Project

General

Profile

Actions
Copy link

Feature #13057

closed

GUI option for IPsec ``dns-interval`` setting

Added by Viktor Gurov over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
IPsec
Target version:
2.7.0
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default

Description

$ipseccfg['dns-interval'] is never defined and looks like legacy code/refactoring error.

https://github.com/pfsense/pfsense/blob/master/src/etc/inc/ipsec.inc#L3309-L3311:

        if (!empty($ipseccfg['dns-interval']) && is_numeric($ipseccfg['dns-interval'])) {
            $interval = $ipseccfg['dns-interval'];
        }

Related issues

Related to Bug #13067: Resolve interval for ``filterdns`` may not match the configured valueResolvedReid Linnemann

Actions
Actions
Copy link
 #1

Updated by Jim Pingle over 2 years ago

  • Tracker changed from Bug to Feature
  • Subject changed from Unused ```dns-interval``` option to GUI option for IPsec ``dns-interval`` setting
  • Affected Version deleted (2.6.0)

It is a "hidden" config option to let users choose how often to re-resolve FQDN endpoints for IPsec. Users could manually insert it into config.xml, but at the time it was added there wasn't a compelling reason to also add a GUI option. There is a similar option for aliases on system_advanced_firewall.php.

We can add it to the advanced IPsec settings tab, but it the backend code can remain as it is.

Actions
Copy link
 #2

Updated by Viktor Gurov over 2 years ago

  • Assignee set to Viktor Gurov
  • Target version set to 2.7.0
  • Plus Target Version set to 22.05
Actions
Copy link
 #3

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #4

Updated by Viktor Gurov over 2 years ago

  • Status changed from Pull Request Review to Feedback
Actions
Copy link
 #5

Updated by Alhusein Zawi over 2 years ago

  • Status changed from Feedback to Resolved

"FQDN Endpoints Resolve Interval" is added to IPsec Advanced Settings

2.7.0.a.20220415.0600

Actions
Copy link
 #6

Updated by Marcos M over 2 years ago

Tested on 22.05.a.20220417.0600.

The interval is added correctly:

root 62793 0.0 0.3 12140 2784 - Is 18:44 0:00.01 |-- /usr/local/sbin/filterdns -p /var/run/filterdns-ipsec.pid -i 10 -c /var/etc/ipsec/filterdns-ipsec.hosts -d 1

However, the actual resolve interval seems to be done at twice the value in the config. This seems to be a separate issue, but it's worth noting. Details here:
https://redmine.pfsense.org/issues/13067

Actions
Copy link
 #7

Updated by Viktor Gurov over 2 years ago

  • Related to Bug #13067: Resolve interval for ``filterdns`` may not match the configured value added
Actions
Copy link

Also available in: Atom PDF