Project

General

Profile

Actions
Copy link

Bug #16238

open

Clearing a P1's Life Time field does not restore default value

Added by Chris W about 1 month ago. Updated about 1 month ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default
Affected Plus Version:
24.11
Affected Architecture:

Description

VPN > Ipsec: Add P1.

Create a new P1. The default Life Time is 28800, and the Rekey & Rand times are created based on that value.
Change the Life Time value, ex. 12345. Save and Apply.
Edit the P1 and delete what's in the Life Time field. Save and Apply.
Edit the P1 again and instead of the 28800 used when first creating a new P1, now 16000 is the value.

Files

Download all files
Screenshot From 2025-06-05 17-54-06.png (94.2 KB) Screenshot From 2025-06-05 17-54-06.png Chris W, 06/05/2025 11:57 PM
Screenshot From 2025-06-05 17-56-19.png (93.7 KB) Screenshot From 2025-06-05 17-56-19.png Chris W, 06/05/2025 11:57 PM
Actions
Copy link
 #2

Updated by Christopher Cope about 1 month ago

  • Status changed from New to Confirmed

I can confirm this on

25.07-DEVELOPMENT (amd64)
built on Fri Jun 6 6:00:00 UTC 2025
FreeBSD 15.0-CURRENT

There are 2 "default" values in separate sections of the code. The edit page sets it to 28800 when it's first created, but if there is no value set it calls ipsec_get_life_time(), which has a default of 16000. These should be updated to match and maybe make the edit page use the function to set the initial defaults to have a single source of truth for the defaults.

It seems likely that other values on that page will have the same issue.

Actions
Copy link

Also available in: Atom PDF