Actions
Bug #4255
closed
Outbound NAT needs config upgrade
Status:
Rejected
Priority:
Very High
Assignee:
Category:
Configuration Upgrade
Target version:
-
Start date:
01/20/2015
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
Description
Outbound NAT configs in 2.1.x and prior use a different XML structure than 2.2, and there isn't any config upgrade code to accommodate.
In 2.1.x and prior you have something like the following:
<nat>
<ipsecpassthru>
<enable/>
</ipsecpassthru>
<advancedoutbound>
<rule>
<source>
<network>192.168.16.0/24</network>
</source>
<dstport>500</dstport>
<descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN]]></descr>
<target/>
<interface>wan</interface>
<destination>
<any/>
</destination>
<staticnatport/>
<created>
<time>1421811789</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>192.168.16.0/24</network>
</source>
<sourceport/>
<descr><![CDATA[Auto created rule for LAN to WAN]]></descr>
<target/>
<interface>wan</interface>
<destination>
<any/>
</destination>
<natport/>
<created>
<time>1421811789</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
</advancedoutbound>
</nat>
In 2.2, it's like the following:
<nat>
<outbound>
<mode>advanced</mode>
<rule>
<interface>wan</interface>
<source>
<network>10.0.0.0/8</network>
</source>
<dstport>500</dstport>
<target/>
<destination>
<any/>
</destination>
<staticnatport/>
<descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN]]></descr>
<created>
<time>1421811727</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<interface>wan</interface>
<source>
<network>10.0.0.0/8</network>
</source>
<sourceport/>
<target/>
<destination>
<any/>
</destination>
<natport/>
<descr><![CDATA[Auto created rule - LAN to WAN]]></descr>
<created>
<time>1421811727</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
</outbound>
</nat>
Updated by Renato Botelho over 10 years ago
There is a code to convert it, it's upgrade_102_to_103()
Updated by Renato Botelho over 10 years ago
- Status changed from Confirmed to Feedback
- Assignee changed from Renato Botelho to Chris Buechler
Do you have a config that was broken after upgrade? I upgraded a 2.1.x to 2.2 on both modes, automatic and advanced and both worked as expected.
Updated by Chris Buechler over 10 years ago
- Status changed from Feedback to Rejected
you're right, I was too quick on the trigger here. The config upgrade failed on one pair of systems because it was upgraded using a build that had broken PHP, which left things a bit of a mess. Since confirmed others are fine.
Actions