"Disable Cisco Extensions" change toggles "Auto-exclude LAN address" setting
After updating from 2.2.1 to 2.2.2, in VPN -> IPsec -> Advanced Settings, the check-box setting for "Disable Cisco Extensions" now toggles whatever the setting was for "Auto-exclude LAN address" and the checkbox for "Auto-exclude LAN address" ignores any attempts to set it on it's own.
Note that the "Auto-exclude LAN address" setting is reversed from whatever it was previously (i.e., from the v2.2.1 setup) whenever the "Disable Cisco Extensions" is reversed -- i.e., depending upon the "Auto-exclude LAN address" setting inherited from v2.2.1, the "Auto-exclude LAN address" checkbox will either always be the same as the "Disable Cisco Extensions" setting or it will always be the opposite of the "Disable Cisco Extensions".
(Suggestion: "Affected Architecture" settings should be checkboxes, perhaps each paired with a "not tested" option)
This issue affects at least amd64 and i386.
Fix #4640 IPsec Auto-exclude LAN address toggles
every time save is pressed.
Actually the GUI is displaying the opposite setting to what is in the config. When the user pressed save that opposite setting was saved, but then again it displays the opposite of the opposite...
#1 Updated by Phillip Davis almost 4 years ago
Actually the "Auto-exclude LAN address" setting is being displayed opposite to what is in the config. Every time you press save that opposite setting gets saved, then it displays the "opposite of the opposite"... so regardless of what you do with other settings on that page, "Auto-exclude LAN address" toggles its state every time you press save.
This fixes the toggling: https://github.com/pfsense/pfsense/pull/1624
Users of IPsec and this setting need to check and confirm if the way the resulting IPsec is implemented actually corresponds correctly to the on/off of this check box.
#2 Updated by Kill Bill almost 4 years ago
I am totally confused. So I applied this, checked the checkbox and the bypasslan connection got deleted.
Apr 20 08:21:01 charon: 09[CFG] deleted connection 'bypasslan' Apr 20 08:21:01 charon: 09[CFG] received stroke: delete connection 'bypasslan' Apr 20 08:21:01 ipsec_starter: Apr 20 08:21:01 charon: 08[CFG] received stroke: unroute 'bypasslan'
@devs: Please stop using *no*variable names. Everywhere. This is not the only place in pfSense that uses this reversed logic that only makes things extremely confusing and difficult to understand.