SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001900: GUI in ipsec always defaults the dns name provided by the ISP - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001900Endian FirewallGUIpublic2009-05-26 11:502010-05-26 17:19
Reporterkevsworld 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-rc3 
Target Version2.4Fixed in Version 
Summary0001900: GUI in ipsec always defaults the dns name provided by the ISP
DescriptionThis issue has already been reported in 0001424 but I believe it more serious than reported originally.

GUI should not overwrite changes input - it guess its ok to suggest a default entry but this has to be changeable. Even modifying the ipsec.conf file is no good cause as soon as you use the GUI again it overwrites the custom entries.

Any chance of a patch for this cause it is stopping me from using ipsec?
Additional Informationjzdrzalek = "When reloading /cgi-bin/vpnmain.cgi, vpnmain.cgi rewrites VPN_IP Field (Local VPN hostname/IP) with the hostname resolved by DNS PTR-Record. VPN_IP is used later by the ipsec.conf.tmpl to fill two fields in ipsec.conf: left and leftid. There is no problem with "left", as long as DNS forward lookup resolves back to the ip.
But if not it leads to problems. One have to check that A and PTR resolves to same host. PTR is set by the ISP. One can then set the A record to that name. It is also sufficient to set it up on the firewall.
Regarding "leftid" it depends on what kind of ipsec authentication one use. In case of x509 peers are identified by certificats, but if using PSK leftid is used.
Leftid cannot then be arbitrarily changed. Usually one defines leftid to be IPV4 adress."
TagsNo tags attached.
Attached Files

- Relationships
child of 0001935confirmedpeter-endian issues to fix with ipsec (openswan) 

-  Notes
(0004267)
christian-endian (administrator)
2010-05-26 17:19

in 2.4 the uplink can be selected for each connection which solves this issue

- Issue History
Date Modified Username Field Change
2009-05-26 11:50 kevsworld New Issue
2009-06-10 13:10 peter-endian Relationship added child of 0001935
2010-01-21 18:03 peter-endian Target Version => codename: angry armadillo
2010-01-21 18:04 peter-endian Status new => acknowledged
2010-05-26 17:19 christian-endian Note Added: 0004267
2010-05-26 17:19 christian-endian Status acknowledged => closed
2010-05-26 17:19 christian-endian Resolution open => fixed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker