Actions
Feature #14945
open
Allow IPsec VTI ``ipsecX`` interfaces to be added to interface groups
Status:
New
Priority:
Normal
Assignee:
-
Category:
Interfaces
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Release Notes:
Default
Description
Provide the ability to add IPsecX interfaces that are set up for VTI and filtering enabled, to be part of an Interface Group.
With the help of a Netgate Admin, modifying a .php file ive been able to test grouping IPsec interfaces and so far so good.
reference: https://forum.netgate.com/topic/183820/interface-groups-no-ipsec-tunnels-listed/8?_=1699278877471
Updated by Jim Pingle over 1 year ago
- Subject changed from IPsecX interfaces as part of Interface group selection to Allow IPsec VTI ``ipsecX`` interfaces to be added to interface groups
This should be possible so long as the IPsec Filter Mode (VPN > IPsec, Advanced Settings tab) is set to filter VTI on the assigned interfaces.
Ideally it should be validated both ways:
- Only allow VTI to be added to a group if the filter mode is set to filter VTI
- Do not allow changing the filter mode away from filtering VTI if there are any VTI interfaces in groups
Updated by Mike Moore about 2 months ago
Interface Groups is akin to Security Zones so coming up with a consistent policy for my IPsec VTI interfaces would be helpful.
Any way we can get this reviewed for next release?
Actions