Project

General

Profile

Feature #946

Allow aliases to be used to define IPsec phase 2 networks

Added by Jim Pingle almost 7 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Category:
IPsec
Target version:
Start date:
10/12/2010
Due date:
% Done:

0%


Description

Eventually it would be nice to allow using aliases on the IPsec phase 2 definition screen for local and remote networks. It would be an easy and clean way to avoid having to manually make many entries that are identical except for the subnet definitions.

The GUI code would just need to add the alias autcomplete mechanism to the "Address" field, perhaps either by sharing the "Network" choice in type, so it would be "Network or alias", or use a choice for just "Alias". We might need to restrict it to host and network alias types. The backend would just need to generate the appropriate pairings of phase 2 declarations in racoon.conf, matching each entry in the local alias/network to an entry in the remote alias/network.

Associated revisions

Revision e71b0e9a
Added by krion over 13 years ago

- correct report of available cache memory for cache sizes >2GB
in cache.log (squid bug #570)
- correct the least-load store directory selection algorithm
for the cache directories using the "ufs" storage scheme (squid bug #676)
- correct the type of the cacheCurrentUnlinkRequests SNMP variable
(squid bug #946)
- include client IP addresses in debug output (squid bug #948)
- correct the HTML doctype for autogenerated FTP directory listings
(squid bug #969)
- if no resolv.conf is present the dns_servers variable now defaults
to 127.0.0.1 (squid bug #991)
- update the documentation of the MSNT basic authentication helper
(squid bug #717)

PR: ports/67495
Submitted by: maintainer

History

#1 Updated by Ermal Luçi about 3 years ago

  • Target version changed from Future to 2.3

This is possible to implement easily now that strongswan is used.

#2 Updated by Jim Thompson over 2 years ago

  • Assignee set to Ermal Luçi

#3 Updated by Jim Thompson about 2 years ago

  • Assignee changed from Ermal Luçi to Renato Botelho

reassign.

#4 Updated by Chris Buechler almost 2 years ago

  • Target version changed from 2.3 to Future

#5 Updated by Grzegorz Sliwa over 1 year ago

It will be great see it in next release of pfSense.
Today I must create ~100 tunnels phase 2.
I had to create 5 my internal networks to external subnets.... and I must do it one by one.
With aliases I could create alias: my_local_network for example and route it all to external subnets much easier.

Also available in: Atom PDF