Project

General

Profile

Bug #5320

IPSec NAT rules are not removed when a tunnel is disabled

Added by Steve Wheeler about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
Rules / NAT
Target version:
Start date:
10/19/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

After disabling an IPSec tunnel in the GUI the NAT rules in the phase2 entries are not removed and are still applied to traffic using that route in another IPSec tunnel.
This applies if the tunnel is disabled at the phase 2 or the phase 1 containing it.
NAT rules still appear in rules.debug.

Associated revisions

Revision 4f1bf902 (diff)
Added by Chris Buechler about 4 years ago

Check whether the P2 or its associated P1 are disabled before adding NAT
rules. Ticket #5320

Revision 0b84a5a6 (diff)
Added by Chris Buechler about 4 years ago

Check whether the P2 or its associated P1 are disabled before adding NAT
rules. Ticket #5320

History

#1 Updated by Jim Pingle about 4 years ago

It appears the code in filter.inc is not checking for a disabled P1 or P2 when creating the NAT rules:

https://redmine.pfsense.org/projects/pfsense/repository/entry/etc/inc/filter.inc?rev=RELENG_2_2#L1794

#2 Updated by Jim Pingle about 4 years ago

  • Category set to Rules / NAT
  • Status changed from New to Confirmed
  • Affected Version set to 2.2.x
  • Affected Architecture set to All

#3 Updated by Chris Buechler about 4 years ago

  • Status changed from Confirmed to Feedback
  • Affected Version changed from 2.2.x to All

should be good

#4 Updated by Chris Buechler about 4 years ago

  • Status changed from Feedback to Resolved
  • Assignee set to Chris Buechler

fixed

Also available in: Atom PDF