Bug #8691
closed
It is possible to disable an IPsec P1 that has a VTI child P2
0%
Description
I created Routed (VTI) IPsec between two pfSense with 2.4.4-DEV. When tunnel was established, I assigned IPsec interface (ipsec_interface_assigned_pf1.png).
When Routed (VTI) IPsec is UP I can't change its mode - I saw this message when I tried "Cannot switch away from VTI while the interface is assigned. Remove the interface assignment before switching away from VTI."
but when I disable IPsec tunnel, I was able to change "Routed (VTI)" mode to "Tunnel IPv4" and apply this new mode without any error message (ipsec_after_mode_changing_pf1.png). But now into Interfaces/Interface Assignments I see instead IPsec interface that my WAN interface was duplicated (ipsec_interface_assigned_pf1_WAN_issue.png). And I was able to Enable my IPsec tunnel without any error.
Files
Updated by Jim Pingle almost 6 years ago
- Subject changed from WAN interface was duplicated after changing IPsec mode from "Routed (VTI) to "Tunnel IPv4" to It is possible to disable an IPsec P1 that has a VTI child P2
- Category set to IPsec
- Status changed from New to Duplicate
- Assignee set to Jim Pingle
- Affected Version set to 2.4.4
- Affected Architecture All added
- Affected Architecture deleted (
)
The "duplication" isn't really that, it's just a side effect of you having removed the ipsecX interface and it isn't available for assignment, so it defaults to the first thing in the list.
The only problem here is that you were able to disable an IPsec P1 that has a VTI child P2.
This is really issue #8674 just a different way to hit it.