subject changed from deleteVIP() does not check IPsec PH1 to Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries

Updating subject for release notes.

Actions

Also available in: Atom PDF