Bug #4640
closed
"Disable Cisco Extensions" change toggles "Auto-exclude LAN address" setting
Added by B. Derman over 9 years ago.
Updated over 9 years ago.
Description
After updating from 2.2.1 to 2.2.2, in VPN -> IPsec -> Advanced Settings, the check-box setting for "Disable Cisco Extensions" now toggles whatever the setting was for "Auto-exclude LAN address" and the checkbox for "Auto-exclude LAN address" ignores any attempts to set it on it's own.
Note that the "Auto-exclude LAN address" setting is reversed from whatever it was previously (i.e., from the v2.2.1 setup) whenever the "Disable Cisco Extensions" is reversed -- i.e., depending upon the "Auto-exclude LAN address" setting inherited from v2.2.1, the "Auto-exclude LAN address" checkbox will either always be the same as the "Disable Cisco Extensions" setting or it will always be the opposite of the "Disable Cisco Extensions".
(Suggestion: "Affected Architecture" settings should be checkboxes, perhaps each paired with a "not tested" option)
This issue affects at least amd64 and i386.
Actually the "Auto-exclude LAN address" setting is being displayed opposite to what is in the config. Every time you press save that opposite setting gets saved, then it displays the "opposite of the opposite"... so regardless of what you do with other settings on that page, "Auto-exclude LAN address" toggles its state every time you press save.
This fixes the toggling: https://github.com/pfsense/pfsense/pull/1624
Users of IPsec and this setting need to check and confirm if the way the resulting IPsec is implemented actually corresponds correctly to the on/off of this check box.
I am totally confused. So I applied this, checked the checkbox and the bypasslan connection got deleted.
Apr 20 08:21:01 charon: 09[CFG] deleted connection 'bypasslan'
Apr 20 08:21:01 charon: 09[CFG] received stroke: delete connection 'bypasslan'
Apr 20 08:21:01 ipsec_starter[43206]:
Apr 20 08:21:01 charon: 08[CFG] received stroke: unroute 'bypasslan'
@devs: Please stop using *no*variable names. Everywhere. This is not the only place in pfSense that uses this reversed logic that only makes things extremely confusing and difficult to understand.
Indeed confirmed. The GUI description is totally inverted to the actual behaviour. Stuff like noshuntlaninterfaces, nofoobar, noblehblah is extremely evil.
- Status changed from New to Feedback
- % Done changed from 0 to 100
Errr... let me repeat this once again: this does the exact opposite of what's described in the GUI! When you enable the setting, the bypass gets disabled.
- Status changed from Feedback to Resolved
- Target version set to 2.2.3
- Affected Architecture added
- Affected Architecture deleted (
amd64)
last bit fixed under #4655
Also available in: Atom
PDF
Updated by 
Updated by Kill Bill 
Updated by Ermal Luçi 
Updated by