Todo #13189
closed
Input validation should reject the combination of DCO and P2P mode
100%
Description
DCO has issues with OpenVPN's peer-to-peer mode (tunnel network /30-/32) and we should prevent that combination of settings.
It looked like it might work at first but as the DCO implementation in OpenVPN has evolved it's having issues because P2P mode can't negotiate the necessary parts for DCO.
It works fine with client/server mode (e.g. /24 tunnel network).
The only way to tell the difference is by the size of the tunnel network so we can't hide things automatically, but we can detect it on save and also note the limit in the GUI.
Updated by Jim Pingle over 2 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Updated by Jim Pingle over 2 years ago
- Status changed from Feedback to In Progress
Still needs a note under the IPv4 tunnel network fields about this not being compatible.
Updated by Jim Pingle over 2 years ago
- Status changed from In Progress to Feedback
Base of the note (for CE and Plus that doesn't mention DCO): https://gitlab.netgate.com/pfSense/pfSense/-/commit/533b6c5a80b1ce452356a6352122c0175c883659
Plus commit that also notes DCO is not compatible: https://gitlab.netgate.com/pfSense/factory/-/commit/38811cfa84841cc7014aca7dfb7daa7b99a4a45a
Updated by Jim Pingle over 2 years ago
- Release Notes changed from Default to Force Exclusion