Bug #2455
closed
IPSec Phase 2 settings GUI doesn't take into account AH vs ESP selection properly
100%
Description
On the VPN:IPsec:Edit Phase 2 page there is the section Phase 2 proposal (SA/Key Exchange)
If under Protocol ESP is selected, then there is a section below for Encryption algorithms.
When under Protocol AH is selected, that section is hidden.
The problem seems to be, that whatever Encryption algorithm(s) are selected with ESP selected, are then passed to the configuration, even if one switches from ESP to AH, and then saves.
Worse, if one tries to prevent that, and deselects all encryption algorithms and switches then to AH and tries to save, the system complains that one must select an encryption algorithm, which is plain wrong.
This means, some of the logic on that page that takes input fields and selectors and turns it into a configuration, doesn't properly take into account the protocol selection.
First, regardless what encryption algorithms are selected, these should not be passed to an AH configuration, and second, if no encryption algorithm is selected and the AH protocol is chosen, that should not produce an error.
Updated by Chris Buechler over 12 years ago
- Category set to IPsec
- Target version set to 2.1
Updated by Pierre POMES over 12 years ago
- Status changed from New to Assigned
- Assignee set to Pierre POMES
Updated by Pierre POMES over 12 years ago
- Status changed from Assigned to Feedback
- % Done changed from 0 to 100
Should be ok now, could you test again ?
Thanks.
Pierre
Updated by Ronald Antony over 12 years ago
I'll check it out as soon as a snapshot is live that incorporates the change...
Updated by Ronald Antony over 12 years ago
Yep, the GUI bug seems to be fixed.
I can even get an AH tunnel up (but so far no traffic goes through it, but if it's a bug, it's a different issue anyway).
So I think this one can be closed out.
Updated by Chris Buechler over 12 years ago
- Status changed from Feedback to Resolved