11342 questions

13519 answers

21178 comments

31678 members

0 votes
36 views 1 comments
by
Hello,

%dynamic is not allowed in IPSEC General Settings->Local subnet, the UI pretends that the value is invalid. Setting list local_subnet '%dynamic' directly in /etc/config/ipsec gives the desired result ie the SA are built the tunnel works but nothing can be saved from the UI after that.

Edit: found acceptable workaround: removing the local_subnet variable or leaving the field empty in the UI.

Regards,

1 Answer

0 votes
by
Hello,

This is just from string validation on the WebUI as this is quite a rare thing to do.
by
Agree with the string valiadation point, however %dynamic clearly marks the intention counting on some lazy interpretation of an absent or empty field doesn't. A combination of %config(4,6,) and %dynamic enables a single configuration location for a server with many clients in the wild.