Project

General

Profile

Bug #4640

"Disable Cisco Extensions" change toggles "Auto-exclude LAN address" setting

Added by B. Derman over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
04/19/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.2.2
Affected Architecture:

Description

After updating from 2.2.1 to 2.2.2, in VPN -> IPsec -> Advanced Settings, the check-box setting for "Disable Cisco Extensions" now toggles whatever the setting was for "Auto-exclude LAN address" and the checkbox for "Auto-exclude LAN address" ignores any attempts to set it on it's own.

Note that the "Auto-exclude LAN address" setting is reversed from whatever it was previously (i.e., from the v2.2.1 setup) whenever the "Disable Cisco Extensions" is reversed -- i.e., depending upon the "Auto-exclude LAN address" setting inherited from v2.2.1, the "Auto-exclude LAN address" checkbox will either always be the same as the "Disable Cisco Extensions" setting or it will always be the opposite of the "Disable Cisco Extensions".

(Suggestion: "Affected Architecture" settings should be checkboxes, perhaps each paired with a "not tested" option)

This issue affects at least amd64 and i386.

Associated revisions

Revision 75d072be (diff)
Added by Phillip Davis over 4 years ago

Fix #4640 IPsec Auto-exclude LAN address toggles

every time save is pressed.
Actually the GUI is displaying the opposite setting to what is in the config. When the user pressed save that opposite setting was saved, but then again it displays the opposite of the opposite...

Revision 868a62be (diff)
Added by Ermal Luçi about 4 years ago

Fix #4640 IPsec Auto-exclude LAN address toggles every time save is pressed.
Actually the GUI is displaying the opposite setting to what is in the config. When the user pressed save that opposite setting was saved, but then again it displays the opposite of the opposite...

History

#1 Updated by Phillip Davis over 4 years ago

Actually the "Auto-exclude LAN address" setting is being displayed opposite to what is in the config. Every time you press save that opposite setting gets saved, then it displays the "opposite of the opposite"... so regardless of what you do with other settings on that page, "Auto-exclude LAN address" toggles its state every time you press save.
This fixes the toggling: https://github.com/pfsense/pfsense/pull/1624

Users of IPsec and this setting need to check and confirm if the way the resulting IPsec is implemented actually corresponds correctly to the on/off of this check box.

#2 Updated by Kill Bill over 4 years ago

I am totally confused. So I applied this, checked the checkbox and the bypasslan connection got deleted.

Apr 20 08:21:01    charon: 09[CFG] deleted connection 'bypasslan'
Apr 20 08:21:01    charon: 09[CFG] received stroke: delete connection 'bypasslan'
Apr 20 08:21:01    ipsec_starter[43206]:
Apr 20 08:21:01    charon: 08[CFG] received stroke: unroute 'bypasslan'

@devs: Please stop using *no*variable names. Everywhere. This is not the only place in pfSense that uses this reversed logic that only makes things extremely confusing and difficult to understand.

#3 Updated by Kill Bill over 4 years ago

Indeed confirmed. The GUI description is totally inverted to the actual behaviour. Stuff like noshuntlaninterfaces, nofoobar, noblehblah is extremely evil.

#4 Updated by Ermal Luçi about 4 years ago

  • Status changed from New to Feedback

Merged pull request.

#5 Updated by Phillip Davis about 4 years ago

  • % Done changed from 0 to 100

#6 Updated by Ermal Luçi about 4 years ago

#7 Updated by Kill Bill about 4 years ago

Errr... let me repeat this once again: this does the exact opposite of what's described in the GUI! When you enable the setting, the bypass gets disabled.

#8 Updated by Chris Buechler about 4 years ago

  • Status changed from Feedback to Resolved
  • Target version set to 2.2.3
  • Affected Architecture deleted (amd64)

last bit fixed under #4655

Also available in: Atom PDF