Feature #8635
closed"Remote/local subnets" in routed IPsec renaming
100%
Description
Naming of the "Remote/local subnets" labels looks not to be appropriate.
According to this link - https://www.netgate.com/docs/pfsense/vpn/ipsec/ipsec-routed.html
Create a Phase 2 entry under this Phase 1, set with…
Set Mode to Routed (VTI)
Set Local Network to Network - # If Network is preferred and probably the only logical choice here - why not to remove this dropdown menu?
Enter 10.6.106.1/30 for the Local Network Address - # This statement in fact sets VTI IP address and mask
Enter 10.6.106.2 for the Remote Network Address - # This statement in fact set's VTI gateway IP address (IP address of the remote VTI)
I would propose to change "Local Network Address" label to something like "VTI IP address and mask" and "Remote Network Address" to "VTI gateway IP address" or "remote VTI IP address"
Current labels might easily confuse and make think about networks that should be interconnected by routed IPsec.
Files
Updated by Jim Pingle over 6 years ago
- Assignee set to Jim Pingle
"Network" is what I know works and works best, but address should also work in some cases for a point-to-point interface that doesn't share a subnet on either side.
I had experimented with disabling or removing the drop-down but decided to leave it alone.
I'll look into dynamically changing the field labels.
Updated by Jim Pingle over 6 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 1d1a5f1bcf3dbe494af50188638cbe3e07722d47.
Updated by Anonymous over 6 years ago
- File 02-08-2018_22_21_01.png 02-08-2018_22_21_01.png added
- File 02-08-2018_22_21_19.png 02-08-2018_22_21_19.png added
On 2.4.4.a.20180802.1755 (gitsync'd to master):
Selecting Mode Tunnel IPv4/IPv6 presents the following message below Remote Network - "Remote network component of this IPsec security association."
Selecting Mode Routed (VTI) presents the following message below Remote Network - "Local point-to-point IPsec interface tunnel network address." and changes the Local Network to Network with an address field and /30 subnet. The Remote Network becomes type Address (cannot change) with an address field and the subnet cannot be changed/set.
Screenshots of each mode attached.