Project

General

Profile

Actions
Copy link

Bug #16532

open

The calculation of online leases IPs is incorrect.

Added by Geovane Gonçalves about 9 hours ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.8.x
Affected Architecture:
amd64

Description

Hi,

PfSense Plataform: CE 2.8.0 and 2.8.1

The generated list by the Status/IPsec/Leases page appears to be including clients with "null" IP addresses in the calculation of online clients (command line output below), when only those with real assigned IP addresses are listed on the page.
This leads to a very large discrepancy between the clients considered online and all established IKE SAs, output of the command
swanctl --list-sas | grep ESTABLISHED | wc -l
If the null IPs listed as online are excluded from the listing, the listing will be consistent with the list shown on the page, more realistic and practically identical to that of the established IKE Security Associations (SAs).

swanctl --list-pools --leases | more
(null) online 'gustav'
(null) online 'gustav'
192.168.100.226 online 'johnk'

Comparison:

Status/IPsec/Leases page output: 200 leases on line

swanctl --list-pools --leases | grep online | wc -l
200
swanctl --list-pools --leases | grep online | grep -v null | wc -l
119
swanctl --list-sas | grep ESTABLISHED | wc -l
121

Thanks,

Geovane

No data to display

Actions
Copy link

Also available in: Atom PDF