Project

General

Profile

Feature #4989

Allow all valid strongswan remote gateway options in gui

Added by Jon Klinck over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
08/20/2015
Due date:
% Done:

0%

Estimated time:

Description

Strongswan allows for setting the remote gateway to a subnet, multiple addresses, a range, or any IP address (%any).
The input validation does not allow these values to be set in the GUI. While not normally needed, there are situations outside of a typical road-warrior IPsec setup where these options are needed. Dynamic DNS is a better option, but not always available.
Perhaps require an 'I know what I'm doing' button to allow non standard input.
This would require a small change in vpn_ipsec_phase1.php and also in the logic that builds the filter rules for IPSec.

Also available in: Atom PDF