Project

General

Profile

Actions

Feature #8635

closed

"Remote/local subnets" in routed IPsec renaming

Added by Vladimir Lind over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
07/10/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Naming of the "Remote/local subnets" labels looks not to be appropriate.

According to this link - https://www.netgate.com/docs/pfsense/vpn/ipsec/ipsec-routed.html

Create a Phase 2 entry under this Phase 1, set with…
Set Mode to Routed (VTI)
Set Local Network to Network - # If Network is preferred and probably the only logical choice here - why not to remove this dropdown menu?
Enter 10.6.106.1/30 for the Local Network Address - # This statement in fact sets VTI IP address and mask
Enter 10.6.106.2 for the Remote Network Address - # This statement in fact set's VTI gateway IP address (IP address of the remote VTI)

I would propose to change "Local Network Address" label to something like "VTI IP address and mask" and "Remote Network Address" to "VTI gateway IP address" or "remote VTI IP address"

Current labels might easily confuse and make think about networks that should be interconnected by routed IPsec.


Files

02-08-2018_22_21_01.png (33.7 KB) 02-08-2018_22_21_01.png Routed (VTI) Anonymous, 08/02/2018 09:23 PM
02-08-2018_22_21_19.png (42 KB) 02-08-2018_22_21_19.png Tunnel IPv4 Anonymous, 08/02/2018 09:23 PM
Actions #1

Updated by Jim Pingle over 6 years ago

  • Assignee set to Jim Pingle

"Network" is what I know works and works best, but address should also work in some cases for a point-to-point interface that doesn't share a subnet on either side.

I had experimented with disabling or removing the drop-down but decided to leave it alone.

I'll look into dynamically changing the field labels.

Actions #2

Updated by Jim Pingle over 6 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Anonymous over 6 years ago

On 2.4.4.a.20180802.1755 (gitsync'd to master):

Selecting Mode Tunnel IPv4/IPv6 presents the following message below Remote Network - "Remote network component of this IPsec security association."

Selecting Mode Routed (VTI) presents the following message below Remote Network - "Local point-to-point IPsec interface tunnel network address." and changes the Local Network to Network with an address field and /30 subnet. The Remote Network becomes type Address (cannot change) with an address field and the subnet cannot be changed/set.

Screenshots of each mode attached.

Actions #4

Updated by Jim Pingle over 6 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF