"
Thanks Franco,
i'll will check/test.
Apply changes works now - Perfect!
Best regards from Merseburg ;)
i'll will check/test.
Apply changes works now - Perfect!
Best regards from Merseburg ;)
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
25.1, 25.4 Production Series / Re: Permission 'VPN: IPsec: Edit Pre-Shared Keys' not working as expected
April 11, 2025, 09:41:29 AM #2
25.1, 25.4 Production Series / Re: Permission 'VPN: IPsec: Edit Pre-Shared Keys' not working as expected
April 11, 2025, 01:57:33 AM
Hi again,
i think i hit another one ...
my limited user is not able to apply changes after a new connection is created or an existing is modified.
the relevant api endpoint seems to be `api/ipsec/service/reconfigure` but there is no ACL for that at all.
imho that should/could be added to the `VPN: IPsec: Connections` permission.
What do you think?!
PS: is there a cli command to reload the ACLs after manual modification - atm i just restart the system.
i think i hit another one ...
my limited user is not able to apply changes after a new connection is created or an existing is modified.
the relevant api endpoint seems to be `api/ipsec/service/reconfigure` but there is no ACL for that at all.
imho that should/could be added to the `VPN: IPsec: Connections` permission.
What do you think?!
PS: is there a cli command to reload the ACLs after manual modification - atm i just restart the system.
#3
25.1, 25.4 Production Series / Permission 'VPN: IPsec: Edit Pre-Shared Keys' not working as expected
March 28, 2025, 10:42:07 AM
Hi there,
i want to allow a limited user to just setup ipsec tunnels.
The permission to edit Pre-Shared-Keys is granted, but the menu item is missing.
using the direct link (ui/ipsec/pre_shared_keys/) is not working, the user is redirected to the dashboard.
If i remove the trailing slash an empty pages shows up, but no existing keys are shown or new keys could be setup.
after searching in the forums i found an hint that there could be an issue with the ACLs.
So i modified the relating ACL.xml to match with the urls involved to resolve this problem - but my changes got killed by the last update :(
IPSec/ACL/ACL.xml
vs. url in the menu with trailing slash
IPsec/Menu/Menu.xml
my changes
Maybe this behavior is related to outstanding changes regarding old MVC (https://github.com/opnsense/core/issues/8306#issuecomment-2649006697)
Thanks in advance!
i want to allow a limited user to just setup ipsec tunnels.
The permission to edit Pre-Shared-Keys is granted, but the menu item is missing.
using the direct link (ui/ipsec/pre_shared_keys/) is not working, the user is redirected to the dashboard.
If i remove the trailing slash an empty pages shows up, but no existing keys are shown or new keys could be setup.
after searching in the forums i found an hint that there could be an issue with the ACLs.
So i modified the relating ACL.xml to match with the urls involved to resolve this problem - but my changes got killed by the last update :(
IPSec/ACL/ACL.xml
Code Select
<name>VPN: IPsec: Edit Pre-Shared Keys</name>
<patterns>
<pattern>ui/ipsec/pre_shared_keys</pattern>
<pattern>api/ipsec/pre_shared_keys</pattern>
</patterns>
vs. url in the menu with trailing slash
IPsec/Menu/Menu.xml
Code Select
<Keys order="30" VisibleName="Pre-Shared Keys" url="/ui/ipsec/pre_shared_keys/"/>
<KeyPairs order="40" VisibleName="Key Pairs" url="/ui/ipsec/key_pairs" />
<Settings order="50" VisibleName="Mobile & Advanced Settings" url="/ui/ipsec/connections/settings"/>
<Status order="60" VisibleName="Status Overview" url="/ui/ipsec/sessions"/>
my changes
Code Select
<name>VPN: IPsec: Edit Pre-Shared Keys</name>
<patterns>
<pattern>ui/ipsec/pre_shared_keys/*</pattern>
<pattern>api/ipsec/pre_shared_keys/*</pattern>
</patterns>
Maybe this behavior is related to outstanding changes regarding old MVC (https://github.com/opnsense/core/issues/8306#issuecomment-2649006697)
Thanks in advance!
Pages1
