Actions
Feature #14945
open
Allow IPsec VTI ``ipsecX`` interfaces to be added to interface groups
Status:
New
Priority:
Normal
Assignee:
-
Category:
Interfaces
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Release Notes:
Default
Description
Provide the ability to add IPsecX interfaces that are set up for VTI and filtering enabled, to be part of an Interface Group.
With the help of a Netgate Admin, modifying a .php file ive been able to test grouping IPsec interfaces and so far so good.
reference: https://forum.netgate.com/topic/183820/interface-groups-no-ipsec-tunnels-listed/8?_=1699278877471
Updated by Jim Pingle about 2 years ago
- Subject changed from IPsecX interfaces as part of Interface group selection to Allow IPsec VTI ``ipsecX`` interfaces to be added to interface groups
This should be possible so long as the IPsec Filter Mode (VPN > IPsec, Advanced Settings tab) is set to filter VTI on the assigned interfaces.
Ideally it should be validated both ways:
- Only allow VTI to be added to a group if the filter mode is set to filter VTI
- Do not allow changing the filter mode away from filtering VTI if there are any VTI interfaces in groups
Updated by Mike Moore 10 months ago
Interface Groups is akin to Security Zones so coming up with a consistent policy for my IPsec VTI interfaces would be helpful.
Any way we can get this reviewed for next release?
Actions