Describe the bug
Currently the API validate the "remote gateway" in correlation to "internet protocol" (fqdn is only allowed if both protocols are enabled, error 2169).
https://github.com/jaredhendrickson13/pfsense-api/blob/a2d0d3cf7c7d921a1896f0a8be741f241dab5607/pfSense-pkg-API/files/etc/inc/api/models/APIServicesIPsecPhase1Update.inc#L248
What is the motivation for this validation? In my view pfsense does not have such a limitation.
I have many ipsec vpns running with fqdn as remote gateway and only ip4 as internet protocol.
To Reproduce
`
IKEU="{"ikeid":"1","iketype":"ikev2","interface":"wan","remote-gateway":"remote.mydom.com","protocol":"inet","myid_type":"asn1dn","myid_data":"CN=myid.mydom.com","peerid_type":"asn1dn","peerid_data":"CN=remote.mydom.com","encryption":{"item":[{"encryption-algorithm":{"name":"aes256gcm","keylen":"128"},"hash-algorithm":"sha512","prf-algorithm":"sha1","dhgroup":"16"}]},"lifetime":"28800","rekey_time":"","reauth_time":"","rand_time":"","pre-shared-key":"","private-key":"","certref":"61c2d5e94e2a1","pkcs11certref":"","pkcs11pin":"","caref":"5d2f68c93892b","authentication_method":"cert","descr":"my - remote","nat_traversal":"on","mobike":"off","startaction":"","closeaction":"","dpd_delay":"10","dpd_maxfail":"5"}"
curl -s -H "Authorization: Bearer ${JWT}" -X PUT -d "${IKEU}" "${PFSENSE_URL}/api/v1/services/ipsec/phase1"
{"status":"bad request","code":400,"return":2169,"message":"IPsec remote gateway cannot be a hostname unless protocol is set to 'both'","data":[]}
`
Expected behavior
Update the phase 1 object remote gateway independent of the protocol setting.
Screenshots or Response
na
pfSense Version & Package Version:
- pfSense Version: [pfSense 2.7.0]
- Package Version [v1.6.0]
Affected Endpoints:
- URL: /api/v1/services/ipsec/phase1
Additional context
Describe the bug
Currently the API validate the "remote gateway" in correlation to "internet protocol" (fqdn is only allowed if both protocols are enabled, error 2169).
https://github.com/jaredhendrickson13/pfsense-api/blob/a2d0d3cf7c7d921a1896f0a8be741f241dab5607/pfSense-pkg-API/files/etc/inc/api/models/APIServicesIPsecPhase1Update.inc#L248
What is the motivation for this validation? In my view pfsense does not have such a limitation.
I have many ipsec vpns running with fqdn as remote gateway and only ip4 as internet protocol.
To Reproduce
`
IKEU="{"ikeid":"1","iketype":"ikev2","interface":"wan","remote-gateway":"remote.mydom.com","protocol":"inet","myid_type":"asn1dn","myid_data":"CN=myid.mydom.com","peerid_type":"asn1dn","peerid_data":"CN=remote.mydom.com","encryption":{"item":[{"encryption-algorithm":{"name":"aes256gcm","keylen":"128"},"hash-algorithm":"sha512","prf-algorithm":"sha1","dhgroup":"16"}]},"lifetime":"28800","rekey_time":"","reauth_time":"","rand_time":"","pre-shared-key":"","private-key":"","certref":"61c2d5e94e2a1","pkcs11certref":"","pkcs11pin":"","caref":"5d2f68c93892b","authentication_method":"cert","descr":"my - remote","nat_traversal":"on","mobike":"off","startaction":"","closeaction":"","dpd_delay":"10","dpd_maxfail":"5"}"
curl -s -H "Authorization: Bearer ${JWT}" -X PUT -d "${IKEU}" "${PFSENSE_URL}/api/v1/services/ipsec/phase1"
{"status":"bad request","code":400,"return":2169,"message":"IPsec remote gateway cannot be a hostname unless protocol is set to 'both'","data":[]}
`
Expected behavior
Update the phase 1 object remote gateway independent of the protocol setting.
Screenshots or Response
na
pfSense Version & Package Version:
Affected Endpoints:
Additional context