Project

General

Profile

Actions
Copy link

Feature #6150

closed

Named IPSec entries

Added by Keith Milner about 8 years ago. Updated almost 3 years ago.

Status:
Rejected
Priority:
Low
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
04/14/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

The StrongSWAN package that the pfSense IPSec implementation is based on supports naming of IPSec Phase 1 connection entries as part of their configuration.

E.g.:

conn myVpn1
....

At present pfSense does not allow the names used for IPSec connections to be configured and, instead, generates internal names such as "con2000". It would be useful to allow the user to define their own names for these for the following reasons:

1. Monitoring the status of the IPSec connection within the command line using "ipsec status" would be easier.

2. Using Syslog to monitor the state of specific IPSec VPNs within network management tools would be easier as the tool can reference the user-supplied VPN name rather than some random and difficult to find system-generated name.

This capability is already present within StrongSwan. It seems it would require GUI changes as well as some changes to the configuration file and associated libraries.

Actions
Copy link
 #1

Updated by Jim Thompson about 8 years ago

  • Assignee set to Marc Dye
Actions
Copy link
 #2

Updated by Renato Botelho over 7 years ago

  • Assignee deleted (Marc Dye)
Actions
Copy link
 #3

Updated by Jim Pingle almost 3 years ago

  • Status changed from New to Rejected

Using custom names will cause more problems than it solves.

I'm in the process of doing some work on IPsec which will make the connection names more logical and predictable, so it will be easier to match things up.

Actions
Copy link

Also available in: Atom PDF