Project

General

Profile

Actions

Bug #6476

closed

Editing an IPSec phase 2 entry fails

Added by Waldo Nell over 8 years ago. Updated over 8 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
06/09/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
amd64

Description

I just set up an IPSec site to site bridge between two pfSense machines. It worked perfectly. However, editing the phase 2 entry on the one endpoint produces this error (even when I make no changes, just save what is already there):

Invalid Local Network. LAN has no subnet.

Local network is selected as LAN subnet.

Changing Local network from LAN subnet to Network and entering the same network and subnet mask seems to work, therefore this looks to be a UI validation bug.

Actions #1

Updated by Waldo Nell over 8 years ago

Priority can be changed to medium

Actions #2

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Feedback
  • Priority changed from High to Normal

guessing your LAN is set to IPv4 "none"?

Actions #3

Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Not a Bug
  • Affected Version deleted (2.3.1)

Either get_interface_ip or get_interface_subnet has to return empty for that to happen. The only way either of those happens is if you don't have an IP on the interface in question. Which is the correct behavior in that circumstance.

Actions #4

Updated by Waldo Nell over 8 years ago

Chris Buechler wrote:

guessing your LAN is set to IPv4 "none"?

Yes - IPv4 and no IPv6.

Actions #5

Updated by Waldo Nell over 8 years ago

Chris Buechler wrote:

Either get_interface_ip or get_interface_subnet has to return empty for that to happen. The only way either of those happens is if you don't have an IP on the interface in question. Which is the correct behavior in that circumstance.

I do. It is set to static IP, with an IP. The LAN interface is definitely working fine.

Actions #6

Updated by Chris Buechler over 8 years ago

go to Diag>Command, in PHP Commands box, paste in:

var_dump(get_interface_ip("lan"));
var_dump(get_interface_subnet("lan"));

and hit Execute, what's the response?

Actions #7

Updated by Waldo Nell over 8 years ago

Chris Buechler wrote:

go to Diag>Command, in PHP Commands box, paste in:

[...]

and hit Execute, what's the response?

string(10) "10.200.1.1"
int(16)

Actions #8

Updated by Chris Buechler over 8 years ago

Waldo Nell wrote:

string(10) "10.200.1.1"
int(16)

that's correct, and exactly what it's checking for there. That check would be successful for LAN on this page.

Actions

Also available in: Atom PDF