Bug #5188
closedvpn_ipsec_settings.php "Auto-exclude LAN address" changes lost
100%
Description
The changes to rename field, update description, and fix check/uncheck of "Auto-exclude LAN address" field (as labeled in 2.2.4, still former "Bypass LAN address" in 2.3), got lost in the merge.
The text needs to be replaced with what's in 2.2.4, and the check/uncheck behavior fixed to work correctly. Right now checking it never gets saved.
Updated by Anonymous about 9 years ago
- Status changed from Confirmed to Assigned
Three new fields need to be added:
- CRL Checking
- Make before Break
- Auto-exclude LAN address
Updated by Anonymous about 9 years ago
- Status changed from Assigned to Feedback
- Assignee changed from Anonymous to Chris Buechler
New fields added and tested
Updated by Anonymous about 9 years ago
- % Done changed from 0 to 100
Applied in changeset pfsense:7e4abf2603554b8977f492f4e0565f622eb3ebce.
Updated by Chris Buechler about 9 years ago
- Status changed from Feedback to Assigned
- Assignee changed from Chris Buechler to Anonymous
most of this is good, and good catch on the 2 missing fields.
One issue still: The setting/unsetting of the config value for "Auto-exclude LAN address" is backwards from what it should be. It's checked if that config setting doesn't exist, and un-checked if the config setting does exist. That was a bit of a saga before when this was implemented, if that creates a mess for some reason we can reconsider that behavior.
Updated by Anonymous about 9 years ago
Yeah. The code contains this:
// The logic value sent by $POST is opposite to the way it is stored in the config.
// Reset the $pconfig value so it reflects the opposite of what was $POSTed.
if ($_POST['noshuntlaninterfaces'] == "yes") {
$pconfig['noshuntlaninterfaces'] = false;
} else {
$pconfig['noshuntlaninterfaces'] = true;
}
So the behavior was obviously required at some point. Easy to remove of course.
Updated by Phillip Davis about 9 years ago
The UI box "Auto-exclude LAN address" asks for "Enable bypass for LAN interface IP". That is the reverse question to the name of the setting "noshuntlaninterfaces".
1) In a default config that has no mention of "noshuntlaninterfaces" then the checkbox "Enable bypass for LAN interface IP" should be checked on first display.
2) If the checkbox is unchecked and save is pressed, then the config gets "noshuntlaninterfaces" put in it (and that then flows through the back-end code to implement the settings)
3) If the checkbox is unchecked and save is pressed, then the config gets "noshuntlaninterfaces" removed (there should be no mention of it any more in the config)
As long as it works like the above, then do whatever is needed in the underlying code to make it so.
Updated by Phillip Davis about 9 years ago
I wish I could edit my posts on Redmine!!!
The UI box "Auto-exclude LAN address" asks for "Enable bypass for LAN interface IP". That is the reverse question to the name of the setting "noshuntlaninterfaces".
1) In a default config that has no mention of "noshuntlaninterfaces" then the checkbox "Enable bypass for LAN interface IP" should be checked on first display.
2) If the checkbox is unchecked and save is pressed, then the config gets "noshuntlaninterfaces" put in it (and that then flows through the back-end code to implement the setting)
3) If the checkbox is checked and save is pressed, then the config gets "noshuntlaninterfaces" removed (there should be no mention of it any more in the config)
As long as it works like the above, then do whatever is needed in the underlying code to make it so.
Updated by Phillip Davis about 9 years ago
The latest code in pfsense/master looks like it should be working.
I made pull request https://github.com/pfsense/pfsense/pull/1931 - that changes some variable names and comment text that might help future maintainers to understand this beast. Take it if you like it, close it if you don't.
Updated by Anonymous about 9 years ago
- Status changed from Assigned to Resolved
P Davis clarifications merged. Thanks!