Bug #4864
closed
IPsec MSS clamping not backed up in IPsec partial backup
0%
Description
Maximum MSS (probably all in the Advanced settings in the VPN IPsec) is not being backup in the XML file.
Updated by Phillip Davis over 8 years ago
There are some fixes to the way the "Enable bypass for LAN interface IP" check-box is handled that are coming in 2.2.4.
Try the version https://github.com/pfsense/pfsense/blob/RELENG_2_2/usr/local/www/vpn_ipsec_settings.php
And then report back if it is good, or exactly what you enter and what is not saved.
Updated by Lars Pedersen over 8 years ago
My pfSense installation is running the current 2.2.4 development and the problem is that the Maximum MSS is being backed up in the wrong config group. Currently it is stored in "system" instead of "ipsec".
So I have made a pull request with the fix on github:
Updated by Chris Buechler over 8 years ago
- Subject changed from IPsec Advanced Settings not backup in XML file to IPsec MSS clamping not backed up in IPsec partial backup
- Category set to IPsec
- Status changed from New to Confirmed
- Priority changed from Normal to Low
- Affected Version set to All
the values that were originally under System>Advanced (of which MSS clamping is the only remaining) are within system.
The pull request will break MSS clamping on all existing installs, needs config upgrade code if it's going to be moved.
Updated by Kill Bill over 8 years ago
As noted at https://github.com/pfsense/pfsense/pull/1776#issuecomment-141786006 - this ain't IPsec-specific setting at all. Please, leave it alone.
Updated by Kill Bill over 8 years ago
Updated by Renato Botelho about 8 years ago
- Status changed from Confirmed to Needs Patch
It's a global flag because it's used also by OpenVPN and PPPoE server.
If you think it's useful to have separate values for each VPN a different change must be done