SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
Anonymous | Login | 2019-12-08 13:40 UTC | ![]() |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0001900 | Endian Firewall | GUI | public | 2009-05-26 11:50 | 2010-05-26 17:19 | ||||
Reporter | kevsworld | ||||||||
Assigned To | |||||||||
Priority | normal | Severity | major | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 2.2-rc3 | ||||||||
Target Version | 2.4 | Fixed in Version | |||||||
Summary | 0001900: GUI in ipsec always defaults the dns name provided by the ISP | ||||||||
Description | This issue has already been reported in 0001424 but I believe it more serious than reported originally. GUI should not overwrite changes input - it guess its ok to suggest a default entry but this has to be changeable. Even modifying the ipsec.conf file is no good cause as soon as you use the GUI again it overwrites the custom entries. Any chance of a patch for this cause it is stopping me from using ipsec? | ||||||||
Additional Information | jzdrzalek = "When reloading /cgi-bin/vpnmain.cgi, vpnmain.cgi rewrites VPN_IP Field (Local VPN hostname/IP) with the hostname resolved by DNS PTR-Record. VPN_IP is used later by the ipsec.conf.tmpl to fill two fields in ipsec.conf: left and leftid. There is no problem with "left", as long as DNS forward lookup resolves back to the ip. But if not it leads to problems. One have to check that A and PTR resolves to same host. PTR is set by the ISP. One can then set the A record to that name. It is also sufficient to set it up on the firewall. Regarding "leftid" it depends on what kind of ipsec authentication one use. In case of x509 peers are identified by certificats, but if using PSK leftid is used. Leftid cannot then be arbitrarily changed. Usually one defines leftid to be IPV4 adress." | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
![]() |
||||||
|
![]() |
|
(0004267) christian-endian (administrator) 2010-05-26 17:19 |
in 2.4 the uplink can be selected for each connection which solves this issue |
![]() |
|||
Date Modified | Username | Field | Change |
2009-05-26 11:50 | kevsworld | New Issue | |
2009-06-10 13:10 | peter-endian | Relationship added | child of 0001935 |
2010-01-21 18:03 | peter-endian | Target Version | => codename: angry armadillo |
2010-01-21 18:04 | peter-endian | Status | new => acknowledged |
2010-05-26 17:19 | christian-endian | Note Added: 0004267 | |
2010-05-26 17:19 | christian-endian | Status | acknowledged => closed |
2010-05-26 17:19 | christian-endian | Resolution | open => fixed |
Copyright © 2000 - 2012 MantisBT Group |