Bug #12356: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Plus - All Open Issues
23.09.1 Target - All Closed Issues
23.09.1 Target - All Open Issues
24.03 Plus - All Closed Issues
24.03 Plus - All Open Issues
24.03 Plus - Feedback Issues
24.03 Plus - Needs Attention/Work
24.03 Plus - New/Confirmed/In Progress Issues
24.03 Plus - Pull Request Review
24.03 Plus - Waiting on Merge
24.03 Target - All Closed Issues
24.03 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #12356

closed

Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries

Added by Viktor Gurov over 2 years ago. Updated over 2 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Viktor Gurov

Category:

Virtual IP Addresses

Target version:

2.6.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

22.01

Release Notes:

Default

Affected Version:

2.5.2

Affected Architecture:

Description

It is possible to delete the Virtual IP that is used by IPsec PH1
see the result in the attached screenshot

Files

Screenshot from 2021-09-09 18-49-19.png (22 KB) Screenshot from 2021-09-09 18-49-19.png

Viktor Gurov, 09/09/2021 10:49 AM

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Viktor Gurov over 2 years ago

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/383

Actions

Copy link

Updated by Jim Pingle over 2 years ago

Status changed from New to Pull Request Review
Assignee set to Viktor Gurov
Target version set to CE-Next
Plus Target Version set to 22.01

Actions

Copy link

Updated by Viktor Gurov over 2 years ago

Status changed from Pull Request Review to Feedback
% Done changed from 0 to 100

Applied in changeset 42259176d0c0a4ca49099ef5cdbcbfdacdd64589.

Actions

Copy link

Updated by Max Leighton over 2 years ago

I tested this in:

22.01-DEVELOPMENT (amd64)
built on Sat Oct 09 05:27:30 UTC 2021
FreeBSD 12.2-STABLE

And I can still delete VIPs that are used by IPsec and get the error shown in the screenshot.

Actions

Copy link

Updated by Viktor Gurov over 2 years ago

Max Leighton wrote in #note-4:

I tested this in:

22.01-DEVELOPMENT (amd64)
built on Sat Oct 09 05:27:30 UTC 2021
FreeBSD 12.2-STABLE

And I can still delete VIPs that are used by IPsec and get the error shown in the screenshot.

works as expected on 2.6.0.a.20211009.0500
try to upgrade to the latest snapshot

Actions

Copy link

Updated by Max Leighton over 2 years ago

Yes, I tested again in the latest build of 2.6 and it works as expected.

2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 09 05:20:31 UTC 2021
FreeBSD 12.2-STABLE

But it looks like it has not made it into 21.02 because it does not work in the latest build of 21.02.

Actions

Copy link

Updated by Kris Phillips over 2 years ago

Can confirm this hasn't been merged into the Oct 9th build of pfSense Plus 22.01. We need to patch this in pfSense Plus as well as CE.

Actions

Copy link

Updated by Danilo Zrenjanin over 2 years ago

I tested on the:

2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 16 05:24:35 UTC 2021
FreeBSD 12.2-STABLE

I can confirm it works. However, there is an unexpected error message. I opened a new bug report - https://redmine.pfsense.org/issues/12463

Actions

Copy link

Updated by Danilo Zrenjanin over 2 years ago

Status changed from Feedback to Resolved

Tested on the:

2.6.0-DEVELOPMENT (amd64)
built on Fri Oct 22 05:26:55 UTC 2021
FreeBSD 12.3-PRERELEASE

The unexpected error message has been fixed through the Bug report #12442.

Everything works as expected now. Ticket resolved.

Actions

Copy link

#10

Updated by Jim Pingle over 2 years ago

Target version changed from CE-Next to 2.6.0

Actions

Copy link

#11

Updated by Jim Pingle over 2 years ago

Subject changed from deleteVIP() does not check IPsec PH1 to Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries

Updating subject for release notes.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #12356

Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries

Updated by Viktor Gurov over 2 years ago

Updated by Jim Pingle over 2 years ago

Updated by Viktor Gurov over 2 years ago

Updated by Max Leighton over 2 years ago

Updated by Viktor Gurov over 2 years ago

Updated by Max Leighton over 2 years ago

Updated by Kris Phillips over 2 years ago

Updated by Danilo Zrenjanin over 2 years ago

Updated by Danilo Zrenjanin over 2 years ago

Updated by Jim Pingle over 2 years ago

Updated by Jim Pingle over 2 years ago