Project

General

Profile

Actions

Feature #14945

open

Allow IPsec VTI ``ipsecX`` interfaces to be added to interface groups

Added by Mike Moore about 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Interfaces
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default

Description

Provide the ability to add IPsecX interfaces that are set up for VTI and filtering enabled, to be part of an Interface Group.
With the help of a Netgate Admin, modifying a .php file ive been able to test grouping IPsec interfaces and so far so good.

reference: https://forum.netgate.com/topic/183820/interface-groups-no-ipsec-tunnels-listed/8?_=1699278877471

Actions #1

Updated by Jim Pingle about 1 year ago

  • Subject changed from IPsecX interfaces as part of Interface group selection to Allow IPsec VTI ``ipsecX`` interfaces to be added to interface groups

This should be possible so long as the IPsec Filter Mode (VPN > IPsec, Advanced Settings tab) is set to filter VTI on the assigned interfaces.

Ideally it should be validated both ways:

  • Only allow VTI to be added to a group if the filter mode is set to filter VTI
  • Do not allow changing the filter mode away from filtering VTI if there are any VTI interfaces in groups
Actions

Also available in: Atom PDF