Bug #2455
closedIPSec Phase 2 settings GUI doesn't take into account AH vs ESP selection properly
100%
Description
On the VPN:IPsec:Edit Phase 2 page there is the section Phase 2 proposal (SA/Key Exchange)
If under Protocol ESP is selected, then there is a section below for Encryption algorithms.
When under Protocol AH is selected, that section is hidden.
The problem seems to be, that whatever Encryption algorithm(s) are selected with ESP selected, are then passed to the configuration, even if one switches from ESP to AH, and then saves.
Worse, if one tries to prevent that, and deselects all encryption algorithms and switches then to AH and tries to save, the system complains that one must select an encryption algorithm, which is plain wrong.
This means, some of the logic on that page that takes input fields and selectors and turns it into a configuration, doesn't properly take into account the protocol selection.
First, regardless what encryption algorithms are selected, these should not be passed to an AH configuration, and second, if no encryption algorithm is selected and the AH protocol is chosen, that should not produce an error.