Describe the bug
When adding an IPsec P1, using a carp VIP is not supported, only fixed interfaces. This is the error:
message: Field `interface` must be one of [wan, lan, opt1, opt2, opt3, opt4, opt5, opt6]
This worked in v1 of the API, we noticed when migrating calls to v2.
To Reproduce
Steps to reproduce the behavior:
Add a phase 1 VPN (/api/v2/vpn/ipsec/phase1) using the identifier of a CARP VIP (_vip) in the interface field.
This is an example call:
body:
apply: false
authentication_method: pre_shared_key
descr: S2S-TEST
disabled: false
dpd_delay: 10
dpd_enable: enable
dpd_maxfail: 5
encryption:
item:
- dhgroup: '20'
encryption-algorithm:
keylen: '256'
name: aes
hash-algorithm: sha512
prf-algorithm: sha512
gw_duplicates: false
ikeport: 500
iketype: ikev2
interface: _vip68d40168c2591
lifetime: 86400
mobike: false
myid_type: myaddress
nattport: 4500
nattraversal: 'on'
peerid_type: peeraddress
pre-shared-key: 2u2nYsApKHBGhfFfwf6SJhQepaAC3E6IhzTgeaaRkEDQplW7ajGlXRy1
prfselect_enable: false
protocol: inet
remote-gateway: 1.1.1.1
splitconn: false
Expected behavior
When having a cluster using CARP, using the CARP VIP is needed as local VPN endpoint to allow it to failover.
pfSense Version & Package Version:
- pfSense Version: 2.8.1
- Package Version 2.6.2
Affected Endpoints:
- URL: /api/v2/vpn/ipsec/phase1
Additional context
Add any other context about the problem here.
Describe the bug
When adding an IPsec P1, using a carp VIP is not supported, only fixed interfaces. This is the error:
This worked in v1 of the API, we noticed when migrating calls to v2.
To Reproduce
Steps to reproduce the behavior:
Add a phase 1 VPN (/api/v2/vpn/ipsec/phase1) using the identifier of a CARP VIP (_vip) in the interface field.
This is an example call:
Expected behavior
When having a cluster using CARP, using the CARP VIP is needed as local VPN endpoint to allow it to failover.
pfSense Version & Package Version:
Affected Endpoints:
Additional context
Add any other context about the problem here.