OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: 8191 on December 04, 2015, 08:33:09 pm

Title: Column missmatch in IPsec tunnel settings?
Post by: 8191 on December 04, 2015, 08:33:09 pm

The IPsec tunnel settings (see attachment) has six columns for each P1 entry: IKE, Remote Gateway, Mode, P1 Protocol, P1 Transforms, and P1 Description. I don't understand the columns P1 Protocol and P1 Transforms:
The P1 Protocol column shows the P1 encryption algorithm, why the name P1 Protocol? The column P1 Transforms should show the P1 authenticity algorithm (but currently it does not show it, I guess due to a bug (https://github.com/opnsense/core/commit/2720f74fccfdf354715f4b84c76b55c5ed0044d3#commitcomment-14794674)?), but typically I know the term proposal as a combination of all cryptographic algorithms and settings, so I personally would expect e.g. "AES (128 bits), SHA-256" in the P1 Proposal column.

Maybe the P1 Protocol column should show something regarding the chose key material, like PSK or RSA? But then, still a better name should be chosen... ;)

Title: Re: Column missmatch in IPsec tunnel settings?
Post by: franco on January 10, 2016, 10:21:34 pm

Hi Manuel, I saw this, is this still relevant and/or already present in the issue tracker on GitHub?

Title: Re: Column missmatch in IPsec tunnel settings?
Post by: 8191 on January 10, 2016, 11:14:17 pm

Hi Franco,

Current it's still implemented like described above. I'll create a PR to address it.

BR,
Manuel

Title: Re: Column missmatch in IPsec tunnel settings?
Post by: franco on January 11, 2016, 07:26:16 am

Super, thanks. :)