Project

General

Profile

Actions

Bug #2914

closed

Gateway Group Name change causes all rules and OpenVPN interfaces using that group to be invalid

Added by Phillip Davis over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Low
Category:
Gateways
Target version:
Start date:
03/28/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

The Group Name is stored directly in the config of firewall rules, OpenVPN interface selection (and elsewhere...?). When the Group Name is changed, it is not changed in the associated rules and interface selections, so they become invalid.
It would be handy if all the references in the config where updated automagically.
Perhaps the real key of a Gateway Group should be an underlying generated string never seen on the GUI (gwg1, gwg2 etc) and that could be stored in the config entries, and and translated to the current Group Name for display. That way the user-selected group name can change any time in just 1 place.

Actions #1

Updated by Renato Botelho over 8 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Renato Botelho over 8 years ago

  • Assignee set to Renato Botelho

For 2.1 it's better to avoid such a big change, and since a gateway cannot be renamed, apply the same rule for gateway groups for now. If you believe it's a required feature, to rename a gateway and/or a gateway group, you can open a feature request for future versions and people can give opinions about it.

Actions #3

Updated by Phillip Davis over 8 years ago

I actually have code that does the rename through the config. I couldn't submit a pull request because it touches the same files as https://github.com/pfsense/pfsense/pull/499 and that has got stuck over Easter. If someone thinks pull request 499 is a good thing and commits it, then I can straight away submit another pull request. Otherwise, I guess banning gateway group name changes works!
Now I think about it, there might also be issues when deleting a gateway group - I don't see the code checking for the group being used in IPsec, OpenVPN or DynDNS settings first. I can have a look at that separately if you like.

Actions #4

Updated by Renato Botelho over 8 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF