Project

General

Profile

Actions

Bug #4864

closed

IPsec MSS clamping not backed up in IPsec partial backup

Added by Lars Pedersen over 9 years ago. Updated almost 9 years ago.

Status:
Needs Patch
Priority:
Low
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
07/22/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Maximum MSS (probably all in the Advanced settings in the VPN IPsec) is not being backup in the XML file.

Actions #1

Updated by Phillip Davis over 9 years ago

There are some fixes to the way the "Enable bypass for LAN interface IP" check-box is handled that are coming in 2.2.4.
Try the version https://github.com/pfsense/pfsense/blob/RELENG_2_2/usr/local/www/vpn_ipsec_settings.php
And then report back if it is good, or exactly what you enter and what is not saved.

Actions #2

Updated by Lars Pedersen over 9 years ago

My pfSense installation is running the current 2.2.4 development and the problem is that the Maximum MSS is being backed up in the wrong config group. Currently it is stored in "system" instead of "ipsec".

So I have made a pull request with the fix on github:

https://github.com/pfsense/pfsense/pull/1776

Actions #3

Updated by Chris Buechler over 9 years ago

  • Subject changed from IPsec Advanced Settings not backup in XML file to IPsec MSS clamping not backed up in IPsec partial backup
  • Category set to IPsec
  • Status changed from New to Confirmed
  • Priority changed from Normal to Low
  • Affected Version set to All

the values that were originally under System>Advanced (of which MSS clamping is the only remaining) are within system.

The pull request will break MSS clamping on all existing installs, needs config upgrade code if it's going to be moved.

Actions #4

Updated by Kill Bill over 9 years ago

As noted at https://github.com/pfsense/pfsense/pull/1776#issuecomment-141786006 - this ain't IPsec-specific setting at all. Please, leave it alone.

Actions #6

Updated by Renato Botelho almost 9 years ago

  • Status changed from Confirmed to Needs Patch

It's a global flag because it's used also by OpenVPN and PPPoE server.

If you think it's useful to have separate values for each VPN a different change must be done

Actions

Also available in: Atom PDF